Tech Support Forum - View Single Post

Byron_T · 03-09-2007, 07:36 AM

Here is what you asked for.

ComboScan v20070221.16 run by Byron on 2007-03-09 at 08:21:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Byron.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:21:51 AM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\eAcceleration\OnAccess\dguard.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\eAcceleration\OnAccess\OnAccess.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eAcceleration\OnAccess\scan.exe
C:\Documents and Settings\Byron\desktop\comboscan.exe
C:\Program Files\HijackThis\Byron.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alaweb.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alaweb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AlaWeb Internet Services
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 12.129.205.209 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Image Helper - {31677ADF-17D9-5516-E17D-3E459D631863} - C:\WINDOWS\system\bplctw32.dll (file missing)
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O2 - BHO: (no name) - {ED000712-05BF-4193-B0AA-2C992EB291A6} - C:\WINDOWS\system32\fgbofgb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [WebScan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\Acceleration Software\StopSignProducts\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\OnAccess.exe" -e
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alaweb.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1170442429653
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170442419824
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: lzxyepaw - C:\WINDOWS\SYSTEM32\fgbofgb.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - %1
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3S basic2 - C:\WINDOWS\system32\drivers\HSF_BSC2.sys
1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys
1R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys
1R cdudf_xp - C:\WINDOWS\system32\drivers\cdudf_xp.sys
3S dvd_2K - C:\WINDOWS\system32\drivers\Dvd_2k.sys
3R E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
2R Fallback - C:\WINDOWS\system32\drivers\HSF_FALL.sys
2R Fsks - C:\WINDOWS\system32\drivers\HSF_FSKS.sys
0R fwcore - C:\WINDOWS\system32\drivers\fwcore.sys
3S HCF_MSFT - C:\WINDOWS\system32\drivers\HCF_MSFT.sys
3S HSFHWBS2 - C:\WINDOWS\system32\drivers\hsfbs2s2.sys
3S HSF_DP - C:\WINDOWS\system32\drivers\hsfdpsp2.sys
3S hsf_msft - C:\WINDOWS\system32\drivers\HSF_MSFT.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R K56 - C:\WINDOWS\system32\drivers\HSF_K56K.sys
0R lqwkkueq (Microsoft RPC API Helper) - C:\WINDOWS\system32\drivers\hdzxgjen.sys (not found)
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3R mmc_2K - C:\WINDOWS\system32\drivers\Mmc_2k.sys
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3S Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys
3S NtMtlFax - C:\WINDOWS\system32\drivers\ntmtlfax.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
1R OMCI - C:\WINDOWS\system32\drivers\omci.sys
3R P16X (Creative SB Live! Series (WDM)) - C:\WINDOWS\system32\drivers\P16X.sys
2R PfModNT - C:\WINDOWS\system32\PFMODNT.SYS
1R pwd_2k - C:\WINDOWS\system32\drivers\pwd_2K.sys
0R RecAgent - C:\WINDOWS\system32\drivers\recagent.sys
3S Rksample - C:\WINDOWS\system32\drivers\HSF_SAMP.sys
1S SbcpHid - C:\WINDOWS\system32\drivers\SbcpHid.sys
3S Slntamr (Smart Link 56K Modem Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
3S SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
2R SoftFax - C:\WINDOWS\system32\drivers\HSF_FAXX.sys
2R SpeakerPhone - C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2R Tones - C:\WINDOWS\system32\drivers\HSF_TONE.sys
1R UdfReadr_xp - C:\WINDOWS\system32\drivers\udfreadr_xp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
2R V124 - C:\WINDOWS\system32\drivers\HSF_V124.sys
3S winachsf - C:\WINDOWS\system32\drivers\hsfcxts2.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R FWService - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\FWService.exe -Service
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\Imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SLService (SmartLinkService) - slserv.exe
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
3R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{44D932F2-9F4A-4C8C-AB75-991707832F89}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs

-- Files created between 2007-02-09 and 2007-03-09 ------------------------------

2007-02-26 21:10:03 29852 --a------ C:\WINDOWS\awbtby.exe
2007-02-22 16:57:59 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-22 13:19:14 0 d-------- C:\Documents and Settings\Byron\Application Data\Lavasoft
2007-02-22 13:17:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-22 13:12:25 21312 --a------ C:\WINDOWS\choice.exe
2007-02-22 13:10:53 0 d-------- C:\ie-spyad
2007-02-22 13

46 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-22 13:04:04 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 12:31:16 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-22 12:26:24 0 d-------- C:\Program Files\Lavasoft
2007-02-22 12:25:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-15 09:22:26 38912 --a------ C:\WINDOWS\system32\mfifirtf.dll
2007-02-15 09:22:25 111616 --a------ C:\WINDOWS\system32\lgysgcvc.dll
2007-02-15 08:50:58 76800 --a------ C:\WINDOWS\system32\fgbofgb.dll
2007-02-15 08:50:54 154624 --a------ C:\WINDOWS\system32\gqebeaaa.exe
2007-02-15 08:50:48 16384 --a------ C:\WINDOWS\system32\dtuwaaaa.exe
2007-02-15 08:50:42 1046 --a------ C:\WINDOWS\system32\gngddbtm.exe
2007-02-15 08:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-15 08:16:13 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>

-- Find3M Report ----------------------------------------------------------------

2007-03-07 07:39:14 0 d-------- C:\Documents and Settings\Byron\Application Data\eAcceleration<EACCEL~1>
2007-02-22 17:13:13 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-22 17:11:24 0 d-------- C:\Program Files\FinePixViewer<FINEPI~1>
2007-02-22 17:10:53 0 d-------- C:\Program Files\Common Files\eAcceleration<EACCEL~1>
2007-02-20 20:36:46 0 d---s---- C:\Documents and Settings\Byron\Application Data\Microsoft<MICROS~1>
2007-02-15 08:42:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-15 08:17:14 6 --a------ C:\Documents and Settings\Byron\Application Data\dm.ini
2007-02-15 08:17:14 1547 --a------ C:\Documents and Settings\Byron\Application Data\AdobeDLM.log
2007-02-15 08:16:58 0 d-------- C:\Documents and Settings\Byron\Application Data\Adobe

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WebScan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"
"eanth_system_patcher"="\"C:\\Program Files\\Acceleration Software\\SystemPatcher\\sys_alert.exe\" /Startup"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"StopSignSsTsMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\Anti-Virus\\sstsmon.dll\",VerifyStatus"
"StopSignSsFwMon"="Rundll32.exe \"C:\\Program Files\\Acceleration Software\\StopSignProducts\\Firewall\\ssfwmon.dll\",VerifyStatus"
"SoftwareStation"="\"C:\\Program Files\\eAcceleration\\Station\\station.exe\" /b Startup"
"AGRSMMSG"="AGRSMMSG.exe"
"OnAccess"="\"C:\\Program Files\\eAcceleration\\OnAccess\\OnAccess.exe\" -e"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}"="eAcceleration OnAccess"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lzxyepaw

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-03-09 at 08:22:10 -------------------------