((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 68856]
"Google Update"="c:\users\Mark & Adriana\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-5-17 303104]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-6-27 2641920]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-5-3 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mark & Adriana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^realshed.old]
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,bf,f9,b7,11,eb,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3184346778-380610952-3069833314-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{66DD937E-AE3C-4248-8276-E03B0E662FC4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5A419130-C26E-4A4D-95D9-EA35767E4F2C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D1266DD3-3A9B-4EB2-9CE7-88D472AF7EF7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{2E15ED65-ABB2-4DDE-AE38-1D4D7D2E9AAA}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{A022D2AA-4EFE-4FDB-BA2E-1D99FE6B21EB}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{4DCE4B7C-3F06-4B9F-A0F1-8D893C290A69}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{48F8ABC9-AF9C-43D5-A12E-B134139A5FF3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{020FC91C-96A9-4C91-B3A0-F29D11107746}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6B92138C-67A5-4CBE-897A-6DF31C6689F7}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{4B71DD2E-475F-4A17-AB05-5C57A59EC1D6}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{371BF024-100B-4DE6-9863-47BC453D9E9A}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{A0F9FC39-EBE6-49EC-B900-EBFCF158336A}c:\\program files\\attractel\\zoiper\\zoiper.exe"= UDP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"UDP Query User{A1A5E757-DF8A-4A37-AAE2-0FAAEC044513}c:\\program files\\attractel\\zoiper\\zoiper.exe"= TCP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"TCP Query User{89288A4F-B931-444A-B74F-701B2BF28AC2}c:\\program files\\attractel\\zoiper\\zoiper.exe"= UDP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"UDP Query User{65127F06-2351-4BB3-B308-E0BAAA0D8C0A}c:\\program files\\attractel\\zoiper\\zoiper.exe"= TCP:c:\program files\attractel\zoiper\zoiper.exe:Zoiper
"TCP Query User{F2E131E7-AD40-4103-ADD2-2DE4F67D3340}c:\\users\\mark & adriana\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\mark & adriana\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{EBBD88EB-EA08-4DCE-B9BE-AA69636D6C48}c:\\users\\mark & adriana\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\mark & adriana\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{AAD24E5F-CA5A-47FF-A83B-0D8A2C8D6E18}c:\\program files\\acoo browser\\acoobrowser.exe"= UDP:c:\program files\acoo browser\acoobrowser.exe:Acoo Browser
"UDP Query User{1EBE616F-AF7E-41B2-8335-E53200C5A3E8}c:\\program files\\acoo browser\\acoobrowser.exe"= TCP:c:\program files\acoo browser\acoobrowser.exe:Acoo Browser
"{726022BF-3003-4960-A583-9B25E32F0059}"= UDP:c:\program files\3\3Connect\Wilog.exe:3Connect
"{E8286F86-E4BE-4F29-A229-1837B0AD7A7A}"= TCP:c:\program files\3\3Connect\Wilog.exe:3Connect
"{4C0EF1F6-2C01-4971-ADD9-1F8DD1294879}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A4C07ECF-D017-4649-B8B2-C970E2E04BA7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{571BC4B4-0AAF-47E6-9561-18C2CFA42A97}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{40E2B9D4-F3A2-4102-9E6F-91BE519FB1EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{50A18888-BBD9-4202-B406-9FFAD309735C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5CE03319-483A-45BD-BBD7-1AD9D875D94F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AE9FABBC-3704-4057-8378-67E0D627B3BF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EE0BEC18-39EA-46C8-993C-24E184969E99}c:\\users\\mark & adriana\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\mark & adriana\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{20CEC1CB-DCB2-4582-BEC9-272E74CC827F}c:\\users\\mark & adriana\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\mark & adriana\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{722DAD41-54E8-410A-83FC-42318CE5BFCD}c:\\windows\\system32\\cmds.exe"= UDP:c:\windows\system32\cmds.exe:
"UDP Query User{44A2D863-79A0-444A-942D-FA63A34B9A3E}c:\\windows\\system32\\cmds.exe"= TCP:c:\windows\system32\cmds.exe:
"TCP Query User{D42D54D3-E89C-4E7A-A657-30B1A005C81B}c:\\users\\mark & adriana\\appdata\\roaming\\twain_x86.exe"= UDP:c:\users\mark & adriana\appdata\roaming\twain_x86.exe:twain_x86.exe
"UDP Query User{BC2A4E12-53E8-4496-B829-9256BAB54560}c:\\users\\mark & adriana\\appdata\\roaming\\twain_x86.exe"= TCP:c:\users\mark & adriana\appdata\roaming\twain_x86.exe:twain_x86.exe
"TCP Query User{5D049E69-6B76-45B3-99CA-7E59C4842937}c:\\windows\\system32\\cmds.exe"= UDP:c:\windows\system32\cmds.exe:
"UDP Query User{ED8DCD26-C8E0-4539-83F2-6B029E44A121}c:\\windows\\system32\\cmds.exe"= TCP:c:\windows\system32\cmds.exe:
"{F442AE91-7D56-4ACD-9219-9139DCE7464E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F7BB48E-7A01-41AE-962A-BCA285F5D966}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D08CA669-8B62-4611-819F-58D394FC5EE5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A400437-A316-4CBD-B140-63A06361ECE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29/07/2009 20:45 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/08/2009 16:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/08/2009 16:25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04/08/2009 16:25 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 08:49 1029456]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [22/08/2007 13:53 7168]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [03/05/2009 23:06 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 11:08 533360]
S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 08:51 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3fuInternet Settings,ProxyServer = 85.31.89.222:8080
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -
hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cabFF - ProfilePath - c:\users\MARK&A~1\AppData\Roaming\Mozilla\Firefox\Profiles\6optvrgw.default\
FF - prefs.js: browser.startup.homepage -
hxxp://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3fFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\