TechSpot

Windows Start Up

By marinkvasina
Jan 2, 2011
  1. I have windows xp3 and Kaspersky PURE . And i was surfing the net and i noticed that my AV was off. I turned it on and it found and virus (don't know name) and it tryed to delete it. But after the process was done it had to restart my PC. And after that when i boot my PC, and get to the loading screen
    when its done loading i get a black then blue and again black screen. And my PC is restarted again?

    Any help?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Did you try Safe Mode, Last Known Good Configuration?
     
  3. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    thank u i love the site
    and yea i tried both
    still same thing
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  5. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    Please download OTLPE (filesize 120,9 MB)

    * When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

    um i don't really get this part
    im on my laptop not my PC
    is it okay if i download here(laptop) and double click it? ill do it when i get the CD in the morning
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Yes, you can create that CD on any computer.
     
  7. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    Delete this post if u can
    i just said the file didn't work because the download failed at some point.
     
  8. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    TO shorten the story:
    i've re downloaded and ran it
    I've booted my PC with the CD
    and i've transfered the log and here it is
     

    Attached Files:

    • OTL.Txt
      File size:
      71.1 KB
      Views:
      1
  9. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe forum's rules - all logs have to be pasted in.

    OTL logfile created on: 1/3/2011 12:18:42 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

    1,022.00 Mb Total Physical Memory | 817.00 Mb Available Physical Memory | 80.00% Memory free
    906.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2000 2700 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.15 Gb Total Space | 5.20 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/03/18 09:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 06:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 06:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2009/12/25 09:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
    SRV - [2009/12/21 10:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
    SRV - [2005/01/14 02:32:38 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [File_System | On_Demand] -- -- (StarOpen)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\M@RyN\LOCALS~1\Temp\PZQ77.tmp -- (GarenaPEngine)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/10/30 11:38:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/08/23 05:36:17 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2010/04/30 03:56:24 | 006,032,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/04/03 23:55:30 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010/02/26 08:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 08:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 08:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 08:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/02/03 08:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009/12/14 05:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\CSCrySec.sys -- (CSCrySec)
    DRV - [2009/12/14 05:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
    DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/10/14 13:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\klbg.sys -- (KLBG)
    DRV - [2009/10/02 11:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/09/14 06:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2009/09/01 07:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
    DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 18:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/06/14 00:56:00 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
    DRV - [2005/04/08 03:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
    DRV - [2002/10/03 21:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/12/19 04:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\korisnik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
    IE - HKU\korisnik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\M@RyN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15446&l=dis
    IE - HKU\M@RyN_ON_C\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
    IE - HKU\M@RyN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 16:15:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 02:04:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2010/08/23 05:37:48 | 000,000,000 | ---D | M]

    [2010/07/28 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\korisnik\Application Data\Mozilla\Extensions
    [2010/07/28 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\korisnik\Application Data\Mozilla\Firefox\Profiles\lbc7uq4c.default\extensions
    [2011/01/01 03:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/08 16:30:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/07/30 11:19:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/23 05:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010/07/30 11:19:41 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/09/18 13:45:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/09/18 13:45:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/09/18 13:45:29 | 000,000,786 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eudict.xml
    [2010/09/18 13:45:29 | 000,001,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-hr.xml

    O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\korisnik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\M@RyN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/28 10:48:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\AutoRun\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\explore\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\Install\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\open\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/31 13:52:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\M@RyN\Recent
    [2010/12/30 15:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Apowersoft
    [2010/12/30 06:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Desktop\Pro Scores - Zemog original
    [2010/12/30 06:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\Conduit
    [2010/12/30 06:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/12/30 06:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\BitTorrentBar
    [2010/12/30 06:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\ConduitEngine
    [2010/12/30 06:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
    [2010/12/30 06:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
    [2010/12/30 06:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\Temp
    [2010/12/30 04:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/12/30 03:56:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/12/30 03:18:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
    [2010/12/30 03:17:45 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
    [2010/12/30 03:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Nokia
    [2010/12/30 03:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\PC Suite
    [2010/12/30 03:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/12/30 03:15:37 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
    [2010/12/30 03:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
    [2010/12/30 03:15:07 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
    [2010/12/30 03:15:06 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
    [2010/12/30 03:15:05 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
    [2010/12/30 03:15:01 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
    [2010/12/30 03:15:01 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
    [2010/12/30 03:15:01 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
    [2010/12/30 03:14:49 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
    [2010/12/30 03:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
    [2010/12/30 03:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Desktop\Kvasac Productions
    [2010/12/29 04:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\gctmp
    [2010/12/29 04:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\Xenocode
    [2010/12/29 04:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
    [2010/12/28 05:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Desktop\New Folder
    [2010/12/24 03:15:44 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
    [2010/12/18 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Desktop\Guild
    [2010/12/18 11:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2010/12/17 10:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Canneverbe Limited
    [2010/12/17 09:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Nero
    [2010/12/16 15:34:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\M@RyN\My Documents\My Music
    [2010/12/16 15:06:19 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.backup
    [2010/12/16 00:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\Stardock
    [2010/12/16 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
    [2010/12/16 00:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\PackageAware
    [2010/12/11 09:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Ubisoft
    [2010/12/11 09:04:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
    [2010/12/11 09:04:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
    [2010/12/11 09:04:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
    [2010/12/11 09:04:32 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
    [2010/12/11 09:04:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
    [2010/12/11 09:04:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
    [2010/12/11 09:04:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
    [2010/12/11 09:04:23 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
    [2010/12/11 09:04:23 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
    [2010/12/11 09:04:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
    [2010/12/11 09:04:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
    [2010/12/11 09:04:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
    [2010/12/11 09:04:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
    [2010/12/11 09:04:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
    [2010/12/11 09:04:10 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
    [2010/12/11 09:04:10 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
    [2010/12/11 09:04:06 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
    [2010/12/11 09:04:03 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
    [2010/12/11 09:04:03 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
    [2010/12/11 09:04:02 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
    [2010/12/11 09:04:00 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
    [2010/12/11 09:03:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
    [2010/12/11 09:03:38 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
    [2010/12/11 09:03:38 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
    [2010/12/11 09:03:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
    [2010/12/11 09:03:36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
    [2010/12/11 09:03:35 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
    [2010/12/11 09:03:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
    [2010/12/11 09:03:33 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
    [2010/12/11 09:03:32 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
    [2010/12/11 09:03:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
    [2010/12/11 09:03:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
    [2010/12/11 09:03:28 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
    [2010/12/11 09:03:28 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
    [2010/12/11 09:03:28 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
    [2010/12/11 09:03:27 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
    [2010/12/11 09:03:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
    [2010/12/11 09:03:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
    [2010/12/11 09:03:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
    [2010/12/11 09:03:21 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
    [2010/12/11 09:03:20 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
    [2010/12/11 09:03:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
    [2010/12/11 09:03:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
    [2010/12/08 16:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\skypePM
    [2010/12/08 16:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/12/08 16:27:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/12/08 16:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\Skype
    [2010/12/08 15:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Desktop\Website
    [2010/12/04 15:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\My Documents\Any Video Converter
    [2010/12/04 15:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Application Data\AnvSoft
    [2010/12/04 15:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
    [2010/12/04 14:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\WMTools Downloaded Files
    [2010/12/04 14:57:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\M@RyN\My Documents\My Videos
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/02 07:41:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/01 08:44:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/01 06:00:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
    [2011/01/01 03:46:08 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/12/31 08:14:55 | 003,401,967 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Basshunter.mp3
    [2010/12/31 03:17:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/30 15:12:32 | 000,013,230 | -HS- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Folder.jpg
    [2010/12/30 15:12:32 | 000,013,230 | -HS- | M] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArt_{8EF4A629-0459-4C53-BF01-6AF5EBD12296}_Large.jpg
    [2010/12/30 15:12:32 | 000,003,065 | -HS- | M] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArtSmall.jpg
    [2010/12/30 15:12:32 | 000,003,065 | -HS- | M] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArt_{8EF4A629-0459-4C53-BF01-6AF5EBD12296}_Small.jpg
    [2010/12/30 03:17:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    [2010/12/30 03:17:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010/12/30 02:14:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/12/29 04:21:49 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Game Cam V2.lnk
    [2010/12/26 17:37:18 | 008,236,922 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Pitbull - Hey Baby (Drop It To The Floor) (feat. T-Pain).mp3
    [2010/12/24 03:15:44 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
    [2010/12/20 08:14:31 | 007,158,144 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Achievement Wh0re (Gigi & Nation).mp3
    [2010/12/17 09:10:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\M@RyN\Application Data\.NANotifyHere
    [2010/12/16 00:59:11 | 006,912,054 | ---- | M] () -- C:\WINDOWS\Think Green 1920x1200.bmp
    [2010/12/16 00:59:10 | 005,760,054 | ---- | M] () -- C:\WINDOWS\Think Green 1600x1200.bmp
    [2010/12/16 00:59:10 | 003,932,214 | ---- | M] () -- C:\WINDOWS\Think Green 1280x1024.bmp
    [2010/12/16 00:59:08 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Think Green 1024x768.bmp
    [2010/12/16 00:52:44 | 005,760,054 | ---- | M] () -- C:\WINDOWS\worldofwarcraft-1024.bmp
    [2010/12/08 16:31:32 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/12/08 00:55:29 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2010/12/08 00:55:29 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2010/12/05 10:36:47 | 003,861,602 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Christmas .mp3
    [2010/12/04 15:36:03 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\M@RyN\Desktop\Any Video Converter.lnk
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/30 15:12:32 | 000,013,230 | -HS- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Folder.jpg
    [2010/12/30 15:12:32 | 000,013,230 | -HS- | C] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArt_{8EF4A629-0459-4C53-BF01-6AF5EBD12296}_Large.jpg
    [2010/12/30 15:12:32 | 000,003,065 | -HS- | C] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArtSmall.jpg
    [2010/12/30 15:12:32 | 000,003,065 | -HS- | C] () -- C:\Documents and Settings\M@RyN\Desktop\AlbumArt_{8EF4A629-0459-4C53-BF01-6AF5EBD12296}_Small.jpg
    [2010/12/30 03:17:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    [2010/12/30 03:17:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010/12/29 16:13:44 | 003,401,967 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Basshunter.mp3
    [2010/12/29 04:21:49 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Game Cam V2.lnk
    [2010/12/26 17:35:35 | 008,236,922 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Pitbull - Hey Baby (Drop It To The Floor) (feat. T-Pain).mp3
    [2010/12/20 07:55:00 | 007,158,144 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Achievement Wh0re (Gigi & Nation).mp3
    [2010/12/17 09:10:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\M@RyN\Application Data\.NANotifyHere
    [2010/12/16 00:59:11 | 006,912,054 | ---- | C] () -- C:\WINDOWS\Think Green 1920x1200.bmp
    [2010/12/16 00:59:10 | 005,760,054 | ---- | C] () -- C:\WINDOWS\Think Green 1600x1200.bmp
    [2010/12/16 00:59:10 | 003,932,214 | ---- | C] () -- C:\WINDOWS\Think Green 1280x1024.bmp
    [2010/12/16 00:59:07 | 002,359,350 | ---- | C] () -- C:\WINDOWS\Think Green 1024x768.bmp
    [2010/12/16 00:52:44 | 005,760,054 | ---- | C] () -- C:\WINDOWS\worldofwarcraft-1024.bmp
    [2010/12/08 16:31:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/12/05 02:32:50 | 003,861,602 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Christmas .mp3
    [2010/12/04 15:36:03 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\M@RyN\Desktop\Any Video Converter.lnk
    [2010/11/24 10:38:20 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\M@RyN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/27 09:21:16 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\M@RyN\Application Data\PnkBstrK.sys
    [2010/09/02 10:04:55 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\M@RyN\mercurial.ini
    [2010/08/25 16:19:00 | 000,137,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/08/18 11:58:25 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/08/10 06:37:53 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
    [2010/07/30 10:34:06 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/07/28 12:36:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/07/28 12:33:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/07/28 12:32:57 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/07/28 12:32:57 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/07/28 12:32:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2010/07/28 12:21:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2010/07/09 14:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2009/06/09 03:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
    [2005/04/08 03:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
    [2005/01/25 08:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

    ========== LOP Check ==========

    [2010/07/28 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\korisnik\Application Data\MetaProducts
    [2010/12/04 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\AnvSoft
    [2010/12/30 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Apowersoft
    [2010/12/31 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\BitTorrent
    [2010/12/17 10:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Canneverbe Limited
    [2010/10/30 11:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\DAEMON Tools Lite
    [2010/11/22 08:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\LolClient
    [2010/11/17 16:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\NetMedia Providers
    [2010/12/30 03:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Nokia
    [2010/10/30 11:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Notepad++
    [2010/10/01 08:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Opera
    [2010/12/30 03:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\PC Suite
    [2010/12/30 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Publish Providers
    [2010/10/26 13:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\RayV
    [2010/12/30 04:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Sony
    [2010/09/12 05:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\SQLyog
    [2010/09/01 05:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Subversion
    [2010/11/24 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\TeamViewer
    [2010/12/11 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Ubisoft
    [2010/07/30 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Uniblue
    [2011/01/01 06:00:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job

    ========== Purity Check ==========


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    I don't really see much there, but let's give it a shot....

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    IE - HKU\M@RyN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15446&l=dis
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\AutoRun\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\explore\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\Install\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    O33 - MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\Shell\open\command - "" = E:\novamalena\\grudipovece.exe -- File not found
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2010/12/08 16:31:32 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/07/30 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M@RyN\Application Data\Uniblue
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
  11. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    Sorry about the last log

    I tried to boot windows normaly form Hard Disk but it still didn't work.

    Here is the new one:
    ========== OTL ==========
    HKU\M@RyN_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Think Green Weather.lnk moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    File E:\novamalena\\grudipovece.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    File E:\novamalena\\grudipovece.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    File E:\novamalena\\grudipovece.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781a083-9bdb-11df-922a-00c0df136fc6}\ not found.
    File E:\novamalena\\grudipovece.exe not found.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET102.tmp deleted successfully.
    C:\WINDOWS\System32\setb5.tmp deleted successfully.
    C:\WINDOWS\System32\SETF6.tmp deleted successfully.
    C:\WINDOWS\003067_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\system32\ezsidmv.dat moved successfully.
    C:\Documents and Settings\M@RyN\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Documents and Settings\M@RyN\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Documents and Settings\M@RyN\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Documents and Settings\M@RyN\Application Data\Uniblue\RegistryBooster folder moved successfully.
    C:\Documents and Settings\M@RyN\Application Data\Uniblue folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: korisnik
    ->Temp folder emptied: 422244376 bytes
    ->Temporary Internet Files folder emptied: 77460477 bytes
    ->Java cache emptied: 404474 bytes
    ->FireFox cache emptied: 117610610 bytes
    ->Flash cache emptied: 39745 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: M@RyN
    ->Temp folder emptied: 1632977 bytes
    ->Temporary Internet Files folder emptied: 38336941 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 113232561 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 6154 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

    Total Files Cleaned = 735.00 mb
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Yeah, I didn't see anything malicious in your log.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  13. marinkvasina

    marinkvasina TS Enthusiast Topic Starter Posts: 60

    thank you i guess.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You're welcome :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...