y.exe virus

View previous topic View next topic Go down

y.exe virus

Post by cwizzy on Fri 20 Aug 2010, 10:40 pm

y.exe virus. Don't know where this is coming from but whenever I turn on my computer the audio mutes until I Ctrl>Alt>Del my way out of y.exe please help me delete this annoying virus

Thanks.

OTL Log


OTL logfile created on: 20/08/2010 11:35:17 p.m. - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\ClipClop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 58.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 29.74 Gb Free Space | 6.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 455.24 Gb Free Space | 48.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 122.75 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 29.90 Gb Free Space | 12.84% Space Free | Partition Type: NTFS

Computer Name: CLIPCLOP-PC
Current User Name: ClipClop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 23:34:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ClipClop\Downloads\OTL.com
PRC - [2010/07/31 12:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\ClipClop\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/05 07:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/11 16:21:16 | 000,083,440 | ---- | M] (Google) -- C:\Users\ClipClop\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/28 09:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
PRC - [2009/12/24 09:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/11/11 23:18:26 | 006,934,528 | ---- | M] () -- C:\Program Files (x86)\NewsLeecher\newsLeecher.exe
PRC - [2009/10/30 23:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/17 23:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/12/03 07:49:16 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2008/01/23 14:48:04 | 000,376,832 | ---- | M] (Enigma Software Group, Inc.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2000/01/01 12:00:00 | 000,142,336 | -H-- | M] (Microsoft Corporation) -- C:\Users\ClipClop\AppData\Local\SystemCom\syscom.exe
PRC - [2000/01/01 12:00:00 | 000,142,336 | -H-- | M] (Microsoft Corporation) -- C:\Users\ClipClop\AppData\Local\ComLayer\comlayer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/20 23:34:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ClipClop\Downloads\OTL.com
MOD - [2010/07/05 09:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2009/07/20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/14 13:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2009/07/14 13:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 13:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/11 09:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 09:33:00 | 050,612,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2009/09/26 02:36:06 | 000,174,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/09/19 10:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 13:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 13:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 13:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/14 13:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/14 13:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 13:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 13:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/28 09:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService)
SRV - [2009/12/24 09:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 13:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 13:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 13:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/03 07:49:16 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2008/01/23 14:48:04 | 000,376,832 | ---- | M] (Enigma Software Group, Inc.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe -- (SpyHunter3 Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2010/06/11 11:51:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2010/06/10 11:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/02 22:06:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/21 00:08:37 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/01/21 00:08:37 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/12/29 18:17:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/18 10:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/13 12:22:22 | 000,192,984 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/09/28 02:02:40 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/09/19 12:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/23 22:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/21 04:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/10 09:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/20 14:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/14 13:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 13:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 13:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 13:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 12:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 11:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 11:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 11:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/18 04:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/18 04:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/18 04:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/18 04:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/18 04:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/06/11 08:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:21:58 | 001,422,080 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA706_x64.sys -- (AVerA706_x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/06 15:14:06 | 000,050,688 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009/04/06 15:14:06 | 000,050,688 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2008/11/05 06:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007/12/03 14:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2007/11/30 12:14:52 | 000,347,144 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U)
DRV:64bit: - [2007/08/29 06:39:42 | 001,729,024 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerBDA3x_x64.sys -- (AVerBDA3x_x64)
DRV:64bit: - [2007/06/29 15:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2007/06/19 06:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV:64bit: - [2007/06/19 06:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/19 06:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV:64bit: - [2007/06/19 06:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2009/11/19 17:51:28 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 50 C9 82 D3 68 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/08 10:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/14 11:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/14 11:23:25 | 000,000,000 | ---D | M]

[2010/07/21 17:28:38 | 000,000,000 | ---D | M] -- C:\Users\ClipClop\AppData\Roaming\Mozilla\Extensions
[2010/07/21 17:28:38 | 000,000,000 | ---D | M] -- C:\Users\ClipClop\AppData\Roaming\Mozilla\Firefox\Profiles\xlelr751.default\extensions
[2010/08/15 13:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/25 12:10:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/07 20:26:56 | 000,164,760 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 3811 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ESCOFLiP Toolbar) - {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ESCOFLiP Toolbar) - {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ESCOFLiP Toolbar) - {D47A8D7D-F7B2-48A9-B8D6-B44484D51B89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] C:\Program Files\Mediafour\XPlay 3\XPlay.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MCM] C:\Program Files (x86)\Mp3 Convert Master\Mp3ConvertMaster.exe File not found
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHStartup.exe (Enigma Software Group, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Com Layer] C:\Users\ClipClop\AppData\Local\ComLayer\comlayer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [IDMan] C:\Users\ClipClop\Desktop\Internet Download Manager v5.19 Build 3\crack\IDMan.exe File not found
O4 - HKCU..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4 - HKCU..\Run: [System Com Layer] C:\Users\ClipClop\AppData\Local\SystemCom\syscom.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ClipClop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe ()
O4 - Startup: C:\Users\ClipClop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} [You must be registered and logged in to see this link.] (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8de5db11-0d43-11df-b43d-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{8de5db11-0d43-11df-b43d-00241dc2d82c}\Shell\AutoRun\command - "" = F:\Borderlands.exe -- File not found
O33 - MountPoints2\{c28cc156-d58b-11de-b039-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{c28cc156-d58b-11de-b039-00241dc2d82c}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found
O33 - MountPoints2\{fbe6e3a9-0a53-11df-b322-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe6e3a9-0a53-11df-b322-00241dc2d82c}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\PATRICK HERE'S YOUR STUFF. You can delete it from here after you get it coz they're all on my laptop anyway, and they might take up too much space
[2010/08/16 00:51:41 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Flash Drive 2
[2010/08/15 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2010/08/15 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\Spycheck
[2010/08/15 12:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/08/15 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\New folder
[2010/08/15 08:09:14 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Local\Cooliris
[2010/08/14 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/14 11:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/14 11:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/14 11:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/14 11:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/13 08:46:06 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\The Zs SensMe Mod
[2010/08/12 23:30:34 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 23:30:33 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/12 23:30:33 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/12 23:30:28 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 23:30:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 23:30:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 23:30:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 23:30:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 23:30:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 23:30:22 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 23:30:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 23:30:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 19:56:32 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\DERP
[2010/08/10 21:29:35 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Drawings
[2010/08/08 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Akira
[2010/08/08 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Work
[2010/08/07 15:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UO GPPSP Kai 3.3
[2010/08/04 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\VOWSoft
[2010/08/04 16:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaLoader
[2010/08/04 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Kathy
[2010/08/02 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Exploit
[2010/08/02 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Clips
[2010/08/01 16:53:49 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/07/31 03:29:05 | 001,634,176 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw89.sys
[2010/07/31 03:29:05 | 000,128,512 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\HcwPrx89.ax
[2010/07/31 03:28:36 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Hauppauge Drivers
[2010/07/29 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\Notepad++
[2010/07/29 12:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/07/28 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\StarCraft II
[2010/07/28 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/07/26 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Don't Know Bout
[2010/07/26 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Trip
[2010/07/23 16:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sibelius Software
[2010/07/23 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\Sibelius Software
[2010/07/23 16:29:37 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\Scores
[2010/07/23 16:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2009/12/29 18:17:28 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ClipClop\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/20 23:36:42 | 007,340,032 | -HS- | M] () -- C:\Users\ClipClop\ntuser.dat
[2010/08/20 23:05:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1652041692-1851794388-4105086606-1001UA.job
[2010/08/20 08:11:02 | 000,865,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/20 08:11:02 | 000,727,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/20 08:11:02 | 000,146,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/20 08:05:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1652041692-1851794388-4105086606-1001Core.job
[2010/08/19 00:09:31 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 00:09:31 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 15:08:42 | 000,012,702 | ---- | M] () -- C:\Users\ClipClop\Desktop\MA LAZA.jpg
[2010/08/15 23:58:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/15 23:58:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/15 23:58:14 | 534,896,639 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 23:57:18 | 003,091,607 | -H-- | M] () -- C:\Users\ClipClop\AppData\Local\IconCache.db
[2010/08/15 23:50:23 | 000,000,000 | ---- | M] () -- C:\Users\ClipClop\cd
[2010/08/15 23:13:40 | 000,001,180 | ---- | M] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/08/15 12:09:17 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010/08/15 11:40:17 | 000,000,600 | ---- | M] () -- C:\Users\ClipClop\PUTTY.RND
[2010/08/15 09:37:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/14 14:39:45 | 000,060,928 | ---- | M] () -- C:\Windows\tasks\y.exe
[2010/08/14 11:25:13 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/14 11:23:21 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/13 03:21:44 | 005,022,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 10:05:19 | 000,002,419 | ---- | M] () -- C:\Users\ClipClop\Desktop\Google Chrome.lnk
[2010/08/10 18:29:12 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/09 00:34:08 | 000,160,265 | ---- | M] () -- C:\Users\ClipClop\Desktop\lolol.jpg
[2010/08/08 18:11:03 | 000,031,232 | ---- | M] () -- C:\Users\ClipClop\Desktop\redo.doc
[2010/08/08 17:11:16 | 003,550,068 | ---- | M] () -- C:\Users\ClipClop\Desktop\01 Because I Back-Traced It (Remix).m4a
[2010/08/08 14:11:14 | 006,894,288 | ---- | M] () -- C:\Users\ClipClop\Desktop\01 Bed Intruder Song (feat. The Greg.m4a
[2010/08/08 07:26:01 | 000,795,044 | ---- | M] () -- C:\Users\ClipClop\Desktop\1281202020964.gif
[2010/08/07 20:21:41 | 005,729,940 | ---- | M] () -- C:\Users\ClipClop\Desktop\always.mp3
[2010/08/05 16:59:52 | 000,000,752 | ---- | M] () -- C:\Windows\win.ini
[2010/08/03 16:26:03 | 000,408,066 | ---- | M] () -- C:\Users\ClipClop\Desktop\You is so DUMB.jpg
[2010/08/02 23:30:15 | 015,702,253 | ---- | M] () -- C:\Users\ClipClop\Desktop\Schrok a pose.psd
[2010/08/02 20:50:53 | 010,773,434 | ---- | M] () -- C:\Users\ClipClop\Desktop\Sequence 01_1.avi
[2010/08/02 19:37:14 | 264,883,108 | ---- | M] () -- C:\Users\ClipClop\Desktop\Track.avi
[2010/08/01 23:32:25 | 000,012,685 | ---- | M] () -- C:\Users\ClipClop\Desktop\Untitled.png
[2010/08/01 22:24:31 | 000,204,730 | ---- | M] () -- C:\Users\ClipClop\Desktop\1280056450915.jpg
[2010/08/01 12:36:47 | 002,040,913 | ---- | M] () -- C:\Users\ClipClop\Desktop\Guardian At The Gates.mp3
[2010/07/29 18:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/29 12:24:50 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/07/29 12:15:23 | 000,441,856 | ---- | M] () -- C:\Users\ClipClop\Desktop\Claridge, Thomas Claridge.doc
[2010/07/29 11:50:42 | 001,124,864 | ---- | M] () -- C:\Users\ClipClop\Desktop\McArthur, Jim McArthur.doc
[2010/07/26 20:22:10 | 000,143,733 | ---- | M] () -- C:\Users\ClipClop\Desktop\NOOO.jpg
[2010/07/23 16:42:13 | 000,209,852 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/23 16:31:47 | 000,131,200 | ---- | M] () -- C:\Users\ClipClop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 16:31:33 | 000,000,624 | -H-- | M] () -- C:\Windows\SysWow64\T4
[2010/07/23 16:31:01 | 000,000,604 | -H-- | M] () -- C:\Program Files (x86)\STLL Notifier
[2010/07/23 16:29:41 | 000,000,464 | ---- | M] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 15:08:42 | 000,012,702 | ---- | C] () -- C:\Users\ClipClop\Desktop\MA LAZA.jpg
[2010/08/15 23:50:23 | 000,000,000 | ---- | C] () -- C:\Users\ClipClop\cd
[2010/08/15 23:13:40 | 000,001,180 | ---- | C] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/08/15 12:09:17 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010/08/14 14:39:45 | 000,060,928 | ---- | C] () -- C:\Windows\tasks\y.exe
[2010/08/14 11:25:13 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/14 11:23:21 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/10 18:29:12 | 000,054,784 | ---- | C] () -- C:\Windows\tasks\d2.exe
[2010/08/09 00:34:07 | 000,160,265 | ---- | C] () -- C:\Users\ClipClop\Desktop\lolol.jpg
[2010/08/08 18:11:03 | 000,031,232 | ---- | C] () -- C:\Users\ClipClop\Desktop\redo.doc
[2010/08/08 17:11:37 | 003,550,068 | ---- | C] () -- C:\Users\ClipClop\Desktop\01 Because I Back-Traced It (Remix).m4a
[2010/08/08 14:11:52 | 006,894,288 | ---- | C] () -- C:\Users\ClipClop\Desktop\01 Bed Intruder Song (feat. The Greg.m4a
[2010/08/08 07:26:01 | 000,795,044 | ---- | C] () -- C:\Users\ClipClop\Desktop\1281202020964.gif
[2010/08/07 20:18:04 | 005,729,940 | ---- | C] () -- C:\Users\ClipClop\Desktop\always.mp3
[2010/08/06 08:50:12 | 027,106,965 | ---- | C] () -- C:\Users\ClipClop\Desktop\500.PBP
[2010/08/06 08:35:16 | 027,106,965 | ---- | C] () -- C:\Users\ClipClop\Documents\500.PBP
[2010/08/03 16:26:02 | 000,408,066 | ---- | C] () -- C:\Users\ClipClop\Desktop\You is so DUMB.jpg
[2010/08/02 23:30:14 | 015,702,253 | ---- | C] () -- C:\Users\ClipClop\Desktop\Schrok a pose.psd
[2010/08/02 20:50:52 | 010,773,434 | ---- | C] () -- C:\Users\ClipClop\Desktop\Sequence 01_1.avi
[2010/08/02 19:36:41 | 264,883,108 | ---- | C] () -- C:\Users\ClipClop\Desktop\Track.avi
[2010/08/01 23:32:25 | 000,012,685 | ---- | C] () -- C:\Users\ClipClop\Desktop\Untitled.png
[2010/08/01 22:24:31 | 000,204,730 | ---- | C] () -- C:\Users\ClipClop\Desktop\1280056450915.jpg
[2010/07/31 03:29:05 | 003,283,792 | ---- | C] () -- C:\Windows\SysNative\drivers\HcwWiltF103.bin
[2010/07/31 03:29:05 | 003,283,792 | ---- | C] () -- C:\Windows\SysNative\drivers\HcwWiltF.bin
[2010/07/30 08:39:40 | 002,040,913 | ---- | C] () -- C:\Users\ClipClop\Desktop\Guardian At The Gates.mp3
[2010/07/29 12:24:50 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/07/29 12:12:22 | 000,441,856 | ---- | C] () -- C:\Users\ClipClop\Desktop\Claridge, Thomas Claridge.doc
[2010/07/29 11:50:22 | 001,124,864 | ---- | C] () -- C:\Users\ClipClop\Desktop\McArthur, Jim McArthur.doc
[2010/07/28 15:16:47 | 000,000,600 | ---- | C] () -- C:\Users\ClipClop\PUTTY.RND
[2010/07/26 22:29:51 | 244,555,908 | ---- | C] () -- C:\Users\ClipClop\Desktop\that.mitchell.and.webb.look.s04e02.hdtv.xvid-angelic.avi
[2010/07/26 20:22:09 | 000,143,733 | ---- | C] () -- C:\Users\ClipClop\Desktop\NOOO.jpg
[2010/07/23 16:31:33 | 000,000,624 | -H-- | C] () -- C:\Windows\SysWow64\T4
[2010/07/23 16:31:01 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/07/23 16:28:45 | 000,000,464 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/07/13 17:07:06 | 000,000,132 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/05/24 20:05:35 | 000,000,132 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/12 17:19:58 | 000,001,022 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\DVDSubEdit.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/13 17:17:51 | 000,000,613 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\AutoGK.ini
[2010/02/07 10:02:51 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/02/04 19:52:32 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/02/04 17:22:32 | 000,007,608 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\Resmon.ResmonCfg
[2010/01/26 20:35:28 | 000,033,134 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\UserTile.png
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/01/25 20:21:49 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/01/25 20:21:49 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/01/25 20:21:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/01/11 11:27:37 | 000,000,170 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\default.rss
[2010/01/08 09:15:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/29 18:17:53 | 000,000,033 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.log
[2009/12/29 18:17:28 | 000,099,384 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\inst.exe
[2009/12/29 18:17:28 | 000,007,859 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.cat
[2009/12/29 18:17:28 | 000,001,167 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.inf
[2009/12/14 23:10:49 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2009/12/08 13:53:11 | 000,001,442 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\7F68A003.il
[2009/12/08 13:53:11 | 000,000,240 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\IndexIE_7F68A003.il
[2009/12/03 21:47:48 | 000,018,944 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 19:08:57 | 000,000,096 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\fusioncache.dat
[2009/11/19 18:23:44 | 000,793,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/19 18:00:01 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/19 18:00:01 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/19 16:54:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 09:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/26 09:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 11:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/11/16 06:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008/04/06 08:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2007/06/29 10:07:36 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini
[2006/08/17 02:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2005/09/13 18:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004/01/24 17:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 1323 bytes -> C:\Program Files\Common Files\Microsoft Shared:0EsG94rbfFqDPURJeZZezvtal
@Alternate Data Stream - 1307 bytes -> C:\Program Files\Common Files\Microsoft Shared:x0MqRJV0KkKqLYgNbTwY
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:Bp018bZ6NNLbKGq7fBQDyDqla2m5GW
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 1216 bytes -> C:\ProgramData\Microsoft:c2Min1Uj7dzAuPv9MWGXwN
@Alternate Data Stream - 1143 bytes -> C:\ProgramData\Microsoft:5d3oCUzp3il7BJ1UAA04Ah2
< End of report >

cwizzy

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2010-08-20
Operating System : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: y.exe virus

Post by Sneakyone on Sat 21 Aug 2010, 3:13 pm

Hi, Welcome to GeekPolice.net!

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    O4:64bit: - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
    O4 - HKLM..\Run: [MCM] C:\Program Files (x86)\Mp3 Convert Master\Mp3ConvertMaster.exe File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [Com Layer] C:\Users\ClipClop\AppData\Local\ComLayer\comlayer.exe
    O4 - HKCU..\Run: [IDMan] C:\Users\ClipClop\Desktop\Internet Download Manager v5.19 Build 3\crack\IDMan.exe File not found
    O4 - HKCU..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
    O4 - HKCU..\Run: [System Com Layer] C:\Users\ClipClop\AppData\Local\SystemCom\syscom.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\ClipClop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe ()

    :Files
    C:\Windows\tasks\y.exe
    C:\Windows\tasks\d2.exe
    C:\Users\ClipClop\AppData\Local\SystemCom
    C:\Users\ClipClop\AppData\Local\ComLayer


    :commands
    [emptytemp]
    [emptyflash]
    [resethosts]
    [reboot]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive please move on to Malwarebytes'.

=========

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

============

Please download CKScanner by askey127 from here

Save it to your desktop.


  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: y.exe virus

Post by cwizzy on Sat 21 Aug 2010, 4:39 pm

Thank you so much. It removed the virus and the computer is running perfectly again.


cwizzy

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2010-08-20
Operating System : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: y.exe virus

Post by Sneakyone on Sat 21 Aug 2010, 4:41 pm

Hi.

I am glad your computer feels alright, but I fear more malware lies on your system, so please post the OTL fix log, MBAM log, and CKScanner log.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: y.exe virus

Post by cwizzy on Sat 21 Aug 2010, 5:21 pm

Woops, here it is

OTL:
OTL logfile created on: 21/08/2010 5:42:52 p.m. - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\ClipClop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 66.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 59.42 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 415.86 Gb Free Space | 44.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 122.75 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CLIPCLOP-PC
Current User Name: ClipClop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/21 17:30:13 | 000,688,504 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\bittorrent.exe
PRC - [2010/08/20 23:34:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ClipClop\Downloads\OTL.com
PRC - [2010/08/18 13:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\ClipClop\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/05 07:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/11 16:21:16 | 000,083,440 | ---- | M] (Google) -- C:\Users\ClipClop\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 12:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/31 10:27:38 | 000,141,061 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2009/12/28 09:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe
PRC - [2009/12/24 09:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/10/30 23:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/17 23:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/12/03 07:49:16 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2008/05/15 18:02:26 | 006,915,072 | ---- | M] () -- C:\Program Files (x86)\Newsleecher\newsLeecher.exe
PRC - [2008/01/23 14:48:04 | 000,376,832 | ---- | M] (Enigma Software Group, Inc.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe
PRC - [2008/01/23 14:47:10 | 000,847,872 | ---- | M] (Enigma Software Group, Inc.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter3.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2006/09/11 16:01:40 | 001,400,832 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe


========== Modules (SafeList) ==========

MOD - [2010/08/20 23:34:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ClipClop\Downloads\OTL.com
MOD - [2010/07/05 09:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2009/07/20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/14 13:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 13:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/11 09:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 09:33:00 | 050,612,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2009/09/26 02:36:06 | 000,174,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/09/19 10:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 13:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 13:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 13:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/14 13:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/14 13:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 13:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 13:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/28 09:26:38 | 000,224,256 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe -- (M4iPodWPDService)
SRV - [2009/12/24 09:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 13:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 13:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 13:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/03 07:49:16 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2008/01/23 14:48:04 | 000,376,832 | ---- | M] (Enigma Software Group, Inc.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe -- (SpyHunter3 Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2010/06/11 11:51:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2010/06/10 11:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/02 22:06:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/21 00:08:37 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/01/21 00:08:37 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/12/29 18:17:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/18 10:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/13 12:22:22 | 000,192,984 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/09/28 02:02:40 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/09/19 12:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/23 22:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/21 04:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/10 09:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/20 14:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/14 13:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 13:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 13:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 13:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 12:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 11:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 11:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 11:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/18 04:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/18 04:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/18 04:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/18 04:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/18 04:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/06/11 08:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:21:58 | 001,422,080 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA706_x64.sys -- (AVerA706_x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/06 15:14:06 | 000,050,688 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009/04/06 15:14:06 | 000,050,688 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2008/11/05 06:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007/12/03 14:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2007/11/30 12:14:52 | 000,347,144 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U)
DRV:64bit: - [2007/08/29 06:39:42 | 001,729,024 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerBDA3x_x64.sys -- (AVerBDA3x_x64)
DRV:64bit: - [2007/06/29 15:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2007/06/19 06:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV:64bit: - [2007/06/19 06:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/19 06:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV:64bit: - [2007/06/19 06:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2009/11/19 17:51:28 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 50 C9 82 D3 68 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/08 10:45:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/14 11:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/14 11:23:25 | 000,000,000 | ---D | M]

[2010/07/21 17:28:38 | 000,000,000 | ---D | M] -- C:\Users\ClipClop\AppData\Roaming\Mozilla\Extensions
[2010/07/21 17:28:38 | 000,000,000 | ---D | M] -- C:\Users\ClipClop\AppData\Roaming\Mozilla\Firefox\Profiles\xlelr751.default\extensions
[2010/08/15 13:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/25 12:10:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/21 16:53:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (no name) - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL (Mediafour Corporation)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ESCOFLiP Toolbar) - {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ESCOFLiP Toolbar) - {d47a8d7d-f7b2-48a9-b8d6-b44484d51b89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ESCOFLiP Toolbar) - {D47A8D7D-F7B2-48A9-B8D6-B44484D51B89} - C:\Program Files (x86)\ESCOFLiP\tbESCO.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] C:\Program Files\Mediafour\XPlay 3\XPlay.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHStartup.exe (Enigma Software Group, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Users\ClipClop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} [You must be registered and logged in to see this link.] (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8de5db11-0d43-11df-b43d-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{8de5db11-0d43-11df-b43d-00241dc2d82c}\Shell\AutoRun\command - "" = F:\Borderlands.exe -- File not found
O33 - MountPoints2\{c28cc156-d58b-11de-b039-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{c28cc156-d58b-11de-b039-00241dc2d82c}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found
O33 - MountPoints2\{fbe6e3a9-0a53-11df-b322-00241dc2d82c}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe6e3a9-0a53-11df-b322-00241dc2d82c}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/21 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Core
[2010/08/21 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Newsleecher
[2010/08/21 16:52:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/16 00:51:41 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Flash Drive 2
[2010/08/15 23:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2010/08/15 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\Spycheck
[2010/08/15 12:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/08/15 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\New folder
[2010/08/15 08:09:14 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Local\Cooliris
[2010/08/14 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/14 11:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/14 11:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/14 11:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/14 11:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/13 08:46:06 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\The Zs SensMe Mod
[2010/08/12 23:30:34 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 23:30:33 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/12 23:30:33 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/12 23:30:28 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 23:30:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 23:30:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 23:30:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 23:30:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 23:30:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 23:30:22 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 23:30:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 23:30:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 19:56:32 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\DERP
[2010/08/10 21:29:35 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Drawings
[2010/08/08 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Akira
[2010/08/08 10:51:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Work
[2010/08/07 15:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UO GPPSP Kai 3.3
[2010/08/04 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\VOWSoft
[2010/08/04 16:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaLoader
[2010/08/04 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Kathy
[2010/08/02 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Exploit
[2010/08/02 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Clips
[2010/07/31 03:29:05 | 001,634,176 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw89.sys
[2010/07/31 03:29:05 | 000,128,512 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\HcwPrx89.ax
[2010/07/31 03:28:36 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Hauppauge Drivers
[2010/07/29 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\Notepad++
[2010/07/29 12:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/07/28 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\StarCraft II
[2010/07/28 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/07/26 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Don't Know Bout
[2010/07/26 19:20:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Desktop\Trip
[2010/07/23 16:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sibelius Software
[2010/07/23 16:30:58 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\AppData\Roaming\Sibelius Software
[2010/07/23 16:29:37 | 000,000,000 | ---D | C] -- C:\Users\ClipClop\Documents\Scores
[2010/07/23 16:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2009/12/29 18:17:28 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ClipClop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/08/21 17:46:42 | 007,340,032 | -HS- | M] () -- C:\Users\ClipClop\ntuser.dat
[2010/08/21 17:19:54 | 000,000,972 | ---- | M] () -- C:\Users\ClipClop\AppData\Local\7F68A003.il
[2010/08/21 17:19:54 | 000,000,280 | ---- | M] () -- C:\Users\ClipClop\AppData\Local\IndexIE_7F68A003.il
[2010/08/21 17:13:28 | 000,001,001 | ---- | M] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk
[2010/08/21 17:13:28 | 000,000,977 | ---- | M] () -- C:\Users\ClipClop\Desktop\NewsLeecher.lnk
[2010/08/21 17:05:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1652041692-1851794388-4105086606-1001UA.job
[2010/08/21 17:01:48 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 17:01:48 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 16:54:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/21 16:54:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/21 16:54:10 | 534,896,639 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 16:53:15 | 003,088,900 | -H-- | M] () -- C:\Users\ClipClop\AppData\Local\IconCache.db
[2010/08/21 16:53:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/21 08:05:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1652041692-1851794388-4105086606-1001Core.job
[2010/08/21 06:05:19 | 000,002,419 | ---- | M] () -- C:\Users\ClipClop\Desktop\Google Chrome.lnk
[2010/08/20 08:11:02 | 000,865,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/20 08:11:02 | 000,727,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/20 08:11:02 | 000,146,178 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/15 23:50:23 | 000,000,000 | ---- | M] () -- C:\Users\ClipClop\cd
[2010/08/15 23:13:40 | 000,001,180 | ---- | M] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/08/15 12:09:17 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010/08/15 11:40:17 | 000,000,600 | ---- | M] () -- C:\Users\ClipClop\PUTTY.RND
[2010/08/15 09:37:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/14 11:25:13 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/14 11:23:21 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/13 03:21:44 | 005,022,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 00:34:08 | 000,160,265 | ---- | M] () -- C:\Users\ClipClop\Desktop\lolol.jpg
[2010/08/08 18:11:03 | 000,031,232 | ---- | M] () -- C:\Users\ClipClop\Desktop\redo.doc
[2010/08/08 17:11:16 | 003,550,068 | ---- | M] () -- C:\Users\ClipClop\Desktop\01 Because I Back-Traced It (Remix).m4a
[2010/08/08 14:11:14 | 006,894,288 | ---- | M] () -- C:\Users\ClipClop\Desktop\01 Bed Intruder Song (feat. The Greg.m4a
[2010/08/08 07:26:01 | 000,795,044 | ---- | M] () -- C:\Users\ClipClop\Desktop\1281202020964.gif
[2010/08/07 20:21:41 | 005,729,940 | ---- | M] () -- C:\Users\ClipClop\Desktop\always.mp3
[2010/08/05 16:59:52 | 000,000,752 | ---- | M] () -- C:\Windows\win.ini
[2010/08/03 16:26:03 | 000,408,066 | ---- | M] () -- C:\Users\ClipClop\Desktop\You is so DUMB.jpg
[2010/08/02 23:30:15 | 015,702,253 | ---- | M] () -- C:\Users\ClipClop\Desktop\Schrok a pose.psd
[2010/08/02 20:50:53 | 010,773,434 | ---- | M] () -- C:\Users\ClipClop\Desktop\Sequence 01_1.avi
[2010/08/02 19:37:14 | 264,883,108 | ---- | M] () -- C:\Users\ClipClop\Desktop\Track.avi
[2010/08/01 23:32:25 | 000,012,685 | ---- | M] () -- C:\Users\ClipClop\Desktop\Untitled.png
[2010/08/01 22:24:31 | 000,204,730 | ---- | M] () -- C:\Users\ClipClop\Desktop\1280056450915.jpg
[2010/08/01 12:36:47 | 002,040,913 | ---- | M] () -- C:\Users\ClipClop\Desktop\Guardian At The Gates.mp3
[2010/07/29 18:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/29 12:24:50 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/07/29 12:15:23 | 000,441,856 | ---- | M] () -- C:\Users\ClipClop\Desktop\Claridge, Thomas Claridge.doc
[2010/07/29 11:50:42 | 001,124,864 | ---- | M] () -- C:\Users\ClipClop\Desktop\McArthur, Jim McArthur.doc
[2010/07/26 20:22:10 | 000,143,733 | ---- | M] () -- C:\Users\ClipClop\Desktop\NOOO.jpg
[2010/07/23 16:42:13 | 000,209,852 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/23 16:31:47 | 000,131,200 | ---- | M] () -- C:\Users\ClipClop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 16:31:33 | 000,000,624 | -H-- | M] () -- C:\Windows\SysWow64\T4
[2010/07/23 16:31:01 | 000,000,604 | -H-- | M] () -- C:\Program Files (x86)\STLL Notifier
[2010/07/23 16:29:41 | 000,000,464 | ---- | M] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini

========== Files Created - No Company Name ==========

[2010/08/21 17:14:13 | 000,000,972 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\7F68A003.il
[2010/08/21 17:14:13 | 000,000,280 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\IndexIE_7F68A003.il
[2010/08/21 17:13:28 | 000,001,001 | ---- | C] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk
[2010/08/21 17:13:28 | 000,000,977 | ---- | C] () -- C:\Users\ClipClop\Desktop\NewsLeecher.lnk
[2010/08/15 23:50:23 | 000,000,000 | ---- | C] () -- C:\Users\ClipClop\cd
[2010/08/15 23:13:40 | 000,001,180 | ---- | C] () -- C:\Users\ClipClop\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/08/15 12:09:17 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010/08/14 11:25:13 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/14 11:23:21 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/09 00:34:07 | 000,160,265 | ---- | C] () -- C:\Users\ClipClop\Desktop\lolol.jpg
[2010/08/08 18:11:03 | 000,031,232 | ---- | C] () -- C:\Users\ClipClop\Desktop\redo.doc
[2010/08/08 17:11:37 | 003,550,068 | ---- | C] () -- C:\Users\ClipClop\Desktop\01 Because I Back-Traced It (Remix).m4a
[2010/08/08 14:11:52 | 006,894,288 | ---- | C] () -- C:\Users\ClipClop\Desktop\01 Bed Intruder Song (feat. The Greg.m4a
[2010/08/08 07:26:01 | 000,795,044 | ---- | C] () -- C:\Users\ClipClop\Desktop\1281202020964.gif
[2010/08/07 20:18:04 | 005,729,940 | ---- | C] () -- C:\Users\ClipClop\Desktop\always.mp3
[2010/08/06 08:50:12 | 027,106,965 | ---- | C] () -- C:\Users\ClipClop\Desktop\500.PBP
[2010/08/06 08:35:16 | 027,106,965 | ---- | C] () -- C:\Users\ClipClop\Documents\500.PBP
[2010/08/03 16:26:02 | 000,408,066 | ---- | C] () -- C:\Users\ClipClop\Desktop\You is so DUMB.jpg
[2010/08/02 23:30:14 | 015,702,253 | ---- | C] () -- C:\Users\ClipClop\Desktop\Schrok a pose.psd
[2010/08/02 20:50:52 | 010,773,434 | ---- | C] () -- C:\Users\ClipClop\Desktop\Sequence 01_1.avi
[2010/08/02 19:36:41 | 264,883,108 | ---- | C] () -- C:\Users\ClipClop\Desktop\Track.avi
[2010/08/01 23:32:25 | 000,012,685 | ---- | C] () -- C:\Users\ClipClop\Desktop\Untitled.png
[2010/08/01 22:24:31 | 000,204,730 | ---- | C] () -- C:\Users\ClipClop\Desktop\1280056450915.jpg
[2010/07/31 03:29:05 | 003,283,792 | ---- | C] () -- C:\Windows\SysNative\drivers\HcwWiltF103.bin
[2010/07/31 03:29:05 | 003,283,792 | ---- | C] () -- C:\Windows\SysNative\drivers\HcwWiltF.bin
[2010/07/30 08:39:40 | 002,040,913 | ---- | C] () -- C:\Users\ClipClop\Desktop\Guardian At The Gates.mp3
[2010/07/29 12:24:50 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/07/29 12:12:22 | 000,441,856 | ---- | C] () -- C:\Users\ClipClop\Desktop\Claridge, Thomas Claridge.doc
[2010/07/29 11:50:22 | 001,124,864 | ---- | C] () -- C:\Users\ClipClop\Desktop\McArthur, Jim McArthur.doc
[2010/07/28 15:16:47 | 000,000,600 | ---- | C] () -- C:\Users\ClipClop\PUTTY.RND
[2010/07/26 22:29:51 | 244,555,908 | ---- | C] () -- C:\Users\ClipClop\Desktop\that.mitchell.and.webb.look.s04e02.hdtv.xvid-angelic.avi
[2010/07/26 20:22:09 | 000,143,733 | ---- | C] () -- C:\Users\ClipClop\Desktop\NOOO.jpg
[2010/07/23 16:31:33 | 000,000,624 | -H-- | C] () -- C:\Windows\SysWow64\T4
[2010/07/23 16:31:01 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/07/23 16:28:45 | 000,000,464 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/07/13 17:07:06 | 000,000,132 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/05/24 20:05:35 | 000,000,132 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/12 17:19:58 | 000,001,022 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\DVDSubEdit.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/13 17:17:51 | 000,000,613 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\AutoGK.ini
[2010/02/07 10:02:51 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/02/04 19:52:32 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/02/04 17:22:32 | 000,007,608 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\Resmon.ResmonCfg
[2010/01/26 20:35:28 | 000,033,134 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\UserTile.png
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/01/25 20:21:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/01/25 20:21:49 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/01/25 20:21:49 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/01/25 20:21:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/01/11 11:27:37 | 000,000,170 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\default.rss
[2010/01/08 09:15:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/29 18:17:53 | 000,000,033 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.log
[2009/12/29 18:17:28 | 000,099,384 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\inst.exe
[2009/12/29 18:17:28 | 000,007,859 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.cat
[2009/12/29 18:17:28 | 000,001,167 | ---- | C] () -- C:\Users\ClipClop\AppData\Roaming\pcouffin.inf
[2009/12/14 23:10:49 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2009/12/03 21:47:48 | 000,018,944 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 19:08:57 | 000,000,096 | ---- | C] () -- C:\Users\ClipClop\AppData\Local\fusioncache.dat
[2009/11/19 18:23:44 | 000,793,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/19 18:00:01 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/19 18:00:01 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/11/19 16:54:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 09:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/26 09:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 11:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/11/16 06:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008/04/06 08:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2007/06/29 10:07:36 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini
[2006/08/17 02:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2005/09/13 18:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004/01/24 17:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 1323 bytes -> C:\Program Files\Common Files\Microsoft Shared:0EsG94rbfFqDPURJeZZezvtal
@Alternate Data Stream - 1307 bytes -> C:\Program Files\Common Files\Microsoft Shared:x0MqRJV0KkKqLYgNbTwY
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:Bp018bZ6NNLbKGq7fBQDyDqla2m5GW
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 1216 bytes -> C:\ProgramData\Microsoft:c2Min1Uj7dzAuPv9MWGXwN
@Alternate Data Stream - 1143 bytes -> C:\ProgramData\Microsoft:5d3oCUzp3il7BJ1UAA04Ah2
< End of report >

CK:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\downloads\starcraft_ii_wings_of_liberty_proper-razor1911_crack_only.rar
c:\downloads\crack\starcraft ii.exe
c:\downloads\crack\update.bat
c:\downloads\crack\battle.net\battle.net-patch.mpq
c:\downloads\crack\support\battle.net.dll
c:\downloads\crack\support\blizzard updater.exe
c:\downloads\crack\support\blizzarddownloader.exe
c:\downloads\crack\support\repair.exe
c:\downloads\crack\support\sc2editor.exe
c:\downloads\crack\updates\sc2-1-22280-x86-win-engb-bnet-bin
c:\downloads\crack\updates\sc2-15405-16117-x86-win-engb-campaign
c:\downloads\crack\updates\sc2-15405-16117-x86-win-engb-game
c:\downloads\crack\updates\sc2-15405-16117-x86-win-engb-locale
c:\downloads\crack\updates\sc2-5760-6699-x86-win-engb-bnet-base
c:\downloads\crack\versions\base15405\sc2.exe
c:\downloads\starcraft_ii_wings_of_liberty_proper-razor1911_crack_only\sc2_copy.dat
c:\downloads\starcraft_ii_wings_of_liberty_proper-razor1911_crack_only\sc2_copy.exe
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\qtracker\filters\game\call of duty 2\cracked\cracked.qtf
c:\program files (x86)\sony\vegas pro 9.0\sony_vegaspro_crack.exe
c:\users\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss.xml
c:\users\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
c:\users\appdata\locallow\softonic-eng7\rss\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
c:\users\clipclop\desktop\core\keygen.exe
c:\users\clipclop\desktop\old computers\desktop\old hard drive i\favorites\patrick's\crack search engine!.url
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\declaration of use!!!.txt
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\def.dat
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\heartbug.nfo
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\how to install!!.txt
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\specs.txt
c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug\spyhunters.exe
scanner sequence 3.ZZ.11
----- EOF -----

cwizzy

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2010-08-20
Operating System : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: y.exe virus

Post by cwizzy on Sat 21 Aug 2010, 5:22 pm


MBAM:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4456

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/08/2010 6:19:07 p.m.
mbam-log-2010-08-21 (18-19-07).txt

Scan type: Quick scan
Objects scanned: 149815
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Installer\Features\6428D196FF359F6468B76C3D323FBCC6 (Rogue.SpycheckAntiSpyware) -> No action taken.
HKEY_CLASSES_ROOT\Installer\Products\6428D196FF359F6468B76C3D323FBCC6 (Rogue.SpycheckAntiSpyware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{691D8246-53FF-46F9-867B-C6D323F3CB6C} (Rogue.SpycheckAntiSpyware) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\spycheck.exe (Rogue.SpycheckAntiSpyware) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\ClipClop\Documents\Spycheck (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spycheck (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spycheck\Spycheck AntiSpyware (Rogue.SpycheckAntiSpyware) -> No action taken.

Files Infected:
C:\Windows\run_setup.exe (Adware.Agent) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata1.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata2.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata3.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata4.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata5.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata6.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata7.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\fasdata8.dat (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\licencia.txt (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\spycheck.exe (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\Users\ClipClop\Documents\Spycheck\Spycheck AntiSpyware\versiondb.txt (Rogue.SpycheckAntiSpyware) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spycheck\Spycheck AntiSpyware\NewShortcut1.lnk (Rogue.SpycheckAntiSpyware) -> No action taken.

cwizzy

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2010-08-20
Operating System : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: y.exe virus

Post by Sneakyone on Sun 22 Aug 2010, 5:14 am

Hi.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :Files
    c:\downloads\starcraft_ii_wings_of_liberty_proper-razor1911_crack_only.rar
    c:\downloads\crack
    c:\downloads\starcraft_ii_wings_of_liberty_proper-razor1911_crack_only
    c:\program files (x86)\qtracker\filters\game\call of duty 2\cracked
    c:\program files (x86)\sony\vegas pro 9.0\sony_vegaspro_crack.exe
    c:\users\clipclop\desktop\core\keygen.exe
    c:\users\clipclop\desktop\old computers\desktop\old hard drive i\favorites\patrick's\crack search engine!.url
    c:\users\clipclop\downloads\spyhunter security suite v3.4.9+crack-heartbug

    :commands
    [emptytemp]
    [emptyflash]
    [resethosts]
    [reboot]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

==========

-> No action taken.

I assume you took action against these, correct?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: y.exe virus

Post by cwizzy on Sun 22 Aug 2010, 7:07 am

I just ran the OTL fix, anything more for me to do?

cwizzy

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2010-08-20
Operating System : Windows 7 Professional 64-bit

View user profile

Back to top Go down

Re: y.exe virus

Post by Sneakyone on Sun 22 Aug 2010, 9:38 am

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: y.exe virus

    Post by cwizzy on Sun 22 Aug 2010, 7:38 pm

    Here is the scan report:


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, August 22, 2010
    Operating system: Microsoft (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Saturday, August 21, 2010 10:32:30
    Records in database: 4131719
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics:
    Objects scanned: 288720
    Threats found: 5
    Infected objects found: 8
    Suspicious objects found: 0
    Scan duration: 05:33:10


    File name / Threat / Threats count
    C:\Program Files\Internet Explorer\y.exe Infected: Trojan-Spy.MSIL.Agent.bpw 1
    C:\Program Files (x86)\RAR Password Unlocker\RAR Password Unlockerreal.exe Infected: Trojan.Win32.Agent.efdi 1
    C:\Users\ClipClop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Infected: not-a-virus:AdWare.WinLNK.Agent.a 1
    C:\Users\ClipClop\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Infected: not-a-virus:AdWare.WinLNK.Agent.a 1
    C:\Users\ClipClop\Desktop\Old Computers\Desktop\RevelationV2\SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2
    C:\_OTL\MovedFiles\08212010_165221\C_Windows\tasks\y.exe Infected: Trojan-Spy.MSIL.Agent.bpw 1
    E:\Apps\Newsleecher 3.95 Beta3\Newsleecher 3.95 Beta3\crack\NL_Loader.exe Infected: Backdoor.Win32.Hupigon.kxbq 1

    Selected area has been scanned.

    cwizzy

    Newbie Surfer
    Newbie Surfer

    Posts : 34
    Joined : 2010-08-20
    Operating System : Windows 7 Professional 64-bit

    View user profile

    Back to top Go down

    Re: y.exe virus

    Post by Sneakyone on Mon 23 Aug 2010, 5:03 am

    Hi.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:

      :Files
      C:\Program Files\Internet Explorer\y.exe
      C:\Program Files (x86)\RAR Password Unlocker\RAR Password Unlockerreal.exe
      E:\Apps\Newsleecher 3.95 Beta3\Newsleecher 3.95 Beta3\crack

      :commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: y.exe virus

    Post by cwizzy on Mon 23 Aug 2010, 6:18 am

    All processes killed
    ========== FILES ==========
    C:\Program Files\Internet Explorer\y.exe moved successfully.
    C:\Program Files (x86)\RAR Password Unlocker\RAR Password Unlockerreal.exe moved successfully.
    E:\Apps\Newsleecher 3.95 Beta3\Newsleecher 3.95 Beta3\crack folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: ClipClop
    ->Temp folder emptied: 130260788 bytes
    ->Temporary Internet Files folder emptied: 987279 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 55899404 bytes
    ->Google Chrome cache emptied: 350685780 bytes
    ->Flash cache emptied: 4165 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4230 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 513.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: ClipClop
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.10.0 log created on 08232010_071101

    Files\Folders moved on Reboot...
    C:\Users\ClipClop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    cwizzy

    Newbie Surfer
    Newbie Surfer

    Posts : 34
    Joined : 2010-08-20
    Operating System : Windows 7 Professional 64-bit

    View user profile

    Back to top Go down

    Re: y.exe virus

    Post by Sneakyone on Mon 23 Aug 2010, 6:30 am

    Hi.

    How is your computer running now?


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: y.exe virus

    Post by cwizzy on Mon 23 Aug 2010, 7:04 am

    Everything's working great.
    Thanks so much for your help!


    cwizzy

    Newbie Surfer
    Newbie Surfer

    Posts : 34
    Joined : 2010-08-20
    Operating System : Windows 7 Professional 64-bit

    View user profile

    Back to top Go down

    Re: y.exe virus

    Post by Sneakyone on Mon 23 Aug 2010, 11:26 am

    You're welcome, glad to help.

    Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

    Updating System Restore
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE.


    You now have a clean restore point.

    To get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do a calculation of temporary/old files, and then display a dialogue box.
    • Select the More Options Tab.
    • At the bottom will be a System Restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done.


    ========

    Removing the tools
    Now, to remove all of the tools we used and the files and folders they created, please do the following:

    Download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    ============

    Service Pack upgrade
    Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

    More info about SP3: [You must be registered and logged in to see this link.]

    =====

    Update Programs
    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    =========

    Here are some prevention tips I have provided:

    1. Don't download files from untrusted websites or websites that seem suspious.

    2. Don't use torrents they are a good way to get lots of malware.

    3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

    4. Disable autorun XP or Vista/7

    5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

    6. Don't ever click on the links inside of a popup.

    7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

    8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

    9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

    10. Always keep your Java and Adobe updated.

    11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

    12. Always have a Firewall and a Antivirus.

    Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

    For more information please visit [You must be registered and logged in to see this link.]


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: y.exe virus

    Post by Sponsored content Today at 12:55 am


    Sponsored content


    Back to top Go down

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum