OTL logfile created on: 2011-09-14 09:39:18 - Run 1
OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\Kali\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,99 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,14% Memory free
7,99 Gb Paging File | 6,70 Gb Available in Paging File | 83,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,65 Gb Total Space | 20,95 Gb Free Space | 14,69% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 15,07 Gb Free Space | 10,56% Space Free | Partition Type: NTFS
 
Computer Name: KALI-PC | User Name: Kali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011-09-14 09:32:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Kali\Desktop\OTL.exe
PRC - [2011-09-04 11:43:39 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011-08-31 16:05:40 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011-08-17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011-08-17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011-08-04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010-05-03 15:39:42 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010-03-06 15:43:10 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2008-02-28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-01-30 16:58:28 | 001,716,224 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files (x86)\Gadu-Gadu\gg.exe
PRC - [2006-12-19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011-09-04 11:43:39 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010-03-06 15:43:10 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
MOD - [2010-01-27 03:07:32 | 003,884,312 | ---- | M] () -- C:\Program Files (x86)\Opera\program\plugins\NPSWF32.dll
MOD - [2007-01-15 10:03:10 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\YLUSBTEL.dll
MOD - [2006-12-21 14:31:32 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\LIBEAY32.dll
MOD - [2006-12-21 14:31:32 | 000,664,928 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\update.dll
MOD - [2006-12-21 14:31:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu\SSLEAY32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-08-17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011-08-04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006-12-19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011-07-29 20:43:13 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2011-07-29 20:43:12 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - [2010-09-07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2010-08-03 23:04:58 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:[b]64bit:[/b] - [2010-08-03 23:00:14 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:[b]64bit:[/b] - [2010-08-03 23:00:14 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:[b]64bit:[/b] - [2010-03-16 17:20:44 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2009-12-03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-04-08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2010-01-29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: cssreloader@kenneth.io:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-03 15:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-05-24 19:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011-05-24 19:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kali\AppData\Roaming\mozilla\Extensions
[2011-09-14 09:35:39 | 000,001,860 | ---- | M] () -- C:\Users\Kali\AppData\Roaming\Mozilla\Firefox\Profiles\k9k2nz49.default\searchplugins\search.xml
[2011-08-30 15:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-08-30 15:00:52 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011-08-30 15:00:52 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-04 18:03:45 | 000,000,924 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: []  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Readar_sl] C:\Users\Kali\AppData\Roaming\Readar_sl.exe (Created with WinAutomation (http://www.WinAutomation.com))
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TunesHelper] C:\ProgramData\TunesHelper.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\Winampa.exe ()
O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48DE701A-1501-44AF-B907-49BF8394B850}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92FFB98E-E4DC-451F-AF0E-45E4CE6544EF}: DhcpNameServer = 194.24.244.3 194.24.244.4
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{466cfad7-2a0e-11df-ae94-001d72c2ca90}\Shell - "" = AutoRun
O33 - MountPoints2\{466cfad7-2a0e-11df-ae94-001d72c2ca90}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a7ea8897-310f-11df-b47b-001d72c2ca90}\Shell - "" = AutoRun
O33 - MountPoints2\{a7ea8897-310f-11df-b47b-001d72c2ca90}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011-09-14 09:33:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-09-14 09:32:29 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Kali\Desktop\OTL.exe
[2011-09-11 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Kali\Desktop\wlochy
[2011-09-04 21:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kali\riotsGamesLogs
[2011-09-04 21:00:07 | 000,000,000 | ---D | C] -- C:\Users\Kali\AppData\Roaming\LolClient
[2011-09-04 20:20:46 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011-09-04 20:20:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011-09-04 20:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011-09-04 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Kali\AppData\Local\PMB Files
[2011-09-04 11:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011-09-03 23:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011-09-02 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\Kali\AppData\Roaming\Colibri Games
[2011-09-02 14:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011-09-02 14:41:22 | 000,000,000 | ---D | C] -- C:\Users\Kali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IQ Publishing
[2011-09-02 14:40:13 | 000,000,000 | ---D | C] -- C:\Users\Kali\Desktop\The.Tiny.Bang.Story.PL-PROPHET-P24
[2011-09-01 13:36:49 | 000,000,000 | ---D | C] -- C:\Users\Kali\AppData\Roaming\Rovio
[2011-08-30 15:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011-08-30 15:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011-08-21 11:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX - Eidos Interactive
[2011-08-19 22:08:32 | 000,000,000 | ---D | C] -- C:\Users\Kali\Desktop\malawi kolobrzeg
[2011-01-17 21:07:25 | 000,311,296 | RHS- | C] (Created with WinAutomation (http://www.WinAutomation.com)) -- C:\Users\Kali\AppData\Roaming\Readar_sl.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011-09-14 09:40:21 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-14 09:40:21 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-14 09:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-09-14 09:35:05 | 3217,195,008 | -HS- | M] () -- C:\hiberfil.sys
[2011-09-14 09:32:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Kali\Desktop\OTL.exe
[2011-09-13 20:51:16 | 000,000,132 | ---- | M] () -- C:\Windows\winamp.ini
[2011-09-13 09:33:22 | 008,189,240 | ---- | M] () -- C:\Users\Kali\Desktop\Maroon 5 - Moves Like Jagger -feat. Christina Aguilera-_[muzu]_.mp3
[2011-09-11 20:32:57 | 006,214,899 | ---- | M] () -- C:\Users\Kali\Desktop\Finger Eleven-Paralyzer.mp3
[2011-09-11 17:06:26 | 000,687,812 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-09-11 17:06:26 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-09-11 17:06:26 | 000,131,366 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-09-11 17:06:26 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-09-11 17:06:25 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-09-11 10:17:32 | 008,186,052 | ---- | M] () -- C:\Users\Kali\Desktop\Finger Eleven - Paralyzer .mp3
[2011-09-04 20:20:48 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2011-09-03 23:00:53 | 002,307,072 | ---- | M] () -- C:\Users\Kali\Desktop\LeagueofLegends.exe
[2011-09-02 14:41:22 | 000,000,665 | ---- | M] () -- C:\Users\Kali\Desktop\The Tiny Bang Story.lnk
[2011-09-01 22:27:50 | 000,001,412 | ---- | M] () -- C:\Users\Kali\Desktop\AngryBirds.exe — skrót.lnk
[2011-08-31 19:43:56 | 000,001,978 | ---- | M] () -- C:\Users\Kali\Desktop\machinarium.exe — skrót.lnk
[2011-08-31 15:27:34 | 000,016,583 | ---- | M] () -- C:\Users\Kali\Desktop\Wildlife_Park_3_FLT_iso.torrent
[2011-08-29 15:38:01 | 001,967,695 | ---- | M] () -- C:\Users\Kali\Desktop\praktyka.rar
[2011-08-29 15:37:34 | 000,440,266 | ---- | M] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.46.jpg
[2011-08-29 15:37:30 | 000,427,645 | ---- | M] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.38.jpg
[2011-08-29 15:37:24 | 000,423,002 | ---- | M] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.22.jpg
[2011-08-29 15:37:20 | 000,406,465 | ---- | M] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.08.jpg
[2011-08-29 15:34:26 | 000,347,298 | ---- | M] () -- C:\Users\Kali\Desktop\2011-08-29 15.34.27.jpg
[2011-08-24 23:55:37 | 000,041,616 | ---- | M] () -- C:\Users\Kali\Desktop\ava.jpg
[2011-08-24 12:08:02 | 008,247,424 | ---- | M] () -- C:\Users\Kali\Desktop\Pezet- Co mam powiedziec _prod. Sidney Polak_.mp3
[2011-08-23 19:18:08 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011-08-21 11:31:40 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011-09-13 09:32:02 | 008,189,240 | ---- | C] () -- C:\Users\Kali\Desktop\Maroon 5 - Moves Like Jagger -feat. Christina Aguilera-_[muzu]_.mp3
[2011-09-11 20:32:01 | 006,214,899 | ---- | C] () -- C:\Users\Kali\Desktop\Finger Eleven-Paralyzer.mp3
[2011-09-11 10:15:36 | 008,186,052 | ---- | C] () -- C:\Users\Kali\Desktop\Finger Eleven - Paralyzer .mp3
[2011-09-04 20:20:48 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Graj w League of Legends.lnk
[2011-09-03 23:00:31 | 002,307,072 | ---- | C] () -- C:\Users\Kali\Desktop\LeagueofLegends.exe
[2011-09-02 14:41:22 | 000,000,665 | ---- | C] () -- C:\Users\Kali\Desktop\The Tiny Bang Story.lnk
[2011-09-01 22:27:50 | 000,001,412 | ---- | C] () -- C:\Users\Kali\Desktop\AngryBirds.exe — skrót.lnk
[2011-08-31 19:43:56 | 000,001,978 | ---- | C] () -- C:\Users\Kali\Desktop\machinarium.exe — skrót.lnk
[2011-08-31 15:27:34 | 000,016,583 | ---- | C] () -- C:\Users\Kali\Desktop\Wildlife_Park_3_FLT_iso.torrent
[2011-08-29 15:38:00 | 001,967,695 | ---- | C] () -- C:\Users\Kali\Desktop\praktyka.rar
[2011-08-29 15:37:47 | 000,440,266 | ---- | C] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.46.jpg
[2011-08-29 15:37:47 | 000,427,645 | ---- | C] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.38.jpg
[2011-08-29 15:37:47 | 000,423,002 | ---- | C] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.22.jpg
[2011-08-29 15:37:47 | 000,406,465 | ---- | C] () -- C:\Users\Kali\Desktop\2011-08-29 15.33.08.jpg
[2011-08-29 15:37:47 | 000,347,298 | ---- | C] () -- C:\Users\Kali\Desktop\2011-08-29 15.34.27.jpg
[2011-08-24 23:55:36 | 000,041,616 | ---- | C] () -- C:\Users\Kali\Desktop\ava.jpg
[2011-08-24 12:06:24 | 008,247,424 | ---- | C] () -- C:\Users\Kali\Desktop\Pezet- Co mam powiedziec _prod. Sidney Polak_.mp3
[2011-08-21 11:31:40 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk
[2011-07-28 13:19:06 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011-07-27 23:28:06 | 000,000,029 | ---- | C] () -- C:\Windows\sierra.ini
[2011-07-22 20:17:09 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011-02-15 22:51:44 | 000,050,168 | ---- | C] () -- C:\Windows\SysWow64\ilaxxjperpyes.exe
[2011-01-17 21:07:25 | 008,180,224 | RHS- | C] () -- C:\ProgramData\TunesHelper.exe
[2010-11-04 14:46:20 | 000,000,020 | ---- | C] () -- C:\Windows\naglos.INI
[2010-10-22 19:02:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-10-04 18:53:05 | 000,092,212 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010-09-26 18:04:25 | 000,007,598 | ---- | C] () -- C:\Users\Kali\AppData\Local\Resmon.ResmonCfg
[2010-09-15 17:13:43 | 000,030,070 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010-05-03 15:34:51 | 000,003,584 | ---- | C] () -- C:\Users\Kali\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-02 18:37:53 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-05-02 15:35:07 | 000,000,870 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-04-14 13:07:18 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010-04-13 15:22:58 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-03-14 19:12:59 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-03-14 19:12:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-06 15:43:14 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini
[2010-03-06 15:43:12 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\AudioExCtl.dll
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006-08-23 11:33:46 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2006-02-25 13:12:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2006-02-25 13:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002-11-18 18:02:58 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\MMAVILNG.exe
[2002-11-15 15:11:28 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[2002-10-06 21:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002-10-05 02:04:26 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002-10-05 02:04:26 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\VORBIS.DLL
[2002-10-05 02:04:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\OGG.DLL
[1999-01-22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

< End of report >