have several problems

[seer1]

This computer has several problems rying to take off a design that was made in freeweblayouts.net that my son put on this computer, also he did something to the active desk top and now I can not get into it even as the administrator. I have tried adding new admin but it still tells me that admin has locked control. Which brings me to my second problem, I can not upgrade windows service pack 3 it starts dowloading then stops half way through instalation. Also this compter takes 15 minutes unil the desk top comes up. Here is my hijack info, please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:56 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2445EE97-4F94-4B37-88C4-F6B029AF8277} - C:\WINDOWS\system32\urqRIyyw.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {73984FE0-9702-4C55-9C7B-9BA3C5861F25} - C:\WINDOWS\system32\nnnnOeBS.dll (file missing)
O2 - BHO: {944dea59-f2d2-82d8-da04-1d6a0085a0e9} - {9e0a5800-a6d1-40ad-8d28-2d2f95aed449} - C:\WINDOWS\system32\gfxhnj.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QXK Olive - {AF4EBF01-2871-49E4-BF25-8F0564359C31} - C:\WINDOWS\wbxdpgfevkl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [94ca55ac] "rundll32.exe" "C:\WINDOWS\system32\heypolba.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021MWUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: gfxhnj.dll,avgrsstx.dll
O20 - Winlogon Notify: nnnnOeBS - nnnnOeBS.dll (file missing)
O21 - SSODL: RunMicro - {6e0b501e-2086-4fa8-8551-ddc3e93a63f6} - C:\WINDOWS\Resources\RunMicro.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10493 bytes

Hopefully some one can help me, thanks Seer1

[AnnMarie]

Your operating system is infected seer1 but I want to see another type of log before we start cleaning up.

Download OldTimer's OTViewIt from here to your desktop,and doubleclick on OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open. Copy and paste the contents here for review please. The log can also be found on your desktop as OTViewIt.Txt. It will be a reasonably large log so you may have to divide the log into sections and make several posts to post it.

Note - do not press any other buttons or make any other changes when running the scan.

[seer1]

AnnMarie,

I did what you said and ran the program it seemed to be scanning for a few minutes then came a box with the following message (List Index Out of Bounds (19). It then would not go any further I did notice that it was scanning the HOSTS file when this happeded.

Now what

[seer1]

AnnMarie I did what you said and it seemed to run for a few then a box came up in the middle of the scan and said List Index out of bounds (19) it then froze there I did notice that it was scanning HOSTS files when this came up. Let me know what to do next.

Thanks seer1

[AnnMarie]

We will try another utility. Please download SDFix from here and save it to your desktop.

Doubleclick on SDFix.exe and click on Install. Navigate to the C:\SDFix folder and click on the RunThis.bat. From the list select option A - "Create System Report", then press Enter. When the scan completes a textbox will open - copy/paste those contents back here please. This can also be found at C:\SDFix\SystemReport.txt.

!Do not select any other options unless directed!

[seer1]

Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat"
Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat"
Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP"
Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP"
Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll"
Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp"
Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat "
Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat"
Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat"
Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat "
Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat "
Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat "
Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat "
Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat "
Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp"
Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat"


Files with hidden attributes:

Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK"
Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp"


Program Folders:

C:\Program Files\

7-Zip
ACW
Adobe
ATI Technologies
Avanquest
AVG
Common Files
Compaq Connections
ComPlus Applications
CONEXANT
DivX
Easy Internet signup
FunWebProducts
Google
Hewlett-Packard
HP
InstallShield Installation Information
InterActual
Internet Explorer
InterVideo
Java
Lexmark X1100 Series
LimeWire
Messenger
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Money 2005
Microsoft Office
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition
Microsoft Plus! Photo Story 2 LE
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
MSN
MSN Encarta Standard
MSN Gaming Zone
MSXML 4.0
MySpace
MyWebSearch
NetMeeting
Norton Internet Security
Online Services
Outlook Express
PC-Doctor 5 for Windows
PC-Doctor for DOS
Quicken
Sonic
support.com
Symantec
Trend Micro
TryMedia
Uninstall Information
Webroot
WildTangent
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
Yahoo! Games

C:\Program Files\Common Files\

Adobe
DESIGNER
HP
InstallShield
Java
L&H
Microsoft Shared
MSSoap
ODBC
Real
Services
SpeechEngines
SupportSoft
Symantec Shared
System
Wise Installation Wizard


Add/Remove Programs:

360Share Pro(remove only)
7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Shockwave Player
ATI Display Driver
AVG Free 8.0
Data Fax SoftModem with SmartCP
HijackThis 2.0.2
Compaq Connections (remove only)
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
PC-Doctor 5 for Windows
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
High Definition Audio Driver Package - KB888111
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Update for Windows XP (KB953356)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Lexmark X1100 Series
LimeWire PRO 4.18.6
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Money 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Adobe Flash Player 9 ActiveX
Norton Internet Security 2005 (Symantec Corporation)
WebVideo Support
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
ATI Control Panel
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Norton Internet Security
Microsoft Plus! Dancer LE
SymNet
J2SE Runtime Environment 5.0
InterVideo WinDVD Player
HP Boot Optimizer
Norton Internet Security
Norton Internet Security
Fix-It Utilities 8 Professional
Norton Internet Security
Norton AntiSpam
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 Redistributable
Spy Sweeper
SPBBC
Microsoft Office Basic Edition 2003
InterVideo WinDVD Player
Adobe® Photoshop® Album Starter Edition 3.2
Norton Internet Security
Norton Internet Security
PC-Doctor 5 for Windows
Adobe Reader 8.1.2
MSRedist
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus 2005
Norton Internet Security
Microsoft .NET Framework 1.1
Compaq Organize
ccCommon
CC_ccProxyExt
HpSdpAppCoreApp
Norton Internet Security
Norton Internet Security
Norton WMI Update
HP Software Update
Norton WMI Update
ccPxyCore
Norton Internet Security
HP Image Zone Express


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe"
"94ca55ac"="\"rundll32.exe\" \"C:\\WINDOWS\\system32\\heypolba.dll\",b"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe"
"PCDrProfiler"=""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ NETWORK

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

here you go. seer1

[AnnMarie]

Part of that report is missing seer1 and I would really like to see it before we start cleaning up. Can you open the report again and post the missing section please.

[seer1]

System Report
*************

Run on Sun 08/24/2008 at 07:12 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [356]
\??\C:\WINDOWS\system32\csrss.exe [424]
\??\C:\WINDOWS\system32\winlogon.exe [448]
C:\WINDOWS\system32\services.exe [520]
C:\WINDOWS\system32\lsass.exe [532]
C:\WINDOWS\system32\svchost.exe [680]
C:\WINDOWS\system32\svchost.exe [732]
C:\WINDOWS\system32\svchost.exe [836]
C:\WINDOWS\system32\svchost.exe [880]
C:\WINDOWS\system32\svchost.exe [976]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [1148]
C:\WINDOWS\Explorer.EXE [1716]
C:\Program Files\Internet Explorer\iexplore.exe [968]
C:\WINDOWS\system32\ctfmon.exe [1012]


Drivers - Running:

ACPI
AFD
atapi
bb-run
Beep
Cdfs
Cdrom
Disk
Fastfat
FltMgr
Ftdisk
ftsata2
Gpc
i8042prt
iaStor
Imapi
IntelIde
IpNat
IPSec
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
ohci1394
PartMgr
PCI
PCIIde
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
RTL8023xp
sbp2port
sr
Srv
SSFS0BB9
SSHRMD
SSIDRV
SSKBFD
swenum
Tcpip
TermDD
Update
usbehci
usbhub
usbohci
usbstor
VgaSave
ViaIde
VolSnap
WudfPf


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
ALCXWDM
AliIde
AmdK8
amsint
Arp1394
asc
asc3350p
asc3550
AsyncMac
Atdisk
ati2mtag
Atmarpc
audstub
AvgLdx86
AvgMfx86
AvgTdiX
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
eeCtrl
Fdc
Fips
Flpydisk
HidUsb
hpn
HSFHWBS2
HSF_DP
HTTP
i2omgmt
i2omp
ini910u
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
MailScan
mdmxsdk
mnmdd
Modem
mouhid
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
NAVENG
NAVEX15
NIC1394
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
rtl8139
SAVRT
SAVRTPEL
Secdrv
Serial
Sfloppy
Simbad
Sparrow
SPBBCDrv
splitter
swmidi
symc810
symc8xx
SymEvent
SYMREDRV
SYMTDI
sym_hi
sym_u3
sysaudio
TDPIPE
TDTCP
tmpreflt
tmxpflt
TosIde
Udfs
ultra
USBAAPL
usbprint
usbscan
usbuhci
Vsapint
Wanarp
WDICA
wdmaud
winachsf
WpdUsb
WudfRd


Services - Running:

CryptSvc
DcomLaunch
Dhcp
Dnscache
Eventlog
helpsvc
lanmanserver
lanmanworkstation
LmHosts
Netman
PlugPlay
RpcSs
SharedAccess
srservice
TermService
WebrootSpySweeperService
winmgmt
WZCSVC


Services - Stopped:

Alerter
ALG
AppMgmt
aspnet_state
Ati
AudioSrv
avg8emc
avg8wd
BITS
Browser
ccEvtMgr
ccProxy
ccPwdSvc
ccSetMgr
CiSvc
ClipSrv
COMSysApp
dmadmin
dmserver
ERSvc
EventSystem
FastUserSwitchingCompatibility
Fax
Fix-It
HidServ
HTTPFilter
IDriverT
ImapiService
ISSVC
LexBceS
MDM
Messenger
mnmsrvc
MSDTC
MSIServer
navapsvc
NetDDE
NetDDEdsdm
Netlogon
Nla
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SAVScan
SCardSvr
Schedule
seclogon
SENS
ShellHWDetection
SNDSrvc
SPBBCSvc
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
Themes
TrkWks
uploadmgr
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSN
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
xmlprov


Files Created/Modified - 60 Days:


C:\

Jul 28 2008 7:30:42p 37,158 A.... "C:\CybDefInstallInfo.log"
Aug 9 2008 10:47:00p 250,032 A.SHR "C:\ntldr"
Aug 24 2008 6:54:14p 352,321,536 A.SH. "C:\pagefile.sys"
Jul 28 2008 7:14:24p 150 A.... "C:\YServer.txt"


C:\WINDOWS\

Aug 24 2008 6:55:24p 0 A.... "C:\WINDOWS\0.log"
Aug 24 2008 6:54:22p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Aug 9 2008 10:46:24p 1,129 A.... "C:\WINDOWS\cmsetacl.log"
Aug 24 2008 3:10:44a 326,309 A.... "C:\WINDOWS\comsetup.log"
Aug 9 2008 10:46:22p 1,132 A.... "C:\WINDOWS\DtcInstall.log"
Aug 24 2008 3:10:44a 982,068 A.... "C:\WINDOWS\FaxSetup.log"
Aug 24 2008 3:10:44a 152,219 A.... "C:\WINDOWS\iis6.log"
Aug 24 2008 3:10:30a 1,374 A.... "C:\WINDOWS\imsins.BAK"
Aug 24 2008 3:10:44a 1,374 A.... "C:\WINDOWS\imsins.log"
Aug 4 2008 1:18:40a 5,279 A.... "C:\WINDOWS\KB892130.log"
Aug 24 2008 3:10:30a 14,644 A.... "C:\WINDOWS\KB946648.log"
Aug 4 2008 2:59:54p 28,191 A.... "C:\WINDOWS\KB950759-IE7.log"
Aug 24 2008 3:10:06a 19,694 A.... "C:\WINDOWS\KB950974.log"
Aug 24 2008 3:03:24a 8,438 A.... "C:\WINDOWS\KB951066.log"
Aug 24 2008 3:05:14a 32,692 A.... "C:\WINDOWS\KB951072-v2.log"
Aug 4 2008 2:52:14p 20,453 A.... "C:\WINDOWS\KB951748.log"
Aug 24 2008 3:04:52a 14,077 A.... "C:\WINDOWS\KB952287.log"
Aug 24 2008 3:10:44a 19,876 A.... "C:\WINDOWS\KB952954.log"
Aug 24 2008 3:10:16a 13,064 A.... "C:\WINDOWS\KB953839.log"
Aug 24 2008 3:04:34a 18,648 A.... "C:\WINDOWS\KB953838-IE7.log"
Aug 24 2008 3:10:44a 48,852 A.... "C:\WINDOWS\msgsocm.log"
Aug 24 2008 6:57:46p 205,926 A.... "C:\WINDOWS\ntbtlog.txt"
Aug 24 2008 3:10:44a 197,433 A.... "C:\WINDOWS\ntdtcsetup.log"
Aug 24 2008 3:10:44a 474,587 A.... "C:\WINDOWS\ocgen.log"
Aug 24 2008 3:10:44a 53,325 A.... "C:\WINDOWS\ocmsn.log"
Jul 27 2008 8:14:56a 1,523 A.... "C:\WINDOWS\OEWABLog.txt"
Jul 28 2008 6:48:10p 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
Aug 24 2008 6:51:14p 32,582 A.... "C:\WINDOWS\SchedLgU.Txt"
Aug 4 2008 12:10:20a 217,088 A.... "C:\WINDOWS\setupact.log"
Aug 24 2008 5:32:40p 300,658 A.... "C:\WINDOWS\setupapi.log"
Aug 9 2008 11:06:24p 1,961,529 A.... "C:\WINDOWS\spuninst.log"
Aug 10 2008 12:22:20a 195,309 A.... "C:\WINDOWS\spupdsvc.log"
Aug 10 2008 12:08:42a 682 A.... "C:\WINDOWS\spupdsvc.log.1.log"
Jul 28 2008 6:05:02p 126 A.... "C:\WINDOWS\sssTbarSettings.ini"
Jul 27 2008 7:05:04p 74 A.... "C:\WINDOWS\st_affiliate.ini"
Aug 24 2008 5:55:40p 1,419,014 A.... "C:\WINDOWS\svcpack.log"
Aug 24 2008 6:51:12p 1,224 A.... "C:\WINDOWS\TMFilter.log"
Aug 24 2008 3:10:44a 376,232 A.... "C:\WINDOWS\tsoc.log"
Aug 24 2008 3:10:42a 899,676 A.... "C:\WINDOWS\updspapi.log"
Aug 24 2008 6:50:56p 216 A.... "C:\WINDOWS\wiadebug.log"
Aug 24 2008 4:56:18p 49 A.... "C:\WINDOWS\wiaservc.log"
Aug 24 2008 3:00:06a 700 A.... "C:\WINDOWS\win.ini"
Aug 24 2008 6:51:32p 1,131,122 A.... "C:\WINDOWS\WindowsUpdate.log"
Aug 10 2008 12:21:54a 108,996 A.... "C:\WINDOWS\wmsetup.log"
Aug 3 2008 9:59:28p 2 A.... "C:\WINDOWS\CREATOR\BurnInfo.log"
Aug 3 2008 10:25:30p 57,222 A.... "C:\WINDOWS\CREATOR\Creator.log"
Aug 3 2008 10:00:00p 6,117 A.... "C:\WINDOWS\CREATOR\DSplit.log"
Aug 3 2008 9:24:04p 0 A.... "C:\WINDOWS\CREATOR\RPCheck.log"
Aug 3 2008 10:25:36p 2,837 A.... "C:\WINDOWS\CREATOR\STRCDC.ini"
Aug 3 2008 9:59:28p 336 A.... "C:\WINDOWS\CREATOR\Writer.ini"
Aug 24 2008 3:07:58a 13,600 A.... "C:\WINDOWS\Debug\mrt.log"
Aug 24 2008 3:07:58a 5,208 A.... "C:\WINDOWS\Debug\mrteng.log"
Aug 24 2008 6:54:24p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Aug 4 2008 2:03:28a 112 A.... "C:\WINDOWS\EHome\medctrro.cmd"
Aug 23 2008 1:52:30p 157,092 A.... "C:\WINDOWS\Help\iexplore.chw"
Jul 28 2008 8:04:56p 17,836 A.... "C:\WINDOWS\Help\taskbar.chw"
Aug 4 2008 8:45:54a 4,256 A.... "C:\WINDOWS\inf\branches.PNF"
Aug 4 2008 8:45:54a 1,546,392 A.... "C:\WINDOWS\inf\INFCACHE.1"
Jul 27 2008 6:48:52p 3,943 A.... "C:\WINDOWS\inf\oem15.inf"
Jul 27 2008 6:51:20p 9,662 A.... "C:\WINDOWS\inf\oem15.PNF"
Aug 4 2008 8:45:54a 5,536 A.... "C:\WINDOWS\inf\USBkey.PNF"
Aug 3 2008 8:31:20p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E1B737BB-6EBE-4595-9AC2-545B1593A317}.crmlog"
Aug 3 2008 9:25:48p 48 A.... "C:\WINDOWS\SMINST\COMPAQ"
Aug 3 2008 9:25:48p 42 A.... "C:\WINDOWS\SMINST\DVD"
Aug 3 2008 9:25:48p 40 A.... "C:\WINDOWS\SMINST\RP"
Aug 3 2008 1:57:16p 0 A.... "C:\WINDOWS\system32\9fe991d2-.txt"
Aug 4 2008 3:14:38p 1,382,557 ..SH. "C:\WINDOWS\system32\ablopyeh.ini"
Aug 10 2008 12:15:42a 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb"
Aug 3 2008 3:06:50p 10,520 A.... "C:\WINDOWS\system32\avgrsstx.dll"
Jul 8 2008 3:15:34p 1,747,498 ..SH. "C:\WINDOWS\system32\bvophooi.ini"
Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\es.dll"
Aug 3 2008 9:18:36p 917,504 A.... "C:\WINDOWS\system32\FLASH.OCX"
Jul 26 2008 9:01:30p 1,532,438 ..SH. "C:\WINDOWS\system32\ispfbvab.ini"
Jul 8 2008 3:09:52p 1,747,326 ..SH. "C:\WINDOWS\system32\iwndonnn.ini"
Aug 3 2008 3:13:36p 143 A.... "C:\WINDOWS\system32\mcrh.tmp"
Aug 3 2008 11:13:04p 126 A.... "C:\WINDOWS\system32\mmc.exe.config"
Aug 5 2008 2:11:02p 15,888,504 A.... "C:\WINDOWS\system32\MRT.exe"
Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\mscms.dll"
Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\mshtml.dll"
Aug 10 2008 12:15:42a 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb"
Jul 26 2008 9:01:08p 1,747,086 ..SH. "C:\WINDOWS\system32\rtfkdnwp.ini"
Aug 9 2008 11:03:08p 160 A.... "C:\WINDOWS\system32\spdwnwxp.log"
Jul 14 2008 7:09:18a 62,976 A.... "C:\WINDOWS\system32\tzchange.exe"
Aug 24 2008 3:05:06a 488,344 A.... "C:\WINDOWS\system32\TZLog.log"
Aug 23 2008 1:04:44p 1,158 A.... "C:\WINDOWS\system32\wpa.dbl"
Aug 3 2008 3:13:10p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini"
Aug 3 2008 3:10:54p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini2"
Aug 24 2008 6:51:12p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Aug 24 2008 7:11:48p 5,105 A.... "C:\WINDOWS\Temp\scsA.tmp"
Aug 24 2008 12:20:24a 841,530 A.... "C:\WINDOWS\Debug\Setup\UpdSh.bak"
Aug 24 2008 5:55:34p 851,216 A.... "C:\WINDOWS\Debug\Setup\UpdSh.log"
Aug 9 2008 9:39:48p 1,056,768 A.... "C:\WINDOWS\security\Database\Service Pack 3.sdb"
Aug 9 2008 9:39:50p 6,530 A.... "C:\WINDOWS\security\logs\update.log"
Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\dllcache\es.dll"
Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\dllcache\mscms.dll"
Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll"
Aug 3 2008 3:06:26p 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys"
Aug 3 2008 3:06:18p 26,824 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"
Aug 3 2008 3:06:44p 76,040 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys"
Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA"
Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK"
Aug 3 2008 8:17:28p 90,104 A.... "C:\WINDOWS\system32\NtmsData\NTMSIDX"
Aug 3 2008 5:59:38p 816 A.... "C:\WINDOWS\system32\NtmsData\NTMSREG"
Aug 9 2008 10:00:50p 1,883 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest"
Aug 9 2008 10:00:52p 1,187 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest"
Aug 9 2008 10:00:52p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a 24bc0.Manifest"
Aug 9 2008 10:00:50p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest"
Aug 9 2008 10:00:58p 1,822 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.V isualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest"
Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\HDAUDIO_Backup. bak"
Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\IE7_Backup.bak"
Aug 24 2008 5:23:08p 4 A.... "C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.b ak"
Aug 9 2008 10:46:32p 755,305 A.... "C:\WINDOWS\pchealth\helpctr\Logs\hcupdate.log "
Aug 3 2008 10:00:00p 409 A.... "C:\WINDOWS\SMINST\Apps\dta\DTA.LST"
Aug 3 2008 10:00:00p 224 A.... "C:\WINDOWS\SMINST\Drv\dta\DTA.LST"
Aug 3 2008 3:06:02p 6,061,540 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg"
Aug 23 2008 8:05:06p 26,556,568 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm"
Aug 23 2008 8:05:06p 67,349 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg"
Aug 23 2008 8:05:06p 211,986 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg"
Aug 3 2008 2:47:06p 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
Aug 24 2008 6:51:28p 12,288 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.e tl"
Aug 4 2008 1:22:42p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
Aug 24 2008 6:51:10p 1,204 A.... "C:\WINDOWS\system32\spool\PRINTERS\00004.SHD"
Aug 9 2008 11:03:04p 2,774,334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F 8C541AD42E89B7909073.mof"
Aug 9 2008 11:02:54p 15,688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E 2D450EB9E3794DFDA6CF.mof"
Aug 9 2008 11:02:50p 99,856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37AD E6B52EC023F66124985F.mof"
Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy"
Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy"
Aug 9 2008 10:00:58p 644 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microso ft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy"
Aug 9 2008 10:00:50p 625 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microso ft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy"


sorry had to cutt in half. seer1

[seer1]

C:\Program Files\

Aug 23 2008 3:58:44p 59,302 A.... "C:\Program Files\7-Zip\Uninstall.exe"
Aug 21 2008 5:13:30p 147,456 A.... "C:\Program Files\LimeWire\LimeWire.exe"
Aug 23 2008 2:10:10p 124,404 A.... "C:\Program Files\LimeWire\uninstall.exe"
Jul 27 2008 9:19:32p 267,845 A.... "C:\Program Files\Avanquest\Fix-It\tsc.exe"
Aug 3 2008 3:05:50p 540,440 A.... "C:\Program Files\AVG\AVG8\aAvgApi.exe"
Aug 3 2008 3:05:02p 181,528 A.... "C:\Program Files\AVG\AVG8\avg7api.dll"
Aug 3 2008 3:05:02p 945,944 A.... "C:\Program Files\AVG\AVG8\avgabout.dll"
Aug 3 2008 3:05:02p 312,600 A.... "C:\Program Files\AVG\AVG8\avgapix.dll"
Aug 3 2008 3:04:54p 405,272 A.... "C:\Program Files\AVG\AVG8\avgcfgex.exe"
Aug 3 2008 3:04:40p 557,848 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll"
Aug 3 2008 3:05:10p 202,008 A.... "C:\Program Files\AVG\AVG8\avgcmgr.exe"
Aug 3 2008 3:05:08p 1,351,960 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll"
Aug 3 2008 3:05:08p 67,352 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll"
Aug 3 2008 3:04:54p 68,376 A.... "C:\Program Files\AVG\AVG8\avgdumpx.exe"
Aug 3 2008 3:04:58p 873,752 A.... "C:\Program Files\AVG\AVG8\avgemc.exe"
Aug 3 2008 3:05:06p 1,000,728 A.... "C:\Program Files\AVG\AVG8\avgfrw.exe"
Aug 3 2008 3:05:00p 582,424 A.... "C:\Program Files\AVG\AVG8\avginet.dll"
Aug 3 2008 3:05:00p 443,672 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe"
Aug 3 2008 3:04:54p 152,856 A.... "C:\Program Files\AVG\AVG8\avglngx.dll"
Aug 3 2008 3:05:08p 161,048 A.... "C:\Program Files\AVG\AVG8\avglogx.dll"
Aug 3 2008 3:04:58p 170,776 A.... "C:\Program Files\AVG\AVG8\avgmail.dll"
Aug 3 2008 3:04:58p 281,880 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll"
Aug 3 2008 3:04:58p 247,064 A.... "C:\Program Files\AVG\AVG8\avgoff2k.dll"
Aug 3 2008 3:05:48p 79,128 A.... "C:\Program Files\AVG\AVG8\avgpp.dll"
Aug 3 2008 3:05:06p 966,424 A.... "C:\Program Files\AVG\AVG8\avgresf.dll"
Aug 3 2008 3:05:08p 287,000 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe"
Aug 3 2008 3:04:42p 294,168 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll"
Aug 3 2008 3:04:44p 551,192 A.... "C:\Program Files\AVG\AVG8\avgscanx.exe"
Aug 3 2008 3:04:54p 330,520 A.... "C:\Program Files\AVG\AVG8\avgsched.dll"
Aug 3 2008 3:05:08p 99,608 A.... "C:\Program Files\AVG\AVG8\avgse.dll"
Aug 3 2008 3:04:52p 161,048 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe"
Aug 3 2008 3:04:52p 358,168 A.... "C:\Program Files\AVG\AVG8\avgsrmx.dll"
Aug 3 2008 3:05:50p 422,168 A.... "C:\Program Files\AVG\AVG8\avgtbapi.dll"
Aug 3 2008 3:05:50p 2,055,960 A.... "C:\Program Files\AVG\AVG8\avgtoolbar.dll"
Aug 3 2008 3:05:02p 1,232,152 A.... "C:\Program Files\AVG\AVG8\avgtray.exe"
Aug 3 2008 3:05:04p 2,749,720 A.... "C:\Program Files\AVG\AVG8\avgui.exe"
Aug 3 2008 3:05:06p 1,821,976 A.... "C:\Program Files\AVG\AVG8\avguiadv.dll"
Aug 3 2008 3:05:06p 1,948,440 A.... "C:\Program Files\AVG\AVG8\avguires.dll"
Aug 3 2008 3:05:00p 1,066,240 A.... "C:\Program Files\AVG\AVG8\avgupd.dll"
Aug 3 2008 3:05:00p 640,280 A.... "C:\Program Files\AVG\AVG8\avgupd.exe"
Aug 3 2008 3:04:56p 309,528 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll"
Aug 3 2008 3:04:56p 833,304 A.... "C:\Program Files\AVG\AVG8\avgwd.dll"
Aug 3 2008 3:04:56p 231,192 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe"
Aug 3 2008 3:04:58p 223,512 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll"
Aug 3 2008 3:05:10p 308,504 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll"
Aug 3 2008 3:06:00p 18,984 A.... "C:\Program Files\AVG\AVG8\contacts_us.html"
Aug 3 2008 3:06:00p 1,045,128 A.... "C:\Program Files\AVG\AVG8\dbghelp.dll"
Aug 3 2008 3:05:02p 59,069 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat"
Aug 3 2008 3:05:00p 53,528 A.... "C:\Program Files\AVG\AVG8\libsasl.dll"
Aug 3 2008 3:05:00p 18,200 A.... "C:\Program Files\AVG\AVG8\saslcrammd5.dll"
Aug 3 2008 3:05:00p 36,632 A.... "C:\Program Files\AVG\AVG8\sasldigestmd5.dll"
Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\sasllogin.dll"
Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\saslplain.dll"
Aug 3 2008 3:05:10p 862,808 A.... "C:\Program Files\AVG\AVG8\setup.dat"
Aug 3 2008 3:05:08p 2,539,800 A.... "C:\Program Files\AVG\AVG8\setup.exe"
Aug 21 2008 5:13:22p 110,592 A.... "C:\Program Files\LimeWire\lib\jdic.dll"
Aug 21 2008 5:13:20p 90,112 A.... "C:\Program Files\LimeWire\lib\SystemUtilities.dll"
Aug 21 2008 5:13:20p 86,016 A.... "C:\Program Files\LimeWire\lib\SystemUtilitiesA.dll"
Aug 21 2008 5:13:30p 45,056 A.... "C:\Program Files\LimeWire\lib\tray.dll"
Jun 29 2008 11:44:20p 3,612,656 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT"
Jul 3 2008 6:36:56p 12,313,096 A.... "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"
Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat"
Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat"
Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP"
Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP"
Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll"
Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp"
Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat "
Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat"
Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat"
Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat "
Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat "
Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat "
Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat "
Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat "
Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp"
Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat"


Files with hidden attributes:

Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK"
Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp"


Program Folders:

C:\Program Files\

7-Zip
ACW
Adobe
ATI Technologies
Avanquest
AVG
Common Files
Compaq Connections
ComPlus Applications
CONEXANT
DivX
Easy Internet signup
FunWebProducts
Google
Hewlett-Packard
HP
InstallShield Installation Information
InterActual
Internet Explorer
InterVideo
Java
Lexmark X1100 Series
LimeWire
Messenger
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Money 2005
Microsoft Office
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition
Microsoft Plus! Photo Story 2 LE
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
MSN
MSN Encarta Standard
MSN Gaming Zone
MSXML 4.0
MySpace
MyWebSearch
NetMeeting
Norton Internet Security
Online Services
Outlook Express
PC-Doctor 5 for Windows
PC-Doctor for DOS
Quicken
Sonic
support.com
Symantec
Trend Micro
TryMedia
Uninstall Information
Webroot
WildTangent
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
Yahoo! Games

C:\Program Files\Common Files\

Adobe
DESIGNER
HP
InstallShield
Java
L&H
Microsoft Shared
MSSoap
ODBC
Real
Services
SpeechEngines
SupportSoft
Symantec Shared
System
Wise Installation Wizard


Add/Remove Programs:

360Share Pro(remove only)
7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Shockwave Player
ATI Display Driver
AVG Free 8.0
Data Fax SoftModem with SmartCP
HijackThis 2.0.2
Compaq Connections (remove only)
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
PC-Doctor 5 for Windows
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
High Definition Audio Driver Package - KB888111
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Update for Windows XP (KB953356)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Lexmark X1100 Series
LimeWire PRO 4.18.6
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Money 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Adobe Flash Player 9 ActiveX
Norton Internet Security 2005 (Symantec Corporation)
WebVideo Support
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
ATI Control Panel
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Norton Internet Security
Microsoft Plus! Dancer LE
SymNet
J2SE Runtime Environment 5.0
InterVideo WinDVD Player
HP Boot Optimizer
Norton Internet Security
Norton Internet Security
Fix-It Utilities 8 Professional
Norton Internet Security
Norton AntiSpam
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 Redistributable
Spy Sweeper
SPBBC
Microsoft Office Basic Edition 2003
InterVideo WinDVD Player
Adobe® Photoshop® Album Starter Edition 3.2
Norton Internet Security
Norton Internet Security
PC-Doctor 5 for Windows
Adobe Reader 8.1.2
MSRedist
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus 2005
Norton Internet Security
Microsoft .NET Framework 1.1
Compaq Organize
ccCommon
CC_ccProxyExt
HpSdpAppCoreApp
Norton Internet Security
Norton Internet Security
Norton WMI Update
HP Software Update
Norton WMI Update
ccPxyCore
Norton Internet Security
HP Image Zone Express


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe"
"94ca55ac"="\"rundll32.exe\" \"C:\\WINDOWS\\system32\\heypolba.dll\",b"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe"
"PCDrProfiler"=""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"


will send third one seer1

[seer1]

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ NETWORK

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

this is the last seer1

[AnnMarie]

Download Malwarebytes' Anti-Malware from here or here.

Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply. Also post a new SDFix report please.

[seer1]

Malwarebytes' Anti-Malware 1.25
Database version: 1085
Windows 5.1.2600 Service Pack 2

8:12:24 PM 8/24/2008
mbam-log-08-24-2008 (20-12-24).txt

Scan type: Quick Scan
Objects scanned: 48067
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnoebs (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73984fe0-9702-4c55-9c7b-9ba3c5861f25} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9e0a5800-a6d1-40ad-8d28-2d2f95aed449} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e0a5800-a6d1-40ad-8d28-2d2f95aed449} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42e2b43f-3954-48ec-b549-5c05cb7dbd0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fcb7cfd-13fc-4afe-a634-efbd957e7083} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81d04785-9638-4bec-8b39-3b9b9e972d1d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07895222-50a5-4598-acb1-806ef2a9babc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3885c07e-5f60-4cb3-bcea-ebccc3135201} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bwbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\94ca55ac (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00106) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\nnnnOeBS.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfxhnj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\hh.exe (Trojan.FakeHelp) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\02BA4F55.u rr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

next one coming seer1

[seer1]

System Report
*************

Run on Sun 08/24/2008 at 08:26 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [360]
\??\C:\WINDOWS\system32\csrss.exe [424]
\??\C:\WINDOWS\system32\winlogon.exe [448]
C:\WINDOWS\system32\services.exe [492]
C:\WINDOWS\system32\lsass.exe [504]
C:\WINDOWS\system32\svchost.exe [652]
C:\WINDOWS\system32\svchost.exe [704]
C:\WINDOWS\system32\svchost.exe [808]
C:\WINDOWS\system32\svchost.exe [848]
C:\WINDOWS\system32\svchost.exe [948]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [1120]
C:\WINDOWS\Explorer.EXE [1440]
C:\Program Files\Internet Explorer\iexplore.exe [1912]
C:\WINDOWS\system32\ctfmon.exe [1928]


Drivers - Running:

ACPI
AFD
atapi
bb-run
Beep
Cdfs
Cdrom
Disk
Fastfat
FltMgr
Ftdisk
ftsata2
Gpc
i8042prt
Imapi
IpNat
IPSec
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
PartMgr
PCI
PCIIde
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
redbook
RTL8023xp
sr
Srv
SSFS0BB9
SSHRMD
SSIDRV
SSKBFD
swenum
Tcpip
TermDD
Update
usbehci
usbhub
usbohci
usbstor
VgaSave
VolSnap
WudfPf


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
ALCXWDM
AliIde
AmdK8
amsint
Arp1394
asc
asc3350p
asc3550
AsyncMac
Atdisk
ati2mtag
Atmarpc
audstub
AvgLdx86
AvgMfx86
AvgTdiX
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
eeCtrl
Fdc
Fips
Flpydisk
HidUsb
hpn
HSFHWBS2
HSF_DP
HTTP
i2omgmt
i2omp
iaStor
ini910u
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
MailScan
mdmxsdk
mnmdd
Modem
mouhid
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
NAVENG
NAVEX15
NIC1394
NwlnkFlt
NwlnkFwd
ohci1394
Parport
ParVdm
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
rtl8139
SAVRT
SAVRTPEL
sbp2port
Secdrv
Serial
Sfloppy
Simbad
Sparrow
SPBBCDrv
splitter
swmidi
symc810
symc8xx
SymEvent
SYMREDRV
SYMTDI
sym_hi
sym_u3
sysaudio
TDPIPE
TDTCP
tmpreflt
tmxpflt
TosIde
Udfs
ultra
USBAAPL
usbprint
usbscan
usbuhci
ViaIde
Vsapint
Wanarp
WDICA
wdmaud
winachsf
WpdUsb
WudfRd


Services - Running:

CryptSvc
DcomLaunch
Dhcp
Dnscache
Eventlog
helpsvc
lanmanserver
lanmanworkstation
LmHosts
Netman
PlugPlay
RpcSs
SharedAccess
srservice
TermService
WebrootSpySweeperService
winmgmt
WZCSVC


Services - Stopped:

Alerter
ALG
AppMgmt
aspnet_state
Ati
AudioSrv
avg8emc
avg8wd
BITS
Browser
ccEvtMgr
ccProxy
ccPwdSvc
ccSetMgr
CiSvc
ClipSrv
COMSysApp
dmadmin
dmserver
ERSvc
EventSystem
FastUserSwitchingCompatibility
Fax
Fix-It
HidServ
HTTPFilter
IDriverT
ImapiService
ISSVC
LexBceS
MDM
Messenger
mnmsrvc
MSDTC
MSIServer
navapsvc
NetDDE
NetDDEdsdm
Netlogon
Nla
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SAVScan
SCardSvr
Schedule
seclogon
SENS
ShellHWDetection
SNDSrvc
SPBBCSvc
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
Themes
TrkWks
uploadmgr
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSN
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
xmlprov


Files Created/Modified - 60 Days:

sending in 3 parts again. seer1

[seer1]

C:\

Aug 24 2008 8:14:58p 11,776 A.... "C:\avenger.txt"
Jul 28 2008 7:30:42p 37,158 A.... "C:\CybDefInstallInfo.log"
Aug 9 2008 10:47:00p 250,032 A.SHR "C:\ntldr"
Aug 24 2008 8:15:04p 352,321,536 A.SH. "C:\pagefile.sys"
Jul 28 2008 7:14:24p 150 A.... "C:\YServer.txt"


C:\WINDOWS\

Aug 24 2008 8:15:30p 0 A.... "C:\WINDOWS\0.log"
Aug 24 2008 8:15:08p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Aug 9 2008 10:46:24p 1,129 A.... "C:\WINDOWS\cmsetacl.log"
Aug 24 2008 3:10:44a 326,309 A.... "C:\WINDOWS\comsetup.log"
Aug 9 2008 10:46:22p 1,132 A.... "C:\WINDOWS\DtcInstall.log"
Aug 24 2008 3:10:44a 982,068 A.... "C:\WINDOWS\FaxSetup.log"
Aug 24 2008 3:10:44a 152,219 A.... "C:\WINDOWS\iis6.log"
Aug 24 2008 3:10:30a 1,374 A.... "C:\WINDOWS\imsins.BAK"
Aug 24 2008 3:10:44a 1,374 A.... "C:\WINDOWS\imsins.log"
Aug 4 2008 1:18:40a 5,279 A.... "C:\WINDOWS\KB892130.log"
Aug 24 2008 3:10:30a 14,644 A.... "C:\WINDOWS\KB946648.log"
Aug 4 2008 2:59:54p 28,191 A.... "C:\WINDOWS\KB950759-IE7.log"
Aug 24 2008 3:10:06a 19,694 A.... "C:\WINDOWS\KB950974.log"
Aug 24 2008 3:03:24a 8,438 A.... "C:\WINDOWS\KB951066.log"
Aug 24 2008 3:05:14a 32,692 A.... "C:\WINDOWS\KB951072-v2.log"
Aug 4 2008 2:52:14p 20,453 A.... "C:\WINDOWS\KB951748.log"
Aug 24 2008 3:04:52a 14,077 A.... "C:\WINDOWS\KB952287.log"
Aug 24 2008 3:10:44a 19,876 A.... "C:\WINDOWS\KB952954.log"
Aug 24 2008 3:10:16a 13,064 A.... "C:\WINDOWS\KB953839.log"
Aug 24 2008 3:04:34a 18,648 A.... "C:\WINDOWS\KB953838-IE7.log"
Aug 24 2008 3:10:44a 48,852 A.... "C:\WINDOWS\msgsocm.log"
Aug 24 2008 8:25:34p 263,176 A.... "C:\WINDOWS\ntbtlog.txt"
Aug 24 2008 3:10:44a 197,433 A.... "C:\WINDOWS\ntdtcsetup.log"
Aug 24 2008 3:10:44a 474,587 A.... "C:\WINDOWS\ocgen.log"
Aug 24 2008 3:10:44a 53,325 A.... "C:\WINDOWS\ocmsn.log"
Jul 27 2008 8:14:56a 1,523 A.... "C:\WINDOWS\OEWABLog.txt"
Jul 28 2008 6:48:10p 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
Aug 24 2008 6:51:14p 32,582 A.... "C:\WINDOWS\SchedLgU.Txt"
Aug 4 2008 12:10:20a 217,088 A.... "C:\WINDOWS\setupact.log"
Aug 24 2008 5:32:40p 300,658 A.... "C:\WINDOWS\setupapi.log"
Aug 9 2008 11:06:24p 1,961,529 A.... "C:\WINDOWS\spuninst.log"
Aug 10 2008 12:22:20a 195,309 A.... "C:\WINDOWS\spupdsvc.log"
Aug 10 2008 12:08:42a 682 A.... "C:\WINDOWS\spupdsvc.log.1.log"
Jul 28 2008 6:05:02p 126 A.... "C:\WINDOWS\sssTbarSettings.ini"
Jul 27 2008 7:05:04p 74 A.... "C:\WINDOWS\st_affiliate.ini"
Aug 24 2008 5:55:40p 1,419,014 A.... "C:\WINDOWS\svcpack.log"
Aug 24 2008 6:51:12p 1,224 A.... "C:\WINDOWS\TMFilter.log"
Aug 24 2008 3:10:44a 376,232 A.... "C:\WINDOWS\tsoc.log"
Aug 24 2008 3:10:42a 899,676 A.... "C:\WINDOWS\updspapi.log"
Aug 24 2008 6:50:56p 216 A.... "C:\WINDOWS\wiadebug.log"
Aug 24 2008 4:56:18p 49 A.... "C:\WINDOWS\wiaservc.log"
Aug 24 2008 3:00:06a 700 A.... "C:\WINDOWS\win.ini"
Aug 24 2008 8:18:30p 1,132,288 A.... "C:\WINDOWS\WindowsUpdate.log"
Aug 10 2008 12:21:54a 108,996 A.... "C:\WINDOWS\wmsetup.log"
Aug 3 2008 9:59:28p 2 A.... "C:\WINDOWS\CREATOR\BurnInfo.log"
Aug 3 2008 10:25:30p 57,222 A.... "C:\WINDOWS\CREATOR\Creator.log"
Aug 3 2008 10:00:00p 6,117 A.... "C:\WINDOWS\CREATOR\DSplit.log"
Aug 3 2008 9:24:04p 0 A.... "C:\WINDOWS\CREATOR\RPCheck.log"
Aug 3 2008 10:25:36p 2,837 A.... "C:\WINDOWS\CREATOR\STRCDC.ini"
Aug 3 2008 9:59:28p 336 A.... "C:\WINDOWS\CREATOR\Writer.ini"
Aug 24 2008 3:07:58a 13,600 A.... "C:\WINDOWS\Debug\mrt.log"
Aug 24 2008 3:07:58a 5,208 A.... "C:\WINDOWS\Debug\mrteng.log"
Aug 24 2008 8:15:10p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Aug 4 2008 2:03:28a 112 A.... "C:\WINDOWS\EHome\medctrro.cmd"
Aug 23 2008 1:52:30p 157,092 A.... "C:\WINDOWS\Help\iexplore.chw"
Jul 28 2008 8:04:56p 17,836 A.... "C:\WINDOWS\Help\taskbar.chw"
Aug 4 2008 8:45:54a 4,256 A.... "C:\WINDOWS\inf\branches.PNF"
Aug 4 2008 8:45:54a 1,546,392 A.... "C:\WINDOWS\inf\INFCACHE.1"
Jul 27 2008 6:48:52p 3,943 A.... "C:\WINDOWS\inf\oem15.inf"
Jul 27 2008 6:51:20p 9,662 A.... "C:\WINDOWS\inf\oem15.PNF"
Aug 4 2008 8:45:54a 5,536 A.... "C:\WINDOWS\inf\USBkey.PNF"
Aug 3 2008 8:31:20p 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E1B737BB-6EBE-4595-9AC2-545B1593A317}.crmlog"
Aug 3 2008 9:25:48p 48 A.... "C:\WINDOWS\SMINST\COMPAQ"
Aug 3 2008 9:25:48p 42 A.... "C:\WINDOWS\SMINST\DVD"
Aug 3 2008 9:25:48p 40 A.... "C:\WINDOWS\SMINST\RP"
Aug 3 2008 1:57:16p 0 A.... "C:\WINDOWS\system32\9fe991d2-.txt"
Aug 4 2008 3:14:38p 1,382,557 ..SH. "C:\WINDOWS\system32\ablopyeh.ini"
Aug 10 2008 12:15:42a 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb"
Aug 3 2008 3:06:50p 10,520 A.... "C:\WINDOWS\system32\avgrsstx.dll"
Jul 8 2008 3:15:34p 1,747,498 ..SH. "C:\WINDOWS\system32\bvophooi.ini"
Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\es.dll"
Aug 3 2008 9:18:36p 917,504 A.... "C:\WINDOWS\system32\FLASH.OCX"
Jul 26 2008 9:01:30p 1,532,438 ..SH. "C:\WINDOWS\system32\ispfbvab.ini"
Jul 8 2008 3:09:52p 1,747,326 ..SH. "C:\WINDOWS\system32\iwndonnn.ini"
Aug 3 2008 11:13:04p 126 A.... "C:\WINDOWS\system32\mmc.exe.config"
Aug 5 2008 2:11:02p 15,888,504 A.... "C:\WINDOWS\system32\MRT.exe"
Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\mscms.dll"
Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\mshtml.dll"
Aug 10 2008 12:15:42a 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb"
Jul 26 2008 9:01:08p 1,747,086 ..SH. "C:\WINDOWS\system32\rtfkdnwp.ini"
Aug 9 2008 11:03:08p 160 A.... "C:\WINDOWS\system32\spdwnwxp.log"
Jul 14 2008 7:09:18a 62,976 A.... "C:\WINDOWS\system32\tzchange.exe"
Aug 24 2008 3:05:06a 488,344 A.... "C:\WINDOWS\system32\TZLog.log"
Aug 23 2008 1:04:44p 1,158 A.... "C:\WINDOWS\system32\wpa.dbl"
Aug 3 2008 3:13:10p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini"
Aug 3 2008 3:10:54p 777,701 A.SH. "C:\WINDOWS\system32\wyyIRqru.ini2"
Aug 24 2008 6:51:12p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Aug 24 2008 8:25:52p 4,935 A.... "C:\WINDOWS\Temp\scs4.tmp"
Aug 24 2008 12:20:24a 841,530 A.... "C:\WINDOWS\Debug\Setup\UpdSh.bak"
Aug 24 2008 5:55:34p 851,216 A.... "C:\WINDOWS\Debug\Setup\UpdSh.log"
Aug 9 2008 9:39:48p 1,056,768 A.... "C:\WINDOWS\security\Database\Service Pack 3.sdb"
Aug 9 2008 9:39:50p 6,530 A.... "C:\WINDOWS\security\logs\update.log"
Jul 7 2008 4:32:22p 253,952 A.... "C:\WINDOWS\system32\dllcache\es.dll"
Jun 24 2008 12:23:06p 74,240 A.... "C:\WINDOWS\system32\dllcache\mscms.dll"
Jun 24 2008 10:57:40a 3,592,192 A.... "C:\WINDOWS\system32\dllcache\mshtml.dll"
Aug 3 2008 3:06:26p 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys"
Aug 3 2008 3:06:18p 26,824 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"
Aug 3 2008 3:06:44p 76,040 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys"
Aug 17 2008 3:01:14p 17,144 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Aug 17 2008 3:01:18p 38,472 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys "
Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA"
Aug 3 2008 8:17:28p 139,264 A.... "C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK"
Aug 3 2008 8:17:28p 90,104 A.... "C:\WINDOWS\system32\NtmsData\NTMSIDX"
Aug 3 2008 5:59:38p 816 A.... "C:\WINDOWS\system32\NtmsData\NTMSREG"
Aug 9 2008 10:00:50p 1,883 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest"
Aug 9 2008 10:00:52p 1,187 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest"
Aug 9 2008 10:00:52p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a 24bc0.Manifest"
Aug 9 2008 10:00:50p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows .SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest"
Aug 9 2008 10:00:58p 1,822 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.V isualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest"
Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\HDAUDIO_Backup. bak"
Aug 24 2008 5:23:08p 0 A.... "C:\WINDOWS\Debug\Setup\Backup\IE7_Backup.bak"
Aug 24 2008 5:23:08p 4 A.... "C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.b ak"
Aug 9 2008 10:46:32p 755,305 A.... "C:\WINDOWS\pchealth\helpctr\Logs\hcupdate.log "
Aug 3 2008 10:00:00p 409 A.... "C:\WINDOWS\SMINST\Apps\dta\DTA.LST"
Aug 3 2008 10:00:00p 224 A.... "C:\WINDOWS\SMINST\Drv\dta\DTA.LST"
Aug 3 2008 3:06:02p 6,061,540 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg"
Aug 23 2008 8:05:06p 26,556,568 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm"
Aug 23 2008 8:05:06p 67,349 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg"
Aug 23 2008 8:05:06p 211,986 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg"
Aug 3 2008 2:47:06p 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
Aug 24 2008 6:51:28p 12,288 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.e tl"
Aug 4 2008 1:22:42p 24,576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
Aug 24 2008 6:51:10p 1,204 A.... "C:\WINDOWS\system32\spool\PRINTERS\00004.SHD"
Aug 9 2008 11:03:04p 2,774,334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F 8C541AD42E89B7909073.mof"
Aug 9 2008 11:02:54p 15,688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E 2D450EB9E3794DFDA6CF.mof"
Aug 9 2008 11:02:50p 99,856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37AD E6B52EC023F66124985F.mof"
Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy"
Aug 9 2008 10:00:52p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microso ft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy"
Aug 9 2008 10:00:58p 644 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microso ft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy"
Aug 9 2008 10:00:50p 625 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microso ft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy"


C:\Program Files\

Aug 23 2008 3:58:44p 59,302 A.... "C:\Program Files\7-Zip\Uninstall.exe"
Aug 21 2008 5:13:30p 147,456 A.... "C:\Program Files\LimeWire\LimeWire.exe"
Aug 23 2008 2:10:10p 124,404 A.... "C:\Program Files\LimeWire\uninstall.exe"
Aug 17 2008 3:01:14p 380,024 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
Aug 17 2008 3:01:12p 61,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
Aug 17 2008 3:01:12p 1,195,640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Aug 17 2008 3:01:14p 73,336 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
Aug 17 2008 3:01:16p 110,200 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Aug 17 2008 3:01:16p 372,344 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"
Aug 17 2008 3:01:16p 44,664 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
Aug 24 2008 8:04:34p 8,030 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Aug 24 2008 8:03:52p 688,760 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Aug 17 2008 3:01:18p 77,944 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Jul 27 2008 9:19:32p 267,845 A.... "C:\Program Files\Avanquest\Fix-It\tsc.exe"
Aug 3 2008 3:05:50p 540,440 A.... "C:\Program Files\AVG\AVG8\aAvgApi.exe"
Aug 3 2008 3:05:02p 181,528 A.... "C:\Program Files\AVG\AVG8\avg7api.dll"
Aug 3 2008 3:05:02p 945,944 A.... "C:\Program Files\AVG\AVG8\avgabout.dll"
Aug 3 2008 3:05:02p 312,600 A.... "C:\Program Files\AVG\AVG8\avgapix.dll"
Aug 3 2008 3:04:54p 405,272 A.... "C:\Program Files\AVG\AVG8\avgcfgex.exe"
Aug 3 2008 3:04:40p 557,848 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll"
Aug 3 2008 3:05:10p 202,008 A.... "C:\Program Files\AVG\AVG8\avgcmgr.exe"
Aug 3 2008 3:05:08p 1,351,960 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll"
Aug 3 2008 3:05:08p 67,352 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll"
Aug 3 2008 3:04:54p 68,376 A.... "C:\Program Files\AVG\AVG8\avgdumpx.exe"
Aug 3 2008 3:04:58p 873,752 A.... "C:\Program Files\AVG\AVG8\avgemc.exe"
Aug 3 2008 3:05:06p 1,000,728 A.... "C:\Program Files\AVG\AVG8\avgfrw.exe"
Aug 3 2008 3:05:00p 582,424 A.... "C:\Program Files\AVG\AVG8\avginet.dll"
Aug 3 2008 3:05:00p 443,672 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe"
Aug 3 2008 3:04:54p 152,856 A.... "C:\Program Files\AVG\AVG8\avglngx.dll"
Aug 3 2008 3:05:08p 161,048 A.... "C:\Program Files\AVG\AVG8\avglogx.dll"
Aug 3 2008 3:04:58p 170,776 A.... "C:\Program Files\AVG\AVG8\avgmail.dll"
Aug 3 2008 3:04:58p 281,880 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll"
Aug 3 2008 3:04:58p 247,064 A.... "C:\Program Files\AVG\AVG8\avgoff2k.dll"
Aug 3 2008 3:05:48p 79,128 A.... "C:\Program Files\AVG\AVG8\avgpp.dll"
Aug 3 2008 3:05:06p 966,424 A.... "C:\Program Files\AVG\AVG8\avgresf.dll"
Aug 3 2008 3:05:08p 287,000 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe"
Aug 3 2008 3:04:42p 294,168 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll"
Aug 3 2008 3:04:44p 551,192 A.... "C:\Program Files\AVG\AVG8\avgscanx.exe"
Aug 3 2008 3:04:54p 330,520 A.... "C:\Program Files\AVG\AVG8\avgsched.dll"
Aug 3 2008 3:05:08p 99,608 A.... "C:\Program Files\AVG\AVG8\avgse.dll"
Aug 3 2008 3:04:52p 161,048 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe"
Aug 3 2008 3:04:52p 358,168 A.... "C:\Program Files\AVG\AVG8\avgsrmx.dll"
Aug 3 2008 3:05:50p 422,168 A.... "C:\Program Files\AVG\AVG8\avgtbapi.dll"
Aug 3 2008 3:05:50p 2,055,960 A.... "C:\Program Files\AVG\AVG8\avgtoolbar.dll"
Aug 3 2008 3:05:02p 1,232,152 A.... "C:\Program Files\AVG\AVG8\avgtray.exe"
Aug 3 2008 3:05:04p 2,749,720 A.... "C:\Program Files\AVG\AVG8\avgui.exe"
Aug 3 2008 3:05:06p 1,821,976 A.... "C:\Program Files\AVG\AVG8\avguiadv.dll"
Aug 3 2008 3:05:06p 1,948,440 A.... "C:\Program Files\AVG\AVG8\avguires.dll"
Aug 3 2008 3:05:00p 1,066,240 A.... "C:\Program Files\AVG\AVG8\avgupd.dll"
Aug 3 2008 3:05:00p 640,280 A.... "C:\Program Files\AVG\AVG8\avgupd.exe"
Aug 3 2008 3:04:56p 309,528 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll"
Aug 3 2008 3:04:56p 833,304 A.... "C:\Program Files\AVG\AVG8\avgwd.dll"
Aug 3 2008 3:04:56p 231,192 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe"
Aug 3 2008 3:04:58p 223,512 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll"
Aug 3 2008 3:05:10p 308,504 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll"
Aug 3 2008 3:06:00p 18,984 A.... "C:\Program Files\AVG\AVG8\contacts_us.html"
Aug 3 2008 3:06:00p 1,045,128 A.... "C:\Program Files\AVG\AVG8\dbghelp.dll"
Aug 3 2008 3:05:02p 59,069 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat"
Aug 3 2008 3:05:00p 53,528 A.... "C:\Program Files\AVG\AVG8\libsasl.dll"
Aug 3 2008 3:05:00p 18,200 A.... "C:\Program Files\AVG\AVG8\saslcrammd5.dll"
Aug 3 2008 3:05:00p 36,632 A.... "C:\Program Files\AVG\AVG8\sasldigestmd5.dll"
Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\sasllogin.dll"
Aug 3 2008 3:05:00p 16,664 A.... "C:\Program Files\AVG\AVG8\saslplain.dll"
Aug 3 2008 3:05:10p 862,808 A.... "C:\Program Files\AVG\AVG8\setup.dat"
Aug 3 2008 3:05:08p 2,539,800 A.... "C:\Program Files\AVG\AVG8\setup.exe"

part 3 is next

[seer1]

Aug 21 2008 5:13:22p 110,592 A.... "C:\Program Files\LimeWire\lib\jdic.dll"
Aug 21 2008 5:13:20p 90,112 A.... "C:\Program Files\LimeWire\lib\SystemUtilities.dll"
Aug 21 2008 5:13:20p 86,016 A.... "C:\Program Files\LimeWire\lib\SystemUtilitiesA.dll"
Aug 21 2008 5:13:30p 45,056 A.... "C:\Program Files\LimeWire\lib\tray.dll"
Jun 29 2008 11:44:20p 3,612,656 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT"
Jul 3 2008 6:36:56p 12,313,096 A.... "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"
Aug 23 2008 4:17:52p 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
Aug 24 2008 12:54:40a 25,136 A.... "C:\Program Files\Webroot\Spy Sweeper\compressed.dat"
Jul 27 2008 2:11:22a 280,777 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.dat"
Jul 27 2008 2:09:20a 768,634 A.... "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Aug 24 2008 6:35:24p 343,144 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0007NAV~.TMP"
Aug 24 2008 6:00:18p 0 A.... "C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0415NAV~.TMP"
Aug 3 2008 3:05:10p 455,960 A.... "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080823-230608-215.dll"
Aug 4 2008 5:59:12p 399 A.... "C:\Program Files\Avanquest\Fix-It\Updates\AntiVirus_Tables\cfg56.tmp"
Aug 24 2008 6:50:26p 5,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat "
Aug 24 2008 6:50:26p 12,056 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat"
Aug 9 2008 8:24:04p 4,032 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat"
Aug 9 2008 8:24:04p 2,816 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat "
Aug 24 2008 2:51:46a 4,768 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat "
Aug 9 2008 8:24:04p 3,008 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat "
Aug 23 2008 11:07:36p 7,104 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat "
Aug 9 2008 8:24:04p 13,546 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat "
Aug 23 2008 1:16:16p 159 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\Stats. tmp"
Aug 24 2008 5:03:46p 1,332 A.... "C:\Program Files\Compaq Connections\5577497\Users\Default\Data\5f3c\UserPr of.dat"


Files with hidden attributes:

Wed 10 Oct 2007 211 A.SHR --- "C:\BOOT.BAK"
Sat 3 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 3 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT4.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT6.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT5.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT7.tmp"
Tue 15 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT3.tmp"


Program Folders:

b]Add/Remove Programs[/b]:

360Share Pro(remove only)
7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Shockwave Player
ATI Display Driver
AVG Free 8.0
Data Fax SoftModem with SmartCP
HijackThis 2.0.2
Compaq Connections (remove only)
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
PC-Doctor 5 for Windows
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
High Definition Audio Driver Package - KB888111
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Update for Windows XP (KB953356)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Lexmark X1100 Series
LimeWire PRO 4.18.6
LiveReg (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Money 2005
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Adobe Flash Player 9 ActiveX
Norton Internet Security 2005 (Symantec Corporation)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
ATI Control Panel
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Norton Internet Security
Microsoft Plus! Dancer LE
SymNet
J2SE Runtime Environment 5.0
InterVideo WinDVD Player
HP Boot Optimizer
Norton Internet Security
Norton Internet Security
Fix-It Utilities 8 Professional
Norton Internet Security
Norton AntiSpam
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 Redistributable
Spy Sweeper
SPBBC
Microsoft Office Basic Edition 2003
InterVideo WinDVD Player
Adobe® Photoshop® Album Starter Edition 3.2
Norton Internet Security
Norton Internet Security
PC-Doctor 5 for Windows
Adobe Reader 8.1.2
MSRedist
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus 2005
Norton Internet Security
Microsoft .NET Framework 1.1
Compaq Organize
ccCommon
CC_ccProxyExt
HpSdpAppCoreApp
Norton Internet Security
Norton Internet Security
Norton WMI Update
HP Software Update
Norton WMI Update
ccPxyCore
Norton Internet Security
HP Image Zone Express


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"VirusScannerPro"="C:\\PROGRA~1\\AVANQU~1\\Fix-It\\MemCheck.exe"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray. exe"
"PCDrProfiler"=""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ NETWORK

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll schannel.dll digest.dll msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\urqRIyyw\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\webrootspysweeperservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

here is the the last part seer1