Tech Support Forum - View Single Post

Byron_T · 03-09-2007, 06:57 AM

I ran ComboScan again but it is not creating the supplemetary file this time. It looks like the main log is also shorter. I don't know if this is normal or not but I ran it twice and this is all it did. I also have two .exe files that have appeared on my computer. Update.exe has appeared on my desktop and x.exe appeared on the C drive but it looks like it is gone now(?).Thanks in advance for any help you provide and don't worry about the delay, I know you stay busy with everything.

ComboScan v20070221.16 run by Byron on 2007-03-09 at 07:47:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Byron.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:47:47 AM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\eAcceleration\OnAccess\dguard.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\eAcceleration\OnAccess\OnAccess.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eAcceleration\OnAccess\scan.exe
C:\Documents and Settings\Byron\Desktop\comboscan.exe
C:\Program Files\HijackThis\Byron.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alaweb.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alaweb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AlaWeb Internet Services
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 12.129.205.209 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing)
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O2 - BHO: (no name) - {ED000712-05BF-4193-B0AA-2C992EB291A6} - C:\WINDOWS\system32\fgbofgb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [WebScan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\OnAccess.exe" -e
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alaweb.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1170442429653
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170442419824
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: lzxyepaw - C:\WINDOWS\SYSTEM32\fgbofgb.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

-- Files created between 2007-02-09 and 2007-03-09 ------------------------------

2007-02-26 21:10:03 29852 --a------ C:\WINDOWS\awbtby.exe
2007-02-22 16:57:59 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-22 13:19:14 0 d-------- C:\Documents and Settings\Byron\Application Data\Lavasoft
2007-02-22 13:17:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-22 13:12:25 21312 --a------ C:\WINDOWS\choice.exe
2007-02-22 13:10:53 0 d-------- C:\ie-spyad
2007-02-22 13

46 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-22 13:04:04 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 12:31:16 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-22 12:26:24 0 d-------- C:\Program Files\Lavasoft
2007-02-22 12:25:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-15 09:22:26 38912 --a------ C:\WINDOWS\system32\mfifirtf.dll
2007-02-15 09:22:25 111616 --a------ C:\WINDOWS\system32\lgysgcvc.dll
2007-02-15 08:50:58 76800 --a------ C:\WINDOWS\system32\fgbofgb.dll
2007-02-15 08:50:54 154624 --a------ C:\WINDOWS\system32\gqebeaaa.exe
2007-02-15 08:50:48 16384 --a------ C:\WINDOWS\system32\dtuwaaaa.exe
2007-02-15 08:50:42 1046 --a------ C:\WINDOWS\system32\gngddbtm.exe
2007-02-15 08:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-15 08:16:13 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>

-- Find3M Report ----------------------------------------------------------------

2007-03-07 07:39:14 0 d-------- C:\Documents and Settings\Byron\Application Data\eAcceleration<EACCEL~1>
2007-02-22 17:13:13 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-22 17:11:24 0 d-------- C:\Program Files\FinePixViewer<FINEPI~1>
2007-02-22 17:10:53 0 d-------- C:\Program Files\Common Files\eAcceleration<EACCEL~1>
2007-02-20 20:36:46 0 d---s---- C:\Documents and Settings\Byron\Application Data\Microsoft<MICROS~1>
2007-02-15 08:42:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-15 08:17:14 6 --a------ C:\Documents and Settings\Byron\Application Data\dm.ini
2007-02-15 08:17:14 1547 --a------ C:\Documents and Settings\Byron\Application Data\AdobeDLM.log
2007-02-15 08:16:58 0 d-------- C:\Documents and Settings\Byron\Application Data\Adobe

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WebScan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"eanth_system_patcher"="\"C:\\Program Files\\Acceleration Software\\SystemPatcher\\sys_alert.exe\" /Startup"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"StopSignSsTsMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"StopSignSsFwMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\StopSignProducts\\Firewall\\ssfwmon.dll\",VerifyStatus"
"SoftwareStation"="\"C:\\Program Files\\eAcceleration\\Station\\station.exe\" /b Startup"
"AGRSMMSG"="AGRSMMSG.exe"
"OnAccess"="\"C:\\Program Files\\eAcceleration\\OnAccess\\OnAccess.exe\" -e"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}"="eAcceleration OnAccess"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lzxyepaw

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-03-09 at 07:48:04 -------------------------

03-09-2007, 06:57 AM	#5 (permalink)
Byron_T Registered User Join Date: Feb 2007 Location: Andalusia, AL Posts: 15 OS: Windows XP	I ran ComboScan again but it is not creating the supplemetary file this time. It looks like the main log is also shorter. I don't know if this is normal or not but I ran it twice and this is all it did. I also have two .exe files that have appeared on my computer. Update.exe has appeared on my desktop and x.exe appeared on the C drive but it looks like it is gone now(?).Thanks in advance for any help you provide and don't worry about the delay, I know you stay busy with everything. ComboScan v20070221.16 run by Byron on 2007-03-09 at 07:47:12 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Byron.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 7:47:47 AM, on 3/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\eAcceleration\Station\station.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\eAcceleration\OnAccess\dguard.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\eAcceleration\OnAccess\OnAccess.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\eAcceleration\OnAccess\scan.exe C:\Documents and Settings\Byron\Desktop\comboscan.exe C:\Program Files\HijackThis\Byron.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alaweb.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alaweb.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AlaWeb Internet Services F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 12.129.205.209 search.netscape.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing) O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O2 - BHO: (no name) - {ED000712-05BF-4193-B0AA-2C992EB291A6} - C:\WINDOWS\system32\fgbofgb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [WebScan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\OnAccess.exe" -e O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.alaweb.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1170442429653 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170442419824 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: lzxyepaw - C:\WINDOWS\SYSTEM32\fgbofgb.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- Files created between 2007-02-09 and 2007-03-09 ------------------------------ 2007-02-26 21:10:03 29852 --a------ C:\WINDOWS\awbtby.exe 2007-02-22 16:57:59 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-02-22 13:19:14 0 d-------- C:\Documents and Settings\Byron\Application Data\Lavasoft 2007-02-22 13:17:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1> 2007-02-22 13:12:25 21312 --a------ C:\WINDOWS\choice.exe 2007-02-22 13:10:53 0 d-------- C:\ie-spyad 2007-02-22 1346 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2> 2007-02-22 13:04:04 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-02-22 12:31:16 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-22 12:26:24 0 d-------- C:\Program Files\Lavasoft 2007-02-22 12:25:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-02-15 09:22:26 38912 --a------ C:\WINDOWS\system32\mfifirtf.dll 2007-02-15 09:22:25 111616 --a------ C:\WINDOWS\system32\lgysgcvc.dll 2007-02-15 08:50:58 76800 --a------ C:\WINDOWS\system32\fgbofgb.dll 2007-02-15 08:50:54 154624 --a------ C:\WINDOWS\system32\gqebeaaa.exe 2007-02-15 08:50:48 16384 --a------ C:\WINDOWS\system32\dtuwaaaa.exe 2007-02-15 08:50:42 1046 --a------ C:\WINDOWS\system32\gngddbtm.exe 2007-02-15 08:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-02-15 08:16:13 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2> -- Find3M Report ---------------------------------------------------------------- 2007-03-07 07:39:14 0 d-------- C:\Documents and Settings\Byron\Application Data\eAcceleration<EACCEL~1> 2007-02-22 17:13:13 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-02-22 17:11:24 0 d-------- C:\Program Files\FinePixViewer<FINEPI~1> 2007-02-22 17:10:53 0 d-------- C:\Program Files\Common Files\eAcceleration<EACCEL~1> 2007-02-20 20:36:46 0 d---s---- C:\Documents and Settings\Byron\Application Data\Microsoft<MICROS~1> 2007-02-15 08:42:22 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-15 08:17:14 6 --a------ C:\Documents and Settings\Byron\Application Data\dm.ini 2007-02-15 08:17:14 1547 --a------ C:\Documents and Settings\Byron\Application Data\AdobeDLM.log 2007-02-15 08:16:58 0 d-------- C:\Documents and Settings\Byron\Application Data\Adobe -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WebScan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k" "eanth_system_patcher"="\"C:\\Program Files\\Acceleration Software\\SystemPatcher\\sys_alert.exe\" /Startup" "diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\"" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "StopSignSsTsMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus" "StopSignSsFwMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\StopSignProducts\\Firewall\\ssfwmon.dll\",VerifyStatus" "SoftwareStation"="\"C:\\Program Files\\eAcceleration\\Station\\station.exe\" /b Startup" "AGRSMMSG"="AGRSMMSG.exe" "OnAccess"="\"C:\\Program Files\\eAcceleration\\OnAccess\\OnAccess.exe\" -e" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}"="eAcceleration OnAccess" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "system"="C:\\WINDOWS\\csrss.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lzxyepaw [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of ComboScan: finished at 2007-03-09 at 07:48:04 -------------------------