Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 KapaX

KapaX

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 18 May 2009 - 06:41 AM

Computer Boots very slowly and i got some error on the beggining with with CLI file. Computer after boots normaly just after windows automatic update runs. But turning off automatic updates doesn't do a thing.
Here I post the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:25, on 2009-05-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{64729B10-B10D-43F9-B98C-9B13513CA7FE}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 6008 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:12 AM

Posted 31 May 2009 - 02:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 June 2009 - 05:58 AM

Like I mentioned before the computer is still running slow I don't know what's happening. When I'm running task manager one if the processes is using whole memory about 99% but I'm unable to turn it off cause it's called Proces bezczynności in POlish Language in translation it should be something like free memory. I clead this computer using avast, Mks-vir online scaner, Ad Aware personal and registry cleaner and nothing worked so far.




DDS (Ver_09-05-14.01) - NTFSx86
Run by DJ KRIS In Da Mix at 12:56:38,79 on 2009-06-01
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.619 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090531-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\DialNet\WrOS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\dds.scr
C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.pl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Nowe Gadu-Gadu] "d:\program files\nowe gadu-gadu\gg.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [a-winpoet-service] "c:\program files\dialnet\winpppoverethernet.exe"
mRun: [<NO NAME>] "c:\progra~1\dialnet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
mRun: [z-WrDialer] c:\program files\dialnet\WrDialer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\djkris~1\daneap~1\mozilla\firefox\profiles\a0j1qmkx.default\
FF - prefs.js: browser.startup.homepage - google.pl

============= SERVICES / DRIVERS ===============

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-11-26 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-4 138680]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\drivers\WrKPoET2000.sys [2009-3-14 52214]
R3 FPD;Fine Point Packet Service;c:\windows\system32\drivers\fpd.sys [2009-5-8 30336]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-4-5 28672]
R3 WrKPoET2000;WrKPoET2000;c:\program files\dialnet\WrKPoET2000.sys [2009-5-8 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2009-3-14 65604]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-4 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-4 352920]

=============== Created Last 30 ================

2009-05-28 18:24 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\DAEMON Tools Lite
2009-05-28 18:24 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-05-28 18:24 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-05-28 18:21 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-28 18:20 <DIR> --d----- c:\docume~1\djkris~1\daneap~1\DAEMON Tools Lite
2009-05-26 21:43 0 a------- c:\windows\ativpsrm.bin
2009-05-26 21:27 <DIR> --d----- c:\program files\ATI
2009-05-26 21:19 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-26 21:18 <DIR> --d----- C:\ATI
2009-05-26 21:05 <DIR> --d----- c:\program files\SkanerOnline
2009-05-24 14:49 <DIR> --d----- C:\Downloads
2009-05-24 14:27 <DIR> --d----- c:\program files\FlashGet
2009-05-24 13:00 <DIR> --ds---- c:\documents and settings\dj kris in da mix\UserData
2009-05-19 19:46 <DIR> --d----- c:\docume~1\djkris~1\daneap~1\Malwarebytes
2009-05-19 19:46 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2009-05-18 13:23 <DIR> --d----- c:\program files\Trend Micro
2009-05-13 20:10 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-12 17:55 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\WEBREG
2009-05-12 17:54 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-05-12 17:54 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-05-12 17:54 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-05-12 17:54 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-05-12 17:54 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-05-12 17:54 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-05-12 17:54 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-05-12 17:54 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-05-12 17:54 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-05-12 17:54 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-05-12 17:54 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-05-12 17:54 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-12 17:16 <DIR> --d----- c:\program files\common files\HP
2009-05-12 17:16 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-12 17:15 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-05-12 17:15 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-12 17:14 <DIR> --d----- c:\program files\HP
2009-05-12 17:13 178,279 a------- c:\windows\hpoins28.dat
2009-05-12 17:13 796 -------- c:\windows\hpomdl28.dat
2009-05-10 15:25 0 a------- c:\documents and settings\dj kris in da mix\Wino.jpg.exe
2009-05-10 14:57 0 a------- c:\documents and settings\dj kris in da mix\Foto.jpg.exe
2009-05-08 10:22 30,336 a------- c:\windows\system32\drivers\fpd.sys
2009-05-08 10:22 <DIR> --d----- c:\program files\DialNet
2009-05-04 16:40 69 a------- c:\windows\NeroDigital.ini

==================== Find3M ====================

2009-05-28 19:02 457,678 a------- c:\windows\system32\perfh015.dat
2009-05-28 19:02 79,188 a------- c:\windows\system32\perfc015.dat
2009-03-25 22:59 18,304 a------- c:\docume~1\djkris~1\daneap~1\GDIPFONTCACHEV1.DAT
2009-03-24 21:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-23 15:15 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-03-20 17:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-14 16:30 21,856 a------- c:\windows\system32\emptyregdb.dat
2009-03-06 16:47 285,184 a------- c:\windows\system32\pdh.dll

============= FINISH: 12:56:48,15 ===============

Attached Files


Edited by KapaX, 01 June 2009 - 06:19 AM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 01 June 2009 - 09:07 PM

Hello, KapaX :thumbup2:

When I'm running task manager one if the processes is using whole memory about 99% but I'm unable to turn it off cause it's called Proces bezczynności in POlish Language in translation it should be something like free memory

This is how such "Free Memory" programs such as CacheMan, RamIDLE, and others operate. They consume all your physical ram, in an attempt to force windows to page applicatoins out to disk. They do NOT actually free anything up ... they do not do what is advertised. I'd suggest uninstalling that particular program.

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 05 June 2009 - 09:26 AM

OTListIt Extras logfile created on: 2009-06-05 16:18:37 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 548,40 Mb Available Physical Memory | 53,60% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,53 Gb Total Space | 103,02 Gb Free Space | 88,41% Space Free | Partition Type: NTFS
Drive D: | 116,35 Gb Total Space | 110,95 Gb Free Space | 95,36% Space Free | Partition Type: NTFS
Drive E: | 606,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-E8FB5CB2E053
Current User Name: DJ KRIS In Da Mix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8461:TCP" = 8461:TCP:*:Disabled:GoD High Port
"8462:TCP" = 8462:TCP:*:Disabled:GoD Low Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-03-25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008-03-25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008-07-01 00:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008-03-16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008-03-16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008-03-26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008-03-26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009-02-27 18:12:42 | 09,339,496 | ---- | M] (GG Network S.A.) -- D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
[2007-09-25 10:10:50 | 02,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Disabled:FGLiveUpdate
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Disabled:FGLiveUpdateEx
[2008-03-16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe
[2008-07-01 00:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe
[2008-03-26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe
[2008-03-26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe
[2008-03-16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe
[2008-03-25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe
[2008-03-25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6E298B0A-558C-4138-0096-740677B382CD}" = WP Powrt Krla tm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94CFF341-2471-44E7-8439-2D12A2611D2F}" = DialNet
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Call of Duty" = Call of Duty
"CRMCH" = Crazy Machines
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"FlashGet" = FlashGet 1.9.6.1073
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SkanerOnline" = Skaner on-line mks_vir
"The KMPlayer" = The KMPlayer (remove only)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinRAR archiver" = Archiwizator WinRAR

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2009-05-28 12:17:24 | Computer Name = DJ-E8FB5CB2E053 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://srv24.odsiebie.com/Oxo0PmVuNylhKV85...20wynalazcy.nrg
failed, 0000001E.

Error - 2009-05-28 12:21:09 | Computer Name = DJ-E8FB5CB2E053 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://srv24.odsiebie.com/b0k0OTE9Ny42el8x...20wynalazcy.nrg
failed, 0000001E.

[ Application Events ]
Error - 2009-05-28 12:43:19 | Computer Name = DJ-E8FB5CB2E053 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd crazymachines.exe, wersja 0.0.0.0, moduł
powodujący błąd crazymachines.exe, wersja 0.0.0.0, adres błędu 0x0007fb45.

[ System Events ]
Error - 2009-06-04 04:54:47 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 08:57:14 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 10:49:34 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 12:43:11 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 13:21:10 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 14:20:51 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-04 16:03:27 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-05 02:42:37 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-05 07:53:02 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-05 08:53:52 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.


< End of report >



OTListIt logfile created on: 2009-06-05 16:18:37 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 548,40 Mb Available Physical Memory | 53,60% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,53 Gb Total Space | 103,02 Gb Free Space | 88,41% Space Free | Partition Type: NTFS
Drive D: | 116,35 Gb Total Space | 110,95 Gb Free Space | 95,36% Space Free | Partition Type: NTFS
Drive E: | 606,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-E8FB5CB2E053
Current User Name: DJ KRIS In Da Mix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-03-10 22:18:20 | 00,970,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-03-14 11:01:40 | 16,010,752 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-03-24 21:05:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007-07-06 08:40:38 | 00,405,504 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\winpppoverethernet.exe
PRC - [2008-03-25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2004-08-04 01:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-12-18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009-03-24 21:05:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005-11-15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-07-04 16:27:24 | 00,135,168 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\WrOS.EXE
PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004-08-04 01:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009-05-10 15:52:50 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-05 16:18:09 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-03-25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008-03-25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009-03-24 21:05:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005-11-15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008-02-28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008-02-28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007-07-04 16:27:24 | 00,135,168 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\WrOS.EXE -- (WinPPPoverEthernet [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2001-08-17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007-07-04 16:27:22 | 00,030,336 | ---- | M] (Politecnico di Torino) -- C:\WINDOWS\system32\drivers\fpd.sys -- (FPD [On_Demand | Running])
DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004-05-02 10:47:08 | 00,023,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])
DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008-01-24 23:22:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008-01-24 23:22:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008-01-24 23:22:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006-03-16 07:24:06 | 04,249,088 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-11-26 18:46:19 | 00,101,120 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287 [Boot | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009-03-23 16:18:35 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2009-05-28 18:21:02 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-07-04 16:27:24 | 00,052,214 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys -- (TopWinPoETDriver [Auto | Running])
DRV - [2005-03-22 20:36:40 | 00,028,672 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS -- (ULI5261XP [On_Demand | Running])
DRV - [2007-07-04 16:27:24 | 00,052,214 | ---- | M] () -- C:\Program Files\DialNet\WrKPoET2000.sys -- (WrKPoET2000 [On_Demand | Running])
DRV - [2007-07-04 16:27:24 | 00,065,604 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys -- (WRSWanDD [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\S-1-5-21-1801674531-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-03-24 21:05:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2009-05-12 17:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-10 15:52:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-10 15:52:57 | 00,000,000 | ---D | M]

[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Extensions
[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Firefox\Profiles\a0j1qmkx.default\extensions
[2009-06-05 14:06:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-05-10 15:52:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-24 21:05:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-05-10 15:52:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-05-10 15:52:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-05-10 15:52:54 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-05-10 15:52:54 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-05-10 15:52:54 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-05-10 15:52:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-05-10 15:52:54 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-05-10 15:52:54 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-05-10 15:52:54 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT" (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe" (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe (Fine Point Technologies, Inc.)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona głwna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-14 16:33:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-08-12 01:55:04 | 00,000,145 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\Shell - "" = AutoRun
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-06-05 16:18:09 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-05 16:18:06 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTListIt2.exe
[2009-06-05 16:08:38 | 06,391,463 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\michael jackson - billie jean (offer nissim remix) .mp3
[2009-06-05 16:00:51 | 08,998,784 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\21.Supermode_-_Tell_Me_Why__TV_Rock_Remix_.mp3
[2009-06-05 15:55:02 | 03,545,129 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\syke 'n' sugarstarr & alexandra prince - are you [watching me watching you].mp3
[2009-06-05 15:45:39 | 05,100,805 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\frederik - house gym (yellow mix).mp3
[2009-06-05 15:43:35 | 04,689,084 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\the egg vs david guetta - love don't let me walk away (white label).mp3
[2009-06-05 15:39:22 | 19,355,907 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Avicii_-_Almost__Original_Mix4clubbers.pl.mp3
[2009-06-05 15:36:02 | 16,093,845 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ_Sign_feat._Maxx_Diago_-_Supermodel_(Houseshaker_Remix) [www.4clubbers.pl].mp3
[2009-06-05 15:33:49 | 13,068,446 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Benny Benassi - Satisfaction 2009 (Housebrothers RMX) 4Clubbers.pl.mp3
[2009-06-05 15:26:44 | 05,811,754 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\lexmatic - automatic (paxi fixi rmx).mp3
[2009-06-04 08:04:42 | 00,879,448 | RHS- | C] () -- C:\Documents and Settings\All Users\Dokumenty\yomcbu.exe
[2009-06-03 16:37:58 | 07,449,318 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Robot_man_-_ready_for_this__michael_gray_original_mix_.mp3
[2009-06-03 16:36:37 | 03,235,840 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\13_jestem_bogiem.mp3
[2009-06-01 20:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Muza
[2009-06-01 19:56:21 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Single Player.lnk
[2009-06-01 19:56:21 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Multiplayer.lnk
[2009-06-01 19:45:11 | 00,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009-06-01 13:20:41 | 03,484,523 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\arsenium love me love me.mp3
[2009-05-31 12:32:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-30 21:10:00 | 00,000,225 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\AAAAA.LGP
[2009-05-29 07:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2009-05-28 18:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-05-28 18:24:28 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009-05-28 18:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009-05-28 18:21:02 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-28 18:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\DAEMON Tools Lite
[2009-05-28 18:17:28 | 27,154,588 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Crazy Machines - Warsztat wynalazcy.nrg
[2009-05-26 21:43:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-05-26 21:28:19 | 00,001,064 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft FREE trial.lnk
[2009-05-26 21:27:56 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009-05-26 21:19:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009-05-26 21:18:46 | 00,000,000 | ---D | C] -- C:\ATI
[2009-05-26 21:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2009-05-26 20:58:10 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-05-25 19:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\GoD
[2009-05-25 18:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\MIŁOSNE ZDJĘCIA
[2009-05-24 14:49:19 | 00,000,000 | ---D | C] -- C:\Downloads
[2009-05-24 14:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2009-05-19 19:46:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\Malwarebytes
[2009-05-19 19:46:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-05-18 13:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-05-18 13:19:07 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\boot.ini
[2009-05-14 10:16:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\HPAppData
[2009-05-13 22:43:05 | 00,371,712 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Prezentacj_Patrycja Pomietło 3 e.ppt
[2009-05-13 20:10:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009-05-12 18:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\HP Photosmart Projects
[2009-05-12 17:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
[2009-05-12 17:54:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
[2009-05-12 17:54:10 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009-05-12 17:54:09 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009-05-12 17:54:09 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009-05-12 17:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\HP
[2009-05-12 17:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
[2009-05-12 17:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP
[2009-05-12 17:16:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009-05-12 17:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009-05-12 17:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009-05-12 17:15:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009-05-12 17:15:39 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009-05-12 17:15:39 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009-05-12 17:15:22 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009-05-12 17:14:01 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009-05-12 17:13:04 | 00,178,279 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009-05-12 17:13:04 | 00,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009-05-08 10:22:28 | 00,030,336 | ---- | C] (Politecnico di Torino) -- C:\WINDOWS\System32\drivers\fpd.sys
[2009-05-08 10:22:27 | 00,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DialNet.lnk
[2009-05-08 10:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\DialNet
[2009-05-08 10:22:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\InstallShield
[2009-05-07 14:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
[2009-05-04 16:40:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-18 17:23:04 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-14 17:22:30 | 00,065,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\WrKPoETNic2000.sys
[2009-03-14 17:22:30 | 00,052,214 | ---- | C] () -- C:\WINDOWS\System32\drivers\WrKPoET2000.sys
[2009-03-14 16:47:41 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-03-14 16:45:59 | 00,004,106 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-03-14 16:45:58 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-03-14 16:40:19 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2001-07-22 01:16:20 | 00,000,721 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-05 16:18:09 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTListIt2.exe
[2009-06-05 16:13:59 | 06,391,463 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\michael jackson - billie jean (offer nissim remix) .mp3
[2009-06-05 16:02:30 | 08,998,784 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\21.Supermode_-_Tell_Me_Why__TV_Rock_Remix_.mp3
[2009-06-05 15:57:59 | 03,545,129 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\syke 'n' sugarstarr & alexandra prince - are you [watching me watching you].mp3
[2009-06-05 15:49:54 | 05,100,805 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\frederik - house gym (yellow mix).mp3
[2009-06-05 15:47:30 | 04,689,084 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\the egg vs david guetta - love don't let me walk away (white label).mp3
[2009-06-05 15:42:05 | 19,355,907 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Avicii_-_Almost__Original_Mix4clubbers.pl.mp3
[2009-06-05 15:38:10 | 16,093,845 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ_Sign_feat._Maxx_Diago_-_Supermodel_(Houseshaker_Remix) [www.4clubbers.pl].mp3
[2009-06-05 15:35:30 | 13,068,446 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Benny Benassi - Satisfaction 2009 (Housebrothers RMX) 4Clubbers.pl.mp3
[2009-06-05 15:31:35 | 05,811,754 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\lexmatic - automatic (paxi fixi rmx).mp3
[2009-06-05 14:53:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-06-05 14:51:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-06-05 14:51:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Ustawienia lokalne\desktop.ini
[2009-06-05 14:51:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-06-05 14:29:06 | 00,000,721 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-06-05 09:12:29 | 00,000,023 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009-06-04 08:05:20 | 00,879,448 | RHS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\yomcbu.exe
[2009-06-02 18:16:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-01 19:56:21 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Single Player.lnk
[2009-06-01 19:56:21 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Multiplayer.lnk
[2009-06-01 19:56:20 | 00,000,745 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2009-06-01 13:41:49 | 03,484,523 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\arsenium love me love me.mp3
[2009-05-30 21:10:00 | 00,000,225 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\AAAAA.LGP
[2009-05-28 19:02:28 | 01,007,804 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-05-28 19:02:28 | 00,457,678 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-05-28 19:02:28 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-28 19:02:28 | 00,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-05-28 19:02:28 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-28 18:22:18 | 27,154,588 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Crazy Machines - Warsztat wynalazcy.nrg
[2009-05-28 18:21:02 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-26 21:43:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2009-05-26 21:28:19 | 00,001,064 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft FREE trial.lnk
[2009-05-18 13:19:07 | 00,000,211 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\boot.ini
[2009-05-13 22:43:06 | 00,371,712 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Prezentacj_Patrycja Pomietło 3 e.ppt
[2009-05-12 17:55:54 | 00,178,279 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2009-05-08 10:22:27 | 00,001,535 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DialNet.lnk
[2009-05-07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-05 16:25:41
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spyg.sys ZwEnumerateKey [0xF772CCA4]
SSDT spyg.sys ZwEnumerateValueKey [0xF772D032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867661F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 06 June 2009 - 03:10 AM

Hello, KapaX :thumbup2:
Can you translate the following for me?

WP Powrt Krla tm


Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.


We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
MarketResearch

We need to back up your registry
  • Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTListIt2 Fix Log
  • Kaspersky's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 08 June 2009 - 08:23 PM

Hello, KapaX :thumbup2:
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 10 June 2009 - 05:47 AM

Yes I am but i have problems with finding otlistit 2 i deleted it after using and the oldtimers website doesn't work. WP Powrt Krla tm in translation is "Lord of the rings : Return of the king tm" and Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania "Service Service HP cue DeviceDiscovery has been suspended" I alread done the step with Erunt nd i've made registy backup. With scanning with Kaspersky WebScanner i have tyo wait till finding that OTListIt2. If Could you upload on any server that program i would be really grateful.

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 10 June 2009 - 07:14 AM

Hello, KapaX :thumbup2:
In the time between when I answered and you got around to doing the steps, the tool got renamed and is no longer available at that link. OTListIt2 is now OTL.

It's been a long time -- I want to see a fresh log anyway :)

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTL.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 10 June 2009 - 01:33 PM

KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 10, 2009
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 10, 2009 12:47:33
Records in database: 2334115
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 40357
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:59:42

No malware has been detected. The scan area is clean.
The selected area was scanned.

old Otlistit2 log


Error: Unable to interpret <:otli> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\explore\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\open\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\explore\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\open\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\explore\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\open\Command - "" = fooool.exe> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found> in the current context!

OTL by OldTimer - Version 2.1.1.0 log created on 06102009_202732


THE NEW ONE Now

OTL logfile created on: 2009-06-10 20:28:10 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 562,07 Mb Available Physical Memory | 54,93% Memory free
2,40 Gb Paging File | 1,93 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,53 Gb Total Space | 100,25 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive D: | 116,35 Gb Total Space | 110,96 Gb Free Space | 95,37% Space Free | Partition Type: NTFS
Drive E: | 538,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-E8FB5CB2E053
Current User Name: DJ KRIS In Da Mix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-03-10 22:18:20 | 00,970,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-03-14 11:01:40 | 16,010,752 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-02-27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009-03-24 21:05:10 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007-07-06 08:40:38 | 00,405,504 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\winpppoverethernet.exe
PRC - [2008-03-25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2004-08-04 01:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-12-18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009-03-24 21:05:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005-11-15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-07-04 16:27:24 | 00,135,168 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\WrOS.EXE
PRC - [2009-05-10 15:52:50 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2004-08-04 01:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-06-10 14:27:47 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-03-25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008-03-25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009-03-24 21:05:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005-11-15 16:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008-02-28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008-02-28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007-07-04 16:27:24 | 00,135,168 | ---- | M] (Fine Point Technologies, Inc.) -- C:\Program Files\DialNet\WrOS.EXE -- (WinPPPoverEthernet [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2001-08-17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007-07-04 16:27:22 | 00,030,336 | ---- | M] (Politecnico di Torino) -- C:\WINDOWS\system32\drivers\fpd.sys -- (FPD [On_Demand | Running])
DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004-05-02 10:47:08 | 00,023,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv [On_Demand | Stopped])
DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008-01-24 23:22:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008-01-24 23:22:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008-01-24 23:22:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006-03-16 07:24:06 | 04,249,088 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-11-26 18:46:19 | 00,101,120 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287 [Boot | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009-03-23 16:18:35 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2009-05-28 18:21:02 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-07-04 16:27:24 | 00,052,214 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys -- (TopWinPoETDriver [Auto | Running])
DRV - [2005-03-22 20:36:40 | 00,028,672 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS -- (ULI5261XP [On_Demand | Running])
DRV - [2007-07-04 16:27:24 | 00,052,214 | ---- | M] () -- C:\Program Files\DialNet\WrKPoET2000.sys -- (WrKPoET2000 [On_Demand | Running])
DRV - [2007-07-04 16:27:24 | 00,065,604 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys -- (WRSWanDD [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKU\S-1-5-21-1801674531-813497703-839522115-1003\S-1-5-21-1801674531-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-03-24 21:05:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2009-05-12 17:18:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-06-08 14:45:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-10 15:52:57 | 00,000,000 | ---D | M]

[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Extensions
[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-14 18:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\mozilla\Firefox\Profiles\a0j1qmkx.default\extensions
[2009-06-10 13:48:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-05-10 15:52:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-24 21:05:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-05-10 15:52:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-05-10 15:52:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-05-10 15:52:54 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-05-10 15:52:54 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-05-10 15:52:54 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-05-10 15:52:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-05-10 15:52:54 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-05-10 15:52:54 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-05-10 15:52:54 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT" (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe" (Fine Point Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe (Fine Point Technologies, Inc.)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1801674531-813497703-839522115-1003..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.)
O4 - Startup: C:\Documents and Settings\DJ KRIS In Da Mix\Menu Start\Programy\Autostart\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona głwna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-14 16:33:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O33 - MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\Shell - "" = AutoRun
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\open\Command - "" = fooool.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-06-10 19:01:48 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-10 19:43:20 | 00,002,721 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\kaspersky.html
[2009-06-10 17:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\CD_MY_Fullclient_v121
[2009-06-10 14:29:14 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-06-10 14:27:46 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTL.exe
[2009-06-10 13:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\Ontrack
[2009-06-10 13:46:03 | 12,453,65255 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\CD_MY_Fullclient_v121.zip
[2009-06-09 17:26:07 | 13,413,360 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Whiteside & Jorge Martin S - Brothers & Sisters 2009 (Houseboy & Streamteck Club Mix)4clubbers.com.pl.mp3
[2009-06-09 16:53:07 | 05,748,736 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Remady P&R - I'm Not Superstar (Original Mix).mp3
[2009-06-09 15:58:41 | 80,530,285 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ KRIS In Da Mix 30_05_09.mp3
[2009-06-09 15:58:18 | 50,315,912 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Mikro 'Housebrothers' Favourite Tracks in February Mixed Together.mp3
[2009-06-09 15:58:16 | 87,566,528 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ WAJS In Da Mix _ Heaven Leszno Live 13_04_09.mp3
[2009-06-09 13:55:40 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-06-09 13:55:39 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-06-09 13:42:26 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-06-09 13:42:19 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009-06-09 13:42:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009-06-09 13:40:57 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009-06-09 13:40:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009-06-09 13:40:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009-06-09 13:39:34 | 04,455,058 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\tba - late night business (mondo remix.mp3
[2009-06-09 07:20:05 | 03,546,801 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\nelly furtado - do it.mp3
[2009-06-08 20:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Ustawienia lokalne\Apps
[2009-06-08 20:45:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-06-08 20:44:28 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Menu Start\Programy\Autostart\ERUNT AutoBackup.lnk
[2009-06-08 20:44:27 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\NTREGOPT.lnk
[2009-06-08 20:44:27 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\ERUNT.lnk
[2009-06-08 20:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-06-08 20:35:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009-06-08 20:19:28 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Dokumenty\khq
[2009-06-08 20:08:50 | 01,923,371 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\0198.jpg
[2009-06-08 20:08:50 | 01,507,871 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\0208.jpg
[2009-06-07 13:03:08 | 02,435,605 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Wideo-0013.mp4
[2009-06-07 13:02:38 | 04,457,566 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Spike & Olevers - Mała blondyneczka.mp3
[2009-06-07 12:28:53 | 03,370,035 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\chris cornell feat. timbaland - part of me.mp3
[2009-06-06 13:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\nowosciii
[2009-06-05 19:10:48 | 00,826,880 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Ochrona Srodowiska.doc
[2009-06-05 16:08:38 | 06,391,463 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\michael jackson - billie jean (offer nissim remix) .mp3
[2009-06-05 16:00:51 | 08,998,784 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\21.Supermode_-_Tell_Me_Why__TV_Rock_Remix_.mp3
[2009-06-05 15:55:02 | 03,545,513 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\syke 'n' sugarstarr & alexandra prince - are you [watching me watching you].mp3
[2009-06-05 15:45:39 | 05,100,805 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\frederik - house gym (yellow mix).mp3
[2009-06-05 15:43:35 | 04,689,084 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\the egg vs david guetta - love don't let me walk away (white label).mp3
[2009-06-05 15:39:22 | 19,355,907 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Avicii_-_Almost__Original_Mix4clubbers.pl.mp3
[2009-06-05 15:36:02 | 16,093,845 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ_Sign_feat._Maxx_Diago_-_Supermodel_(Houseshaker_Remix) [www.4clubbers.pl].mp3
[2009-06-05 15:33:49 | 13,068,446 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Benny Benassi - Satisfaction 2009 (Housebrothers RMX) 4Clubbers.pl.mp3
[2009-06-05 15:26:44 | 05,811,754 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\lexmatic - automatic (paxi fixi rmx).mp3
[2009-06-03 16:37:58 | 07,449,318 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Robot_man_-_ready_for_this__michael_gray_original_mix_.mp3
[2009-06-03 16:36:37 | 03,235,840 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\13_jestem_bogiem.mp3
[2009-06-01 20:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Muza
[2009-06-01 19:56:21 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Single Player.lnk
[2009-06-01 19:56:21 | 00,000,565 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Multiplayer.lnk
[2009-06-01 19:45:11 | 00,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009-06-01 13:20:41 | 03,484,523 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\arsenium love me love me.mp3
[2009-05-31 12:32:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-29 07:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2009-05-28 18:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-05-28 18:24:28 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009-05-28 18:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009-05-28 18:21:02 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-28 18:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\DAEMON Tools Lite
[2009-05-28 18:17:28 | 27,154,588 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Crazy Machines - Warsztat wynalazcy.nrg
[2009-05-26 21:43:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-05-26 21:28:19 | 00,001,064 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft FREE trial.lnk
[2009-05-26 21:27:56 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009-05-26 21:19:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009-05-26 21:18:46 | 00,000,000 | ---D | C] -- C:\ATI
[2009-05-26 21:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2009-05-26 20:58:10 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-05-25 19:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\GoD
[2009-05-25 18:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\MIŁOSNE ZDJĘCIA
[2009-05-24 14:49:19 | 00,000,000 | ---D | C] -- C:\Downloads
[2009-05-24 14:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2009-05-19 19:46:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\Malwarebytes
[2009-05-19 19:46:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-05-18 13:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-05-18 13:19:07 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\boot.ini
[2009-05-14 10:16:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\HPAppData
[2009-05-13 22:43:05 | 00,371,712 | ---- | C] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Prezentacj_Patrycja Pomietło 3 e.ppt
[2009-05-13 20:10:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009-05-12 18:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\HP Photosmart Projects
[2009-05-12 17:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
[2009-05-12 17:54:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
[2009-05-12 17:54:10 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009-05-12 17:54:09 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009-05-12 17:54:09 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009-05-12 17:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ KRIS In Da Mix\Dane aplikacji\HP
[2009-05-12 17:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
[2009-05-12 17:17:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HP
[2009-05-12 17:16:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009-05-12 17:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009-05-12 17:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009-05-12 17:15:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009-05-12 17:15:39 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009-05-12 17:15:39 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009-05-12 17:15:22 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009-05-12 17:14:01 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009-05-12 17:13:04 | 00,178,279 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2009-05-12 17:13:04 | 00,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2009-05-04 16:40:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-18 17:23:04 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-03-14 17:22:30 | 00,065,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\WrKPoETNic2000.sys
[2009-03-14 17:22:30 | 00,052,214 | ---- | C] () -- C:\WINDOWS\System32\drivers\WrKPoET2000.sys
[2009-03-14 16:47:41 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-03-14 16:45:59 | 00,004,106 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-03-14 16:45:58 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-03-14 16:40:19 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2001-07-22 01:16:20 | 00,000,751 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-06-10 20:26:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-06-10 20:23:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-06-10 20:23:31 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Ustawienia lokalne\desktop.ini
[2009-06-10 20:23:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-06-10 19:44:17 | 00,000,751 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-06-10 19:43:20 | 00,002,721 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\kaspersky.html
[2009-06-10 16:56:06 | 00,000,023 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009-06-10 16:33:28 | 12,453,65255 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\CD_MY_Fullclient_v121.zip
[2009-06-10 14:27:47 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\OTL.exe
[2009-06-09 17:28:46 | 13,413,360 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Whiteside & Jorge Martin S - Brothers & Sisters 2009 (Houseboy & Streamteck Club Mix)4clubbers.com.pl.mp3
[2009-06-09 16:54:07 | 05,748,736 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Remady P&R - I'm Not Superstar (Original Mix).mp3
[2009-06-09 13:55:40 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-06-09 13:55:39 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-06-09 13:43:13 | 04,455,058 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\tba - late night business (mondo remix.mp3
[2009-06-09 13:42:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-06-09 13:41:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009-06-09 13:40:57 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009-06-09 07:23:02 | 03,546,801 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\nelly furtado - do it.mp3
[2009-06-08 20:44:28 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Menu Start\Programy\Autostart\ERUNT AutoBackup.lnk
[2009-06-08 20:44:27 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\NTREGOPT.lnk
[2009-06-08 20:44:27 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\ERUNT.lnk
[2009-06-08 20:33:27 | 00,826,880 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Ochrona Srodowiska.doc
[2009-06-08 20:19:28 | 00,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\khq
[2009-06-07 12:40:30 | 01,010,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-06-07 12:40:30 | 00,457,678 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-06-07 12:40:30 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-06-07 12:40:30 | 00,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-06-07 12:40:30 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-06-07 12:31:41 | 03,370,035 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\chris cornell feat. timbaland - part of me.mp3
[2009-06-06 14:20:36 | 03,545,513 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\syke 'n' sugarstarr & alexandra prince - are you [watching me watching you].mp3
[2009-06-05 16:13:59 | 06,391,463 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\michael jackson - billie jean (offer nissim remix) .mp3
[2009-06-05 16:02:30 | 08,998,784 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\21.Supermode_-_Tell_Me_Why__TV_Rock_Remix_.mp3
[2009-06-05 15:49:54 | 05,100,805 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\frederik - house gym (yellow mix).mp3
[2009-06-05 15:47:30 | 04,689,084 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\the egg vs david guetta - love don't let me walk away (white label).mp3
[2009-06-05 15:42:05 | 19,355,907 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Avicii_-_Almost__Original_Mix4clubbers.pl.mp3
[2009-06-05 15:38:10 | 16,093,845 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ_Sign_feat._Maxx_Diago_-_Supermodel_(Houseshaker_Remix) [www.4clubbers.pl].mp3
[2009-06-05 15:35:30 | 13,068,446 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Benny Benassi - Satisfaction 2009 (Housebrothers RMX) 4Clubbers.pl.mp3
[2009-06-05 15:31:35 | 05,811,754 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\lexmatic - automatic (paxi fixi rmx).mp3
[2009-06-05 12:27:36 | 04,457,566 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Spike & Olevers - Mała blondyneczka.mp3
[2009-06-02 18:16:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-02 10:28:24 | 01,923,371 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\0198.jpg
[2009-06-02 10:22:23 | 01,507,871 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\0208.jpg
[2009-06-01 19:56:21 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Single Player.lnk
[2009-06-01 19:56:21 | 00,000,565 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Call of Duty Multiplayer.lnk
[2009-06-01 19:56:20 | 00,000,745 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2009-06-01 13:41:49 | 03,484,523 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\arsenium love me love me.mp3
[2009-05-30 15:36:08 | 80,530,285 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\DJ KRIS In Da Mix 30_05_09.mp3
[2009-05-28 18:22:18 | 27,154,588 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Crazy Machines - Warsztat wynalazcy.nrg
[2009-05-28 18:21:02 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-26 21:43:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2009-05-26 21:28:19 | 00,001,064 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft FREE trial.lnk
[2009-05-22 07:10:34 | 02,435,605 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit\Wideo-0013.mp4
[2009-05-18 13:19:07 | 00,000,211 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\boot.ini
[2009-05-13 22:43:06 | 00,371,712 | ---- | M] () -- C:\Documents and Settings\DJ KRIS In Da Mix\Moje dokumenty\Prezentacj_Patrycja Pomietło 3 e.ppt
[2009-05-12 17:55:54 | 00,178,279 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
< End of report >


OTL Extras logfile created on: 2009-06-10 20:28:10 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\DJ KRIS In Da Mix\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,23 Mb Total Physical Memory | 562,07 Mb Available Physical Memory | 54,93% Memory free
2,40 Gb Paging File | 1,93 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,53 Gb Total Space | 100,25 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive D: | 116,35 Gb Total Space | 110,96 Gb Free Space | 95,37% Space Free | Partition Type: NTFS
Drive E: | 538,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-E8FB5CB2E053
Current User Name: DJ KRIS In Da Mix
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1801674531-813497703-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8461:TCP" = 8461:TCP:*:Disabled:GoD High Port
"8462:TCP" = 8462:TCP:*:Disabled:GoD Low Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-03-25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008-03-25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008-07-01 00:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2008-03-16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008-03-16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2008-03-26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
[2008-03-26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009-02-27 18:12:42 | 09,339,496 | ---- | M] (GG Network S.A.) -- D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
[2007-09-25 10:10:50 | 02,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Disabled:FGLiveUpdate
File not found -- d:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Disabled:FGLiveUpdateEx
[2008-03-16 12:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Disabled:hpiscnapp.exe
[2008-07-01 00:06:02 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe
[2008-03-26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Disabled:hpqgpc01.exe
[2008-03-26 02:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe
[2008-03-16 12:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe
File not found -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Disabled:hpqphotocrm.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Disabled:hpqpsapp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Disabled:hpqpse.exe
[2008-03-25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Disabled:hpqsudi.exe
[2008-03-25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6E298B0A-558C-4138-0096-740677B382CD}" = WP Powrt Krla tm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94CFF341-2471-44E7-8439-2D12A2611D2F}" = DialNet
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Call of Duty" = Call of Duty
"CRMCH" = Crazy Machines
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ERUNT_is1" = ERUNT 1.1j
"FlashGet" = FlashGet 1.9.6.1073
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SkanerOnline" = Skaner on-line mks_vir
"The KMPlayer" = The KMPlayer (remove only)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2009-05-28 12:17:24 | Computer Name = DJ-E8FB5CB2E053 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://srv24.odsiebie.com/Oxo0PmVuNylhKV85...20wynalazcy.nrg
failed, 0000001E.

Error - 2009-05-28 12:21:09 | Computer Name = DJ-E8FB5CB2E053 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://srv24.odsiebie.com/b0k0OTE9Ny42el8x...20wynalazcy.nrg
failed, 0000001E.

[ Application Events ]
Error - 2009-06-10 08:25:01 | Computer Name = DJ-E8FB5CB2E053 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd crazymachines.exe, wersja 0.0.0.0, moduł
powodujący błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x00036a12.

[ System Events ]
Error - 2009-06-09 06:41:23 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 07:48:54 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 07:57:02 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 09:52:45 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 10:39:42 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 12:28:54 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-09 14:35:38 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-10 04:04:43 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-10 06:32:13 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.

Error - 2009-06-10 14:26:13 | Computer Name = DJ-E8FB5CB2E053 | Source = Service Control Manager | ID = 7022
Description = Usługa Usługa HP CUE DeviceDiscovery zawiesiła się podczas uruchamiania.


< End of report >




and im already giving translations "zawiesiła się podczas uruchamiania" means that has suspended due running, and "usługa" means service; Aplikacja powodująca błąd means aplication causing error; moduł
powodujący błąd means module causing error

Edited by KapaX, 10 June 2009 - 03:05 PM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 10 June 2009 - 08:25 PM

Hello, KapaX :thumbup2:
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Reg Error: Key error. File not found
    O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\Shell\open\Command - "" = fooool.exe
    O33 - MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\AutoRun\command - "" = fooool.exe
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\explore\Command - "" = fooool.exe
    O33 - MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\Shell\open\Command - "" = fooool.exe
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
In your next reply, please include the following:
  • OTL Fix Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 11 June 2009 - 06:00 AM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{850aa5be-22b4-11de-b114-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{850aa5be-22b4-11de-b114-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{850aa5be-22b4-11de-b114-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{850aa5be-22b4-11de-b114-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cbc409a-396b-11de-b138-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cbc409a-396b-11de-b138-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cbc409a-396b-11de-b138-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cbc409a-396b-11de-b138-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2b28df-3b10-11de-b143-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2b28df-3b10-11de-b143-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2b28df-3b10-11de-b143-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac2b28df-3b10-11de-b143-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d097c270-37f7-11de-b12d-00138f9f346d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d097c270-37f7-11de-b12d-00138f9f346d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ not found.
File fooool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f96a2f5c-148c-11de-b07f-00138f9f346d}\ not found.
File fooool.exe not found.

OTL by OldTimer - Version 2.1.1.0 log created on 06112009_125929

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 14 June 2009 - 12:24 AM

Hello, KapaX :thumbup2:
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
We need to run a system scan with Dr. Web CureIt
  • Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  • Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Complete Scan"
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
  • Dr.Web's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 KapaX

KapaX
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 14 June 2009 - 07:25 AM

A0031451.exe C:\System Volume Information\_restore{30164509-3CC1-45C3-A1B0-A00CA4BF092D}\RP43 Win32.HLLW.Autohit.7920 Niewyleczalny.Przeniesiony.

In translation: incurable. Moved.

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:12 AM

Posted 14 June 2009 - 10:35 AM

Hello, KapaX :step4:
Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users