SystemDir.explorer and SystemDir.regedit infected?

i think i have a keylogger

i just got banned from one of my online games and i think its from a keylogger,
if you could read over this and help me i'd love you forever! its a new computer so im very worried by the way i have windows vista

i have scanned with kaspersky (i havnt scanned in safemode) and have winpatrol and COMODO BOclean running.
i also scanned with spy bot search and destroy, but none of these programs could find anything
but when i scanned with bazooka spyware scanner i get these two results
"SystemDir.explorer"
and
"SystemDir.regedit"

http://www.kephyr.com/spywarescanner/libra...html?source=app
http://www.kephyr.com/spywarescanner/libra...html?source=app

i have read both of these removal guides and it says it could be a
keylogger, when i look for my explorer.exe and regedit.exe it is in the
default location under "C:/Windows"
but i dont know if its a false positive or not or if thats not even where the keylog is..

ill
do anything to figure this out please help me scan if a professional
could look over my computer and see if its clean or not ide appreciate
it alot! this has got me really stressed out.

Hey there, welcome to GeekPolice.

Please read this topic and post a HijackThis log here.

http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm

Hello.
No, not false positive.
You are correct about the file locations, the legit explorer/regedit are in windows, not system32.

Reads docs post a post your logs.

thanks for the reply so fast here is my logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:43 PM, on 1/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Comodo\CBOClean\BOC427.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~2\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [BTBFirstRun] C:\Program Files (x86)\Hewlett-Packard\SDP\hprun.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BOCore - COMODO - C:\Program Files (x86)\Comodo\CBOClean\BOCORE.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10841 bytes

Please download and run this tool.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

please take note that this is my log from yestorday it found 2 results i have removed them, i have stopped teatimer and i scanned again just now and found no results so ill just post the results from yestorday, if you need the new results ill post them too. thanks for the fast replys


Malwarebytes' Anti-Malware 1.32
Database version: 1617
Windows 6.0.6001 Service Pack 1

1/5/2009 7:19:44 PM
mbam-log-2009-01-05 (19-19-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 369225
Time elapsed: 6 hour(s), 18 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Okay, lets take a look around.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Click No for Optional Scan.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

Belahzur wrote:

Okay, lets take a look around.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Click No for Optional Scan.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

i tryed to run the file but it says "This tool does not support your Operating System"
i have vista 64bit

Darn it.

Download OTViewIt to your desktop.

• Close all windows and open it
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  
• You may need to use more than one post to get it all on the forum
  

ok i got the logs here they are in separate posts

OTViewIt logfile created on: 1/6/2009 7:24:07 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Ryan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.36% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.90 Gb Total Space | 504.46 Gb Free Space | 73.23% Space Free | Partition Type: NTFS
Drive D: | 9.74 Gb Total Space | 0.89 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN-PC
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
[2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[2008/02/08 20:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
[2008/07/14 05:09:26 | 00,351,480 | ---- | M] (COMODO) -- C:\Program Files (x86)\Comodo\CBOClean\BOC427.EXE
[2008/10/09 10:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
[2008/02/08 20:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
[2007/11/19 17:54:04 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
[2008/11/28 23:54:03 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
[2008/01/28 13:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[2007/08/23 01:35:00 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2009/01/06 19:23:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/08/23 01:35:00 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/02/08 20:36:14 | 00,227,856 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP [Auto | Running])
[2008/07/14 05:09:29 | 00,081,144 | ---- | M] (COMODO) -- C:\Program Files (x86)\Comodo\CBOClean\BOCore.exe -- (BOCore [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 21:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/20 21:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/01/20 21:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/07/23 18:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2007/09/19 20:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2007/11/19 17:54:04 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/08/23 01:35:00 | 03,192,184 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 21:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/20 21:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2008/01/20 21:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/11/28 23:54:03 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/28 13:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2008/01/20 21:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/11/21 21:09:32 | 00,104,944 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 17:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
File not found -- -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2008/01/20 21:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/20 21:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/20 21:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/20 21:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/01/20 21:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/20 21:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/20 21:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (atksgt [Auto | Running])
[2007/04/17 15:19:58 | 00,011,504 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Program Files (x86)\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE [On_Demand | Running])
[2008/01/20 21:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/20 21:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (CAXHWBS2 [On_Demand | Running])
[2008/01/20 21:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/20 21:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/20 21:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/20 21:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found -- -- (HSF_DP [On_Demand | Running])
File not found -- -- (iaStor [Boot | Running])
[2008/01/20 21:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (IntcAzAudAddService [On_Demand | Running])
File not found -- -- (kl1 [System | Running])
File not found -- -- (KLIF [System | Running])
File not found -- -- (KLIM6 [System | Running])
File not found -- -- (lirsgt [Auto | Running])
[2008/01/20 21:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/20 21:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/20 21:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/06/19 05:26:50 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
[2008/01/20 21:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/20 21:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
[2005/01/01 04:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
[2008/01/20 21:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/20 21:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/20 21:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/20 21:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2008/11/27 07:32:55 | 00,024,448 | ---- | M] () -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40 [On_Demand | Stopped])
File not found -- -- (RTL8169 [On_Demand | Running])
[2008/11/17 15:11:06 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/11/17 15:11:08 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/11/17 15:11:04 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/29 18:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 21:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008/01/20 21:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2008/01/20 21:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/20 21:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/20 21:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2008/01/20 21:46:53 | 00,392,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxpv6.inf_31bf3856ad364e35_6.0.6001.18000_none_1f6618d91f404c66\VSTBS26.SYS -- (VST64HWBS2 [On_Demand | Stopped])
[2008/01/20 21:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTDPV6.SYS -- (VST64_DPV [On_Demand | Stopped])
File not found -- -- (winachsf [On_Demand | Running])
File not found -- -- (XAudio [Auto | Running])
File not found -- -- (xcbdaNtsc [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (893572 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 z.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtb5.acecounter.com
127.0.0.1 gtb19.acecounter.com
25889 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" (Kaspersky Lab)
"BOC-427"=C:\PROGRA~2\Comodo\CBOClean\BOC427.exe (COMODO)
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot (BillP Studios)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
"BTBFirstRun"=C:\Program Files (x86)\Hewlett-Packard\SDP\hprun.exe (Hewlett-Packard Company)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
"Yahoo! Pager"="C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel\HomePage]
""=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername]
""=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools]
""=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip]
""=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files (x86)\Windows Live Toolbar\msntb.dll [2007/10/19 13:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web Anti-Virus statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [2008/02/08 20:37:52 | 00,223,760 | ---- | M] (Kaspersky Lab)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 17:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
55 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02ECD07A-22D0-4AF0-BA0A-3F6B06086D08}: http://xiah.gamescampus.com/luncher/GamesCampus.cab -- GamesCampus Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{7C5D062A-7A1E-4A46-A02B-A928084CBD66}: http://legendofares.netgame.com/download/MusaLauncherNew.cab -- MLauncherNew Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{AA07EBD2-EBDD-4BD6-9F8F-114BD513492C}: http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab -- NeffyLauncherCtl Class
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
vzTCPConfig: http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1E6C176C-A2FA-4ED1-9311-0C4F2F822321} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{91D95F1B-7719-4933-84DA-BEAA18F26D43} (Servers: | Description: USB Wireless 802.11 b/g Adaptor)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll
>[2008/02/08 20:37:52 | 00,072,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\r3hook.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
klogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>File not found --

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 21:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2009/01/06 19:23:01 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTViewIt.exe
[2009/01/06 19:08:31 | 00,368,781 | ---- | C] () -- C:\Users\Ryan\Desktop\dds(2).pif
[2009/01/06 19:07:34 | 00,368,781 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/01/06 19:06:24 | 00,368,784 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.com
[2009/01/06 07:07:37 | 00,099,743 | ---- | C] () -- C:\Users\Ryan\Desktop\DxDiag.xml
[2009/01/06 04:08:02 | 00,001,930 | ---- | C] () -- C:\Users\Ryan\Desktop\HijackThis.lnk
[2009/01/06 04:08:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/01/05 04:28:54 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2009/01/05 04:28:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/05 04:28:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/05 04:28:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/01/05 04:28:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/01/05 04:20:12 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\WinPatrol
[2009/01/05 04:20:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2009/01/05 04:07:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dlb
[2009/01/05 04:07:04 | 00,205,560 | ---- | C] (COMODO) -- C:\Windows\UNBOC.EXE
[2009/01/05 04:07:03 | 00,212,728 | ---- | C] (COMODO) -- C:\Windows\CMDLIC.DLL
[2009/01/05 04:06:53 | 00,000,000 | ---D | C] -- C:\ProgramData\BOC427
[2009/01/05 04:06:48 | 00,000,410 | ---- | C] () -- C:\Windows\BOC427.INI
[2009/01/05 04:06:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2009/01/05 04:02:41 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/01/05 03:16:49 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2009/01/05 03:16:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/01/05 02:57:05 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/01/03 16:37:54 | 00,000,268 | ---- | C] () -- C:\sqmdata00.sqm
[2009/01/03 04:44:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CoEmu
[2009/01/02 20:33:47 | 00,018,689 | ---- | C] () -- C:\Users\Ryan\Documents\me 025.png
[2009/01/02 20:32:08 | 00,012,628 | ---- | C] () -- C:\Users\Ryan\Documents\me 420.jpg
[2009/01/02 19:10:47 | 00,427,482 | ---- | C] () -- C:\Users\Ryan\Desktop\stronglifts-5x5.pdf
[2008/12/31 02:19:16 | 00,002,223 | ---- | C] () -- C:\Users\Ryan\Desktop\Rakion.lnk
[2008/12/31 02:18:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Softnyx
[2008/12/26 17:58:12 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Pharoahe_Monch_-_Internal_Affairs_
[2008/12/26 17:57:37 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Illadelph Halflife
[2008/12/26 17:57:11 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Busta_Rhymes_-_When_Disaster_Strikes
[2008/12/26 17:56:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Black Moon - Enta Da Stage
[2008/12/26 17:53:35 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\AZ_-_Doe_Or_Die_1995_192kb
[2008/12/26 17:52:28 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Scarface_-_The_Fix
[2008/12/26 17:52:21 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\The_Pharcyde_-_Bizarre_Ride_II
[2008/12/26 17:51:50 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\UGK_-_Ridin_Dirty
[2008/12/26 17:30:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\00-MF_Doom_-_Operation_Doomsday-1999-_HHFN_
[2008/12/25 20:20:09 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Artifacts-Between_A_Rock_And_A_Hard_Place-1994-NHH_INT
[2008/12/24 17:24:33 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\BG_Knocc_Out___Dresta_-_Real_Brothas_-_1995
[2008/12/24 16:54:49 | 00,026,831 | ---- | C] () -- C:\Users\Ryan\Documents\user40903_pic2213_1226558916.jpg
[2008/12/24 16:54:40 | 00,049,626 | ---- | C] () -- C:\Users\Ryan\Documents\user40903_pic1031_1217032325.jpg
[2008/12/24 16:54:26 | 00,010,695 | ---- | C] () -- C:\Users\Ryan\Documents\user40903_pic2440_1228178266.jpg
[2008/12/24 16:54:17 | 00,039,560 | ---- | C] () -- C:\Users\Ryan\Documents\user40903_pic2664_1229789391.jpg
[2008/12/20 19:36:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Armor2net
[2008/12/20 19:27:23 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2008/12/20 19:27:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2008/12/19 03:18:23 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Runes of Magic
[2008/12/19 03:13:16 | 00,001,854 | ---- | C] () -- C:\Users\Ryan\Desktop\Runes of Magic.lnk
[2008/12/19 03:01:28 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/19 03:01:12 | 00,000,000 | ---D | C] -- C:\CrashReport
[2008/12/19 02:52:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Runes of Magic
[2008/12/18 18:53:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2008/12/18 18:53:09 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\SystemRequirementsLab
[2008/12/18 03:37:25 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Wax__26_EOM_-_Liquid_Courage
[2008/12/18 03:33:55 | 04,669,466 | ---- | C] () -- C:\Users\Ryan\Documents\Wax & EOM - Music And Liquor.mp3
[2008/12/17 16:22:11 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\The Roots - Things Fall Apart
[2008/12/14 23:54:26 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\KidRock - Hist
[2008/12/14 23:27:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool
[2008/12/14 23:25:19 | 00,001,614 | ---- | C] () -- C:\Users\Public\Desktop\KnightOnline.lnk
[2008/12/14 23:19:52 | 00,000,000 | ---D | C] -- C:\GamersFirst
[2008/12/11 18:44:49 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Ventrilo
[2008/12/11 18:43:34 | 00,000,754 | ---- | C] () -- C:\Users\Ryan\Desktop\Ventrilo.lnk
[2008/12/11 03:03:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/12/11 00:50:06 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\Users\Ryan\Documents\dinput8.dll
[2008/12/10 19:14:59 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/12/10 19:14:57 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/12/10 19:14:57 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/12/10 19:14:57 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/12/10 19:14:17 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/12/10 19:14:07 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/12/10 19:14:06 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/12/10 19:14:05 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/12/10 19:14:05 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/12/10 19:14:04 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/12/10 19:14:03 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/12/10 19:13:21 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/12/10 19:13:20 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/12/10 19:11:55 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/12/10 19:11:50 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/12/10 19:11:50 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2008/12/08 23:02:24 | 00,004,352 | ---- | C] () -- C:\Users\Ryan\Documents\cc_20081208_230216 new.reg
[2008/12/08 21:51:04 | 09,658,970 | ---- | C] () -- C:\Users\Ryan\Desktop\Big Sloan & Ta Smallz Interview By JeremyMT - 12-5-08.WMA
[2008/12/08 16:36:05 | 00,056,388 | ---- | C] () -- C:\Users\Ryan\Desktop\waxeom.jpg

========== Files - Modified Within 30 Days ==========

[3 C:\Windows\*.tmp files]
[2009/01/06 19:23:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTViewIt.exe
[2009/01/06 19:08:31 | 00,368,781 | ---- | M] () -- C:\Users\Ryan\Desktop\dds(2).pif
[2009/01/06 19:07:34 | 00,368,781 | ---- | M] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/01/06 19:06:26 | 00,368,784 | ---- | M] () -- C:\Users\Ryan\Desktop\dds.com
[2009/01/06 17:10:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/06 17:10:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/06 07:07:37 | 00,099,743 | ---- | M] () -- C:\Users\Ryan\Desktop\DxDiag.xml
[2009/01/06 04:08:02 | 00,001,930 | ---- | M] () -- C:\Users\Ryan\Desktop\HijackThis.lnk
[2009/01/06 03:10:24 | 00,074,120 | ---- | M] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/05 04:10:51 | 00,000,410 | ---- | M] () -- C:\Windows\BOC427.INI
[2009/01/05 03:59:33 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/01/04 18:41:50 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:41:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/03 16:37:54 | 00,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2009/01/02 20:33:47 | 00,018,689 | ---- | M] () -- C:\Users\Ryan\Documents\me 025.png
[2009/01/02 20:32:08 | 00,012,628 | ---- | M] () -- C:\Users\Ryan\Documents\me 420.jpg
[2009/01/02 19:10:48 | 00,427,482 | ---- | M] () -- C:\Users\Ryan\Desktop\stronglifts-5x5.pdf
[2009/01/01 23:02:56 | 00,019,456 | ---- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 02:19:16 | 00,002,223 | ---- | M] () -- C:\Users\Ryan\Desktop\Rakion.lnk
[2008/12/30 02:26:37 | 00,001,854 | ---- | M] () -- C:\Users\Ryan\Desktop\Runes of Magic.lnk
[2008/12/24 16:54:49 | 00,026,831 | ---- | M] () -- C:\Users\Ryan\Documents\user40903_pic2213_1226558916.jpg
[2008/12/24 16:54:42 | 00,049,626 | ---- | M] () -- C:\Users\Ryan\Documents\user40903_pic1031_1217032325.jpg
[2008/12/24 16:54:26 | 00,010,695 | ---- | M] () -- C:\Users\Ryan\Documents\user40903_pic2440_1228178266.jpg
[2008/12/24 16:54:17 | 00,039,560 | ---- | M] () -- C:\Users\Ryan\Documents\user40903_pic2664_1229789391.jpg
[2008/12/18 03:34:26 | 04,669,466 | ---- | M] () -- C:\Users\Ryan\Documents\Wax & EOM - Music And Liquor.mp3
[2008/12/14 23:25:19 | 00,001,614 | ---- | M] () -- C:\Users\Public\Desktop\KnightOnline.lnk
[2008/12/12 00:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/12/11 18:43:34 | 00,000,754 | ---- | M] () -- C:\Users\Ryan\Desktop\Ventrilo.lnk
[2008/12/08 23:02:27 | 00,004,352 | ---- | M] () -- C:\Users\Ryan\Documents\cc_20081208_230216 new.reg
[2008/12/08 21:51:04 | 09,658,970 | ---- | M] () -- C:\Users\Ryan\Desktop\Big Sloan & Ta Smallz Interview By JeremyMT - 12-5-08.WMA
[2008/12/08 16:36:06 | 00,056,388 | ---- | M] () -- C:\Users\Ryan\Desktop\waxeom.jpg
< End of report >

Hello. I don't see any traces of what this malware does according to the links in your first post, theres no run value for it.
Although, I do want to look at this file.

Please upload this file in bold:
C:\Windows\System32\explorer.exe
To this site below for a scan.
http://virusscan.jotti.org/
Copy and paste the results back here.

Belahzur wrote:

Hello. I don't see any traces of what this malware does according to the links in your first post, theres no run value for it.
Although, I do want to look at this file.

Please upload this file in bold:
C:\Windows\System32\explorer.exe
To this site below for a scan.
http://virusscan.jotti.org/
Copy and paste the results back here.

hi i scanned it heres the results. one more thing.. the default location is in "C:/windows"
not "C:/windows/system32"? does that mean i should remove the explorer.exe and the regedit.exe in the system32 since theres the legit one in C:/windows? i cant see the file when i look for it in system32 but when i use virusjotti its there in my system32

Service load:	0% 100%
File:	explorer.exe
Status:	OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5:	4f554999d7d5f05daaebba7b5ba1089d
Packers detected:	-
Scanner results
Scan taken on 07 Jan 2009 01:10:43 (GMT)
A-Squared	Found nothing
AntiVir	Found nothing
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found nothing
CPsecure	Found nothing
Dr.Web	Found nothing
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
G DATA	Found nothing
Ikarus	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found nothing
Norman Virus Control	Found nothing
Panda Antivirus	Found nothing
Sophos Antivirus	Found nothing
VirusBuster	Found nothing
VBA32	Found nothing

Last edited by swedstoner on 7th January 2009, 1:17 am; edited 1 time in total

Hello.
No, don't do that.

The other ones if clean, can be used as backups.

Belahzur wrote:

Hello.
No, don't do that.

The other ones if clean, can be used as backups.

so im clean? did you notice anything else in my logs? thanks for all this help

No, nothing of suspicion.

Belahzur wrote:

No, nothing of suspicion.

ok that makes me feel alot better! thank you very much you are great! this was very much appreciated all this help and you guys here at geekpolice thumbs up!
thanks again you saved my day

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.