Thanks for your prompt reply. Below and attached is the additional information you asked for. I thought I should also mention a couple of other things that may or may/not matter.
I ran a LOT of different programs to clean this up so I'm sorry I wasn't very specific in my first post. I also had a-squared malware remover installed, ran it once and uninstalled it b/c it was annoying.
I have been using a usb wireless network adapter to connect to dsl for updates and downloads. I will be uninstalling this before returning the pc to my nephew.
The BHO object that refers to the cabine.dll file that was deleted caused HJT to come up to a blank white screen and do nothing when I checked and tried to fix that item.
Could the fact that the system only has 256MB of RAM and I've installed SP2 and IE7 and done all the updates be some of the reason it runs so slow? Or do you think it is all spyware/malware/virus related?
Thanks in advance.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 19:26:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
5: 2008-01-11 01:26:45 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-01-11 01:24:54 UTC - RP4 - Software Distribution Service 3.0
3: 2008-01-11 01:09:19 UTC - RP3 - Software Distribution Service 3.0
2: 2008-01-10 03:52:24 UTC - RP2 - After clean
1: 2008-01-10 03:51:08 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:55 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1198733508546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\HPSelect\profsywuylel.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Hewlett-Packard\profsywuylel.html
--
End of file - 6274 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071228-221937-229 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20071228-222048-856 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20071228-222306-946 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080106-194753-302 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080106-194753-626 O2 - BHO: (no name) - {B8A9A434-68DB-4457-8F2D-38E678F503C1} - C:\WINDOWS\System32\xxptxxgt.dll (file missing)
backup-20080106-194753-875 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080106-194855-977 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-193855-823 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195031-199 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/
backup-20080107-195031-230 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
backup-20080107-195031-415 O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
backup-20080107-195031-427 O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
backup-20080107-195031-772 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195618-996 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195953-424 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-200051-292 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080109-200000-140 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-200001-161 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20080109-200001-213 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080109-200001-398 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20080109-200001-566 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20080109-200003-593 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080109-200115-644 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-201558-414 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-201836-444 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-225515-770 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-230823-777 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 nnexavdc - c:\windows\system32\drivers\sfopkbcu.dat
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 CSRML (Windows Client/Server Runtime Management Layer) -
S2 Microsoft register shield -
S2 MSDisk (Network helper Service) -
S2 Performance Monitor -
S2 wms (Windows Management Service) -
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-01-10 19:05:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-11 20:12:00 344 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1073876945.job
-- Files created between 2007-12-10 and 2008-01-10 -----------------------------
2008-01-10 19:08:40 0 d-------- C:\WINDOWS\LastGood
2008-01-09 21:31:19 0 d-------- C:\WINDOWS\network diagnostic
2008-01-09 21:02:49 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-07 20:18:08 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-01-06 21:51:07 0 d-------- C:\Program Files\Windows Defender
2008-01-06 19:11:14 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-06 19:01:22 0 d-------- C:\WINDOWS\Prefetch
2008-01-06 18:25:51 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 16:19:58 0 d-------- C:\Program Files\My Drivers
2008-01-06 14:40:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-06 14:40:07 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 22:27:58 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-12-30 21:40:17 0 d-------- C:\WINDOWS\peernet
2007-12-30 21:40:15 0 d-------- C:\WINDOWS\provisioning
2007-12-30 21:36:35 0 d-------- C:\WINDOWS\ServicePackFiles
2007-12-30 21:22:19 0 d-------- C:\WINDOWS\EHome
2007-12-30 15:51:20 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-30 15:50:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-30 14:44:45 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-28 20:41:18 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:18 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:17 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:17 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-12-28 20:41:16 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-12-28 20:41:08 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-12-28 20:41:07 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-12-28 20:41:07 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:06 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:06 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:05 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:04 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:04 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:03 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:02 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:01 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:01 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:40:59 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:28:43 0 d-------- C:\Program Files\MSXML 4.0
2007-12-28 20:26:55 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-28 20:26:55 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2007-12-27 00:03:18 0 d-------- C:\WINDOWS\system32\bits
2007-12-26 23:32:04 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-26 23:31:37 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-26 21:14:34 0 d-------- C:\Program Files\Trend Micro
2007-12-23 22:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-23 22:54:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 21:32:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 21:22:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-23 21:21:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-20 23:10:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-20 23:03:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-12-20 23:03:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 22:25:24 0 d-------- C:\WINDOWS\pss
2007-12-20 21:31:28 0 d-------- C:\Program Files\Alwil Software
2007-12-20 21:12:51 0 d-------- C:\Program Files\Lavasoft
2007-12-20 21:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-20 20:04:07 0 d-------- C:\Program Files\EliteProtector
2007-12-20 20:04:02 163709 --a------ C:\Documents and Settings\Administrator\Application Data\antivirus.exe
2007-12-20 20:02:21 402944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
2007-12-20 19:58:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 19:57:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-20 19:55:33 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-20 19:55:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-20 19:55:32 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
-- Find3M Report ---------------------------------------------------------------
2008-01-09 20:36:06 0 d-------- C:\Program Files\Common Files
2008-01-09 20:34:39 0 d-------- C:\Program Files\Microsoft Money
2008-01-06 18:46:10 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-06 15:49:42 0 d-------- C:\Program Files\Messenger
2007-12-30 21:40:19 0 d-------- C:\Program Files\Movie Maker
2007-12-30 21:35:57 0 d-------- C:\Program Files\Windows NT
2007-12-30 14:41:51 0 d-------- C:\Program Files\Java
2007-12-26 23:47:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 23:33:24 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 20:46:45 0 d-------- C:\Program Files\QuickTime
2007-12-23 20:46:20 0 d-------- C:\Program Files\My Movies
2007-12-21 00:11:55 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-21 00:10:11 0 d-------- C:\Program Files\HPSelect
2007-12-20 21:47:41 0 d-------- C:\Program Files\??stem
2007-12-20 21:46:37 0 d-------- C:\Program Files\Microsoft Security Adviser
2007-12-05 16:28:46 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-02 14:05:14 1099310 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-12-01 15:36:19 0 d-------- C:\Program Files\UltimateBet
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A21E5B-E082-4B63-8CCE-EFC534DD934D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 11:04 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 07:25 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 06:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 06:00 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\HPSelect\profsywuylel.html
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\Hewlett-Packard\profsywuylel.html
FriendlyName=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
-- End of Deckard's System Scanner: finished at 2008-01-10 19:29:34 ------------