Please help . New infection

rizla01

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhidfkkcpkpahaeliapjmohhon"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,
68,6f,65,68,6b,70,00,0c
"madhoahnjofkbbmejiepajomch"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,68,
6f,65,68,6b,70,00,56
"abbaoepgoddjdfkamchgkahkhkddfmehpc"=hex:61,62,6b,68,62,64,67,68,65,6c,67,67,
64,67,6c,6a,64,62,6a,64,63,6d,70,67,70,6a,70,6e,61,6e,6a,63,62,66,00,77
"maoppejgogbliogaieoebfhdhf"=hex:64,62,64,68,6d,66,65,66,6b,65,6e,68,6a,68,6a,
63,64,63,66,69,61,62,70,63,61,68,6c,70,6a,61,6d,68,62,65,69,6a,69,64,6c,6b,\
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naihibmkhoenfhpkbfemdhphimdc"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,
67,63,62,69,66,6c,00,03
"macgobkcfnlbgaobohegbmmnlg"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,67,
63,62,69,66,6c,00,56
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]
"l_encryption_d"="585A4A574A5F"
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(532)
G:\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-02 02:22:55
ComboFix-quarantined-files.txt 2011-03-02 02:22
ComboFix2.txt 2010-11-13 22:58
ComboFix3.txt 2010-11-13 15:49
ComboFix4.txt 2010-11-12 19:52
ComboFix5.txt 2011-03-02 00:49
Pre-Run: 10,124,083,200 bytes free
Post-Run: 10,223,415,296 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TU!!!!!SEKV98 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TU!!!!!SEKV98-BAK
- - End Of File - - 38C48F16A28BB083B2BBBEED469D0BB7


Phew.

Thats the lot.

aliEnRIK

Download HostsXpert (US MIRROR)
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

..............................................................................


Open notepad and copy/paste the text in RED below

File::
c:\windows\Jrumijigo.bin
c:\windows\system32\cpnprtuk.cid
c:\windows\system32\cpnprt2.cid
c:\windows\isRS-000.tmp


Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
(If SNAPSHOT is stupidly large, leave that part out)

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

rizla01

Downloaded and ran the HostsExpert file and got this




haven't gone any further.

PS Had to re-boot this Am as i came down to a blue screen.

Just thought I'd share that with you.:)

aliEnRIK

RIGHT CLICK on hosts and select to RUN AS (admin)

rizla01

Still same problem.

Says unable to login.

I don't seem to have ADMIN available but my name (terry) comes up and as I have not set a password it wont run under that name and no password.

I don't know how to set a password. Would that help. Rik?

aliEnRIK

Follow number 23 from here -
http://www.bleepingcomputer.com/virus-removal/remove-security-tool

rizla01

Well. The infection appears to have gone now.

Thanks for that.

Securia flagged up quite a few weaknesses and I have cured most of 'em but there are a couple that are causing a problem.

opera for example.

securia said it was a problem but Opera wouldn't let me update so I deleted it but Securia still flags it up - Even after a re-boot.

Am I ready to run Combofix yet?

rizla01

ComboFix 11-03-02.01 - Terry 02/03/2011 21:29:28.13.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1592 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terry\Desktop\CFScript.txt
AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FILE ::
"c:\windows\isRS-000.tmp"
"c:\windows\Jrumijigo.bin"
"c:\windows\system32\cpnprt2.cid"
"c:\windows\system32\cpnprtuk.cid"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Jrumijigo.bin
c:\windows\system32\cpnprt2.cid
c:\windows\system32\cpnprtuk.cid
.
((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.
2011-03-02 11:20 . 2011-03-02 11:20

---

d

---

w- c:\program files\Common Files\xing shared
2011-03-02 11:06 . 2011-03-02 11:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 11:06 . 2011-03-02 11:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 10:55 . 2011-03-02 10:55

---

d

---

w- c:\program files\MSECache
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-03-02 10:54 . 2011-03-02 10:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-03-02 10:53 . 2011-03-02 10:53

---

d

---

w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-03-02 10:20 . 2011-03-02 10:20

---

d

---

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-02 10:14 . 2011-03-02 10:14

---

d

---

w- c:\documents and settings\Terry\Local Settings\Application Data\Secunia PSI
2011-03-01 22:34 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-01 17:46 . 2011-03-01 23:47

---

d

---

w- c:\documents and settings\All Users\Application Data\bPfAnNm06300
2011-02-25 10:24 . 2011-02-25 10:24

---

d

---

w- c:\windows\Cache
2011-02-25 10:24 . 2011-02-25 10:24 31 ---ha-w- c:\windows\UKCpInfo.sys
2011-02-18 22:18 . 2011-02-18 22:18

---

d

---

w- c:\documents and settings\All Users\Application Data\Aiseesoft Total Media Converter
2011-02-10 16:15 . 2011-02-10 16:15

---

d

---

w- c:\windows\system32\skins
2011-02-10 16:08 . 2011-02-10 16:08

---

d

---

w- c:\documents and settings\Terry\Application Data\Tordex
2011-02-10 16:08 . 2011-02-10 16:14

---

d

---

w- c:\program files\TrueLaunchBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-02 11:19 . 2008-08-04 22:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 12:30 . 2011-01-21 12:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-17 20:03 . 2011-01-17 20:42 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-01-17 20:02 . 2011-01-17 20:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-01-17 20:02 . 2011-01-17 20:42 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-01 11:35 . 2010-11-02 23:06 695901 ----a-w- c:\windows\system32\unins000.exe
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 13:21 . 2010-11-10 13:39 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440

---

w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2008-12-30 12:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-12-30 12:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-12 11:39 . 2010-12-12 11:39 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2011-03-02_02.19.48"]SnapShot@2011-03-02_02.19.48[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 20:54 . 2009-07-11 20:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 13:40 . 2006-10-26 13:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\system32\drivers\psi_mf.sys
+ 2009-04-30 23:38 . 2011-03-02 10:53 87711 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-02-02 13:46 . 2011-02-02 13:46 98304 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 68536 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-03-02 10:49 . 2011-03-02 10:49 47104 c:\windows\Installer\4b645b.msi
+ 2011-03-02 10:49 . 2011-03-02 10:49 21504 c:\windows\Installer\4b643b.msi
+ 2011-03-02 11:20 . 2011-03-02 11:20 18944 c:\windows\Installer\411c0.msi
+ 2011-03-02 11:19 . 2011-03-02 11:19 92672 c:\windows\Installer\4119f.msi
+ 2011-03-02 10:59 . 2011-03-02 10:59 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F6617.exe
+ 2011-03-02 18:29 . 2011-03-02 18:29 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-09-23 03:47 . 2010-09-23 03:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 02:03 . 2010-09-23 02:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 01:52 . 2010-09-23 01:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 17:12 . 2010-09-22 17:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2007-08-24 05:00 . 2007-08-24 05:00 72096 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2006-10-26 21:07 . 2006-10-26 21:07 67920 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PXBCOM.EXE
- 2010-04-15 22:45 . 2010-04-15 22:45 5632 c:\windows\system32\pndx5032.dll
+ 2010-04-15 22:45 . 2011-03-02 11:20 5632 c:\windows\system32\pndx5032.dll
- 2010-04-15 22:45 . 2010-04-15 22:45 6656 c:\windows\system32\pndx5016.dll
+ 2010-04-15 22:45 . 2011-03-02 11:20 6656 c:\windows\system32\pndx5016.dll
- 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2011-03-02 11:20 . 2011-03-02 11:20 198848 c:\windows\system32\rmoc3260.dll
+ 2010-04-15 22:45 . 2011-03-02 11:19 272896 c:\windows\system32\pncrt.dll
+ 2011-03-02 11:06 . 2011-03-02 11:06 157472 c:\windows\system32\javaws.exe
+ 2011-03-02 11:06 . 2011-03-02 11:06 145184 c:\windows\system32\javaw.exe
+ 2011-03-02 11:06 . 2011-03-02 11:06 145184 c:\windows\system32\java.exe
+ 2008-10-04 09:50 . 2011-03-02 11:01 307600 c:\windows\system32\FNTCACHE.DAT
- 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-02-02 13:46 . 2011-02-02 13:46 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-02-02 13:55 . 2011-02-02 13:55 469944 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159620.exe
+ 2011-02-02 13:35 . 2011-02-02 13:35 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll
- 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-02-02 13:48 . 2011-02-02 13:48 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 798208 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-02-02 13:46 . 2011-02-02 13:46 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-02-02 13:55 . 2011-02-02 13:55 215992 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-02-02 13:47 . 2011-02-02 13:47 135168 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2011-03-02 10:56 . 2011-03-02 10:56 360448 c:\windows\Installer\4b6743.msi
+ 2011-03-02 10:52 . 2011-03-02 10:52 424960 c:\windows\Installer\4b647c.msi
+ 2011-03-02 11:07 . 2011-03-02 11:07 180224 c:\windows\Installer\41101.msi
+ 2011-03-02 11:06 . 2011-03-02 11:06 677376 c:\windows\Installer\410f0.msi
+ 2011-03-02 10:59 . 2011-03-02 10:59 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F66110.exe
+ 2010-09-10 17:17 . 2010-09-10 17:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-22 19:41 . 2010-09-22 19:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-23 03:47 . 2010-09-23 03:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 17:04 . 2010-09-22 17:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 18:39 . 2010-09-22 18:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 17:50 . 2010-09-22 17:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-02-02 13:39 . 2011-02-02 13:39 1019904 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-02-02 13:35 . 2011-02-02 13:35 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-02-02 13:41 . 2011-02-02 13:41 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-19 18:28 . 2008-06-19 18:28 1573376 c:\windows\Installer\658831.msp
+ 2011-03-02 10:59 . 2011-03-02 10:59 1543168 c:\windows\Installer\4b6756.msi
+ 2011-03-02 10:54 . 2011-03-02 10:54 9472000 c:\windows\Installer\4b6732.msi
+ 2010-09-22 17:05 . 2010-09-22 17:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-20 00:51 . 2010-06-20 00:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2007-08-24 05:00 . 2007-08-24 05:00 1767768 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-29 00:19 . 2007-08-29 00:19 1654648 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6215\OGL.DLL
+ 2006-10-26 21:08 . 2006-10-26 21:08 1764112 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PPCNV.DLL
+ 2006-10-27 15:18 . 2006-10-27 15:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 20:42 . 2006-10-26 20:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2008-08-11 11:51 . 2008-08-11 11:51 15916544 c:\windows\Installer\658845.msp
+ 2007-10-14 23:59 . 2007-10-14 23:59 26614784 c:\windows\Installer\65881c.msp
+ 2008-09-24 12:05 . 2008-09-24 12:05 16381440 c:\windows\Installer\43bd3.msp
+ 2008-08-11 11:49 . 2008-08-11 11:49 22457344 c:\windows\Installer\43bbf.msp
+ 2011-03-02 11:06 . 2011-03-02 11:06 11135488 c:\windows\Installer\4117f.msp
+ 2010-09-23 02:03 . 2010-09-23 02:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2006-10-27 15:14 . 2006-10-27 15:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 15:26 . 2006-10-27 15:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\MSO.DLL
.
-- Snapshot reset to current date --

rizla01

Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zentimo xStorage Manager"="g:\zentimo\Zentimo.exe" [2010-10-28 1696080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"@OnlineArmor GUI"="g:\online armor\oaui.exe" [2010-08-27 2356848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"ProcessLassoManagementConsole"="g:\process lasso\processlasso.exe" [2011-01-12 542224]
"ProcessGovernor"="g:\process lasso\processgovernor.exe" [2011-01-12 293904]
"IObit Security 360"="g:\iobit security 360\IS360tray.exe" [2010-06-11 1280344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realone player\update\realsched.exe" [2011-03-02 273544]
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Alienware Dock.lnk - f:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-9-17 2074360]
Moo0 Magnifier 1.09.lnk - c:\magnifier 1.09\Magnifier.exe [2010-9-22 1552384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - g:\psi\psi_tray.exe [2011-1-10 291896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "d:\program files\RecentX\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "G:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "g:\online~1\oaevent.dll" [2010-08-27 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- G:\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Calendar Magic.lnk]
backup=c:\windows\pss\Calendar Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^RecentX.lnk]
backup=c:\windows\pss\RecentX.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Rightmove Desktop.lnk]
backup=c:\windows\pss\Rightmove Desktop.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 01:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 16:19 2402512 ----a-w- g:\advanced systemcare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-09-21 20:18 741376 ----a-w- g:\aquasnap\AquaSnap.Daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
2000-05-11 00:00 205312 ----a-w- c:\program files\Creative\SBLive\AudioHQ\ahqtb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 05:41 329656 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 19:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\captrue.exe]
2008-09-05 16:55 673280

---

w- j:\captrue\captrue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 17:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntegryDESK]
2005-03-22 12:45 618496 ----a-w- i:\integrydesk\IntegryDESK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 18:14 1280344 ----a-w- g:\iobit security 360\is360tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lcafeju]
2008-04-14 00:12 355840 ----a-w- c:\windows\oriregad.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pb_scheduler_agent]
2007-04-19 10:37 44544 ----a-w- g:\premium booster\scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 21:58 160328 ----a-w- d:\roboform\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- i:\spybot - search & destroy\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-23 21:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-14 16:55 10421552 ----a-w- g:\superantispyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-22 11:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2008-11-17 13:04 263456 ----a-w- g:\threatfire\TFTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"TeamViewer4"=2 (0x2)
"idsvc"=3 (0x3)
"NetBurnerService"=3 (0x3)
"IAANTMON"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=2 (0x2)
"a2free"=2 (0x2)
"a2AntiMalware"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"WinDefend"=2 (0x2)
"ReflectService"=2 (0x2)
"AdobeActiveFileMonitor9.0"=2 (0x2)
"Adobe LM Service"=3 (0x3)

rizla01

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29/04/2009 21:56 40560]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17/01/2011 20:42 16024]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [25/12/2008 11:41 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [25/12/2008 11:41 39200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/08/2008 22:01 165584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/08/2008 09:47 133064]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/08/2008 09:47 25160]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [13/12/2008 13:48 84488]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/10/2010 08:44 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/10/2010 08:44 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/10/2010 08:44 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/10/2010 08:44 29272]
R1 SASDIFSV;SASDIFSV;G:\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;G:\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [05/08/2008 08:42 95592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 13:39 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2008 22:01 17744]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [06/09/2007 10:15 5504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/07/2010 00:45 35088]
R2 OAcat;Online Armor Helper Service;g:\online armor\oacat.exe [12/10/2010 08:44 380272]
R2 Secunia PSI Agent;Secunia PSI Agent;g:\psi\PSIA.exe --start-service --> g:\psi\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;g:\psi\sua.exe --start-service --> g:\psi\sua.exe --start-service [?]
R2 SvcOnlineArmor;Online Armor;g:\online armor\oasrv.exe [12/10/2010 08:44 3638240]
R2 VDDriver;Virtual Disk Driver;d:\virtual disk\VDDriver.sys [22/05/2009 12:39 40952]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [03/11/2010 14:08 240976]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [15/05/2010 17:24 36224]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 11:05 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [08/06/2010 18:01 0]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2010 18:01 0]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2011 10:49 136176]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [09/12/2009 09:48 234304]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [04/05/2009 16:42 6656]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [22/08/2010 22:34 16896]
S3 SASENUM;SASENUM;g:\superantispyware\SASENUM.SYS [28/07/2009 09:53 12872]
S3 se_filter;System Explorer Filter Driver;c:\windows\system32\drivers\SE_Filter.sys [02/01/2009 11:18 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [25/12/2008 11:41 33056]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\adobe xx\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06/09/2010 02:19 169408]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [15/05/2010 17:24 134912]
S4 IS360service;IS360service;g:\iobit security 360\is360srv.exe [05/11/2010 13:53 312152]
S4 NetBurnerService;Net Burner iSCSI Service;g:\drive back-up\Net Burner Service\NetBurnerService.exe [13/12/2008 13:48 222984]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [17/01/2011 20:42 220824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/08/2008 08:42 721904]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2011-03-02 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-09-08 05:54]
2011-03-02 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2009-01-12 09:32]
2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-02 10:48]
2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-02 10:48]
2011-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-606747145-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
2011-03-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-606747145-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
2011-03-02 c:\windows\Tasks\User_Feed_Synchronization-{8ED07C76-0A78-4661-870E-CF91F4A2F154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://by150w.bay150.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - [URL]file://d:\roboform\RoboFormComCustomizeIEMenu.html[/URL]
IE: Fill Forms - [URL]file://d:\roboform\RoboFormComFillForms.html[/URL]
IE: Identities Editor - [URL]file://d:\roboform\RoboFormComEditIdent.html[/URL]
IE: Locate Spot on Map by GPS - f:\iexif 2.3\IExifMap.htm
IE: Password Generator - [URL]file://d:\roboform\RoboFormComPasswordGenerator.html[/URL]
IE: RoboForm Toolbar - [URL]file://d:\roboform\RoboFormComShowToolbar.html[/URL]
IE: Save Forms - [URL]file://d:\roboform\RoboFormComSavePass.html[/URL]
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - f:\iexif 2.3\IExifCom.htm
IE: Zoom &in
IE: Zoom &out
Trusted Zone: google.com\maps
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe