Alright recent;y some of my websites have been being redirected to megaclick(I have a wiki and the help section on howe to managwe the site gets redirected) anyway wiki told me to look how to remove megaclick and here I am, I ran "HighjackThis" and I have no clue what to do after scanning, here's what came from the log.


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:48 PM, on 5/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SurfingAdvisor - {08111E97-AB7D-B099-1D3F-F88F47E13432} - C:\Program Files\SurfingAdvisor\SurfingAdvisor-2.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: cpmsky browser optimizer - {477dfee7-cd74-aec0-169a-d8fe95706c3b} - C:\Windows\system32\utzezwrobbpvj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! ¤uØć¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [{1feac01f-e6b8-ea41-4935-c7d7368699bb}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\utzezwrobbpvj.dll" DllStart
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MbarInstall] C:\Users\Bill\AppData\Local\Temp\tem8B86.tmp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.5;MEGAUPLOAD 1.0 (.NET CLR 3.5.30729)" -"http://health.howstuffworks.com/human-reproduction.htm/printable"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14117 bytes

Hello Da Doom Guy,

Welcome to Geekstogo.

There is infection showing there. Lets try this one.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

Combofix file first:
ComboFix 09-05-17.08 - Bill 05/18/2009 16:06.1 - NTFSx86
Running from: c:\users\Bill\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I0BT8A9.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I0ZLY1C.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I1GPWRI.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I1SYZMH.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I244J5U.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I3AZUVW.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I3FBLV6.ini
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I5P0G5O.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I6263XN
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I7XNV8T.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I85MYEW.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I8MP8JE.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I95EET2.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I9QDEN8.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$I9W9OW0.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IA6WZSB
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IASJJEP.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ICZTUTY
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IDFL7B0.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IE4MU0D.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IECSDCB
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IFDETRR.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IFNZXZV.jpg
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IFSNKV9.rtf
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IHGJGHO.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IICPRL6.rtf
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IIFCRJ2.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IJ97E6D.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IKPV3WM.rtf
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IKY94VL.ini
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ILPTQM9.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ILXRUS3.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IM5EQ94.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IMUI9JJ.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$INB6ZZA.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$INLZTTK.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IPER030.mp3
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IQ90S3S.flp
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IQHY4MT.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IQRM67M.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IR3LWC1.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IR9MUVU.png
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ISFZ7O6.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ISYOQW9.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IT93MK0
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$ITHZY03
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IV4KZRW.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IV77E67.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IX3ZWBD.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IXJZTXE.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IY25G5D.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IYF5GZ4.lnk
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IZ7AF2M.exe
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IZ9HSP7.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IZCYCG0.zip
c:\$recycle.bin\S-1-5-21-269047593-2358176518-1712421543-1001\$IZHDTIE.zip
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
c:\users\Bill\AppData\Roaming\Privacy components
c:\users\Bill\AppData\Roaming\Privacy components\dbases\cg.dat
c:\users\Bill\AppData\Roaming\Privacy components\dbases\mw.dat
c:\users\Bill\AppData\Roaming\Privacy components\dbases\rd.dat
c:\users\Bill\AppData\Roaming\Privacy components\dbases\sc.dat
c:\users\Bill\AppData\Roaming\Privacy components\dbases\sm.dat
c:\users\Bill\AppData\Roaming\Privacy components\dbases\sp.dat
c:\users\Bill\AppData\Roaming\Privacy components\keys\cg.key
c:\users\Bill\AppData\Roaming\Privacy components\keys\rd.key
c:\users\Bill\AppData\Roaming\Privacy components\keys\sc.key
c:\users\Bill\AppData\Roaming\Privacy components\keys\sp.key
c:\users\Bill\AppData\Roaming\Privacy components\temp\settings.ini
c:\users\Bill\AppData\Roaming\Privacy components\temp\spfilter
c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntfNT.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 01:13 . 2009-05-18 14:01 31776 ----a-w c:\programdata\nvModes.dat
2009-05-18 01:13 . 2009-05-18 14:01 31776 ----a-w c:\users\All Users\nvModes.dat
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w c:\windows\system32\AGEIA
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w c:\program files\AGEIA Technologies
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w c:\program files\SystemRequirementsLab
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w c:\users\Bill\AppData\Roaming\SystemRequirementsLab
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w c:\program files\CONEXANT
2009-05-13 21:29 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-13 21:29 . 2009-05-13 21:32 -------- d-----w c:\program files\SpywareBlaster
2009-05-13 20:45 . 2009-05-13 20:45 -------- d-----w c:\program files\Trend Micro
2009-05-06 00:09 . 2009-05-06 00:16 -------- d-----w c:\program files\epsxe170
2009-05-06 00:05 . 2009-05-06 00:05 -------- d-----w c:\users\Bill\AppData\Roaming\fltk.org
2009-05-04 02:25 . 2009-05-04 02:25 -------- d-----w c:\program files\Microsoft.NET
2009-05-03 19:41 . 2009-05-03 19:41 -------- d-----w C:\NESten
2009-05-03 18:19 . 2009-05-03 18:19 -------- d-----w c:\users\Bill\AppData\Roaming\.bsnes
2009-05-03 15:44 . 2009-05-03 15:51 -------- d-----w c:\program files\GCFScape
2009-05-01 04:08 . 2009-05-01 04:08 1194528 ----a-w c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2009-05-01 04:08 1292832 ----a-w c:\windows\system32\nvsvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 13781536 ----a-w c:\windows\system32\nvcpl.dll
2009-05-01 04:07 . 2009-05-01 04:07 4020768 ----a-w c:\windows\system32\nvdisps.dll
2009-05-01 04:07 . 2009-05-01 04:07 3516960 ----a-w c:\windows\system32\nvgames.dll
2009-05-01 04:07 . 2009-05-01 04:07 195104 ----a-w c:\windows\system32\nvmccss.dll
2009-05-01 04:07 . 2009-05-01 04:07 92704 ----a-w c:\windows\system32\nvmctray.dll
2009-05-01 04:07 . 2009-05-01 04:07 1288736 ----a-w c:\windows\system32\nvmobls.dll
2009-05-01 04:07 . 2009-05-01 04:07 143360 ----a-w c:\windows\system32\nvshext.dll
2009-05-01 04:07 . 2009-05-01 04:07 768544 ----a-w c:\windows\system32\nvsvc.dll
2009-05-01 04:07 . 2009-05-01 04:07 4045344 ----a-w c:\windows\system32\nvvitvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 211488 ----a-w c:\windows\system32\nvvsvc.exe
2009-05-01 04:07 . 2009-05-01 04:07 3123744 ----a-w c:\windows\system32\nvwss.dll
2009-05-01 02:02 . 2009-05-01 02:02 9850016 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02 1704960 ----a-w c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 7593472 ----a-w c:\windows\system32\nvd3dum.dll
2009-05-01 02:02 . 2009-05-01 02:02 10366976 ----a-w c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2009-05-01 02:02 457248 ----a-w c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02 3128320 ----a-w c:\windows\system32\nvwgf2um.dll
2009-05-01 00:45 . 2009-05-01 00:45 -------- d-----w c:\users\Bill\AppData\Roaming\TortoiseSVN
2009-05-01 00:37 . 2009-05-18 14:02 -------- d-----w c:\users\Bill\AppData\Local\TSVNCache
2009-05-01 00:14 . 2009-05-01 00:14 -------- d-----w c:\users\Bill\AppData\Roaming\Subversion
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w c:\program files\Common Files\TortoiseOverlays
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w c:\program files\TortoiseSVN
2009-04-29 23:56 . 2009-04-30 00:08 -------- d-----w c:\program files\Project64 1.6
2009-04-25 03:15 . 2009-04-25 03:15 22328 ----a-w c:\users\Bill\AppData\Roaming\PnkBstrK.sys
2009-04-25 03:15 . 2009-04-25 03:15 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-25 03:15 . 2009-04-25 03:15 -------- d-----w c:\programdata\id Software
2009-04-25 03:15 . 2009-04-25 03:15 -------- d-----w c:\users\All Users\id Software
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-21 22:49 . 2009-04-22 01:52 -------- d-----w c:\users\Bill\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2009-04-21 21:42 . 2009-04-21 21:43 -------- d-----w c:\users\Bill\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-04-21 21:41 . 2009-04-21 21:41 -------- d--h--r c:\users\Bill\AppData\Roaming\SecuROM
2009-04-20 21:08 . 2009-05-08 21:17 -------- d-----w C:\Incomplete
2009-04-20 20:54 . 2009-04-20 20:54 -------- d-----w c:\program files\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 15:16 . 2008-06-19 22:19 -------- d-----w c:\program files\Steam
2009-05-16 18:44 . 2008-01-20 22:25 -------- d-----w c:\program files\LucasArts
2009-05-16 18:44 . 2007-04-21 10:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 15:09 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-14 02:32 . 2008-10-01 12:16 -------- d-----w c:\program files\RelevantKnowledge
2009-05-14 02:32 . 2007-08-01 15:58 -------- d-----w c:\program files\Google
2009-05-13 21:43 . 2008-01-09 21:47 -------- d-----w c:\program files\EA GAMES
2009-05-12 16:34 . 2007-12-29 21:41 -------- d-----w c:\program files\Warcraft III
2009-05-05 18:20 . 2008-06-03 21:53 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-05 00:23 . 2007-12-30 02:25 -------- d-----w c:\program files\Sony
2009-05-04 02:21 . 2008-04-29 18:06 -------- d-----w c:\program files\Sony Setup
2009-05-01 22:14 . 2009-03-27 03:42 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-01 22:14 . 2009-03-27 03:42 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-01 22:13 . 2009-03-27 03:42 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-01 02:02 . 2009-05-01 02:02 4224 ----a-w c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2008-05-16 16:24 983552 ----a-w c:\windows\system32\nvapi.dll
2009-04-29 14:15 . 2008-01-02 22:06 9620 ----a-w c:\users\Bill\AppData\Local\d3d9caps.dat
2009-04-27 04:42 . 2008-09-13 03:04 457248 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-25 16:47 . 2008-10-15 15:46 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 16:46 . 2008-10-15 15:45 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-25 16:21 . 2008-09-23 00:43 34 ----a-w c:\users\Bill\jagex_runescape_preferences.dat
2009-04-25 03:58 . 2008-10-15 15:45 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-21 22:49 . 2008-10-12 22:08 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-21 22:27 . 2008-05-01 17:42 -------- d-----w c:\program files\Electronic Arts
2009-04-21 21:41 . 2008-01-26 04:15 98304 ----a-w c:\windows\system32CmdLineExt.dll
2009-04-20 21:09 . 2009-02-24 00:10 -------- d-----w c:\program files\FrostWire
2009-04-20 20:53 . 2009-03-15 02:48 -------- d-----w c:\program files\LimeWire
2009-04-20 03:18 . 2008-01-10 00:52 -------- d-----w c:\program files\Guild Wars
2009-04-18 09:02 . 2008-06-19 22:29 -------- d-----w c:\program files\Common Files\Steam
2009-04-16 17:40 . 2009-03-09 16:47 -------- d-----w c:\program files\Midway Home Entertainment
2009-04-16 04:31 . 2009-04-16 04:31 -------- d-----w c:\program files\3000AD
2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w c:\program files\Pollux Gamelabs
2009-04-12 00:33 . 2009-04-12 00:31 -------- d-----w c:\program files\Spiderman
2009-04-04 17:43 . 2008-06-01 22:10 -------- d-----w c:\program files\NCH Swift Sound
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-04-01 21:43 . 2009-04-01 21:43 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-04-01 21:43 . 2009-04-01 21:43 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-04-01 21:32 . 2009-04-01 21:32 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-03-31 22:19 . 2009-03-31 22:19 -------- d-----w c:\program files\SEGA
2009-03-30 16:14 . 2009-03-30 15:44 -------- d-----w c:\program files\Launchpad Enhanced
2009-03-27 03:42 . 2009-03-27 03:42 -------- d-----w c:\program files\AVG
2009-03-26 00:07 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games
2009-03-17 03:38 . 2009-04-16 00:07 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 00:07 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 04:13 . 2009-03-09 01:48 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-09 04:13 . 2009-03-09 01:48 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-08 04:26 . 2009-03-08 04:26 310 ----a-w c:\windows\EReg515.dat
2009-03-03 04:46 . 2009-04-16 00:07 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 00:07 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 00:06 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 00:07 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 00:07 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 00:07 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 00:06 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 00:07 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 00:07 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 00:07 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-16 00:07 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 00:07 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 00:06 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-09-28 22:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8d4f7313-07e8-4cf0-b616-939793ad75aa}"= "c:\program files\The_Union_of_Soviet_Republics\tbThe_.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{8d4f7313-07e8-4cf0-b616-939793ad75aa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d4f7313-07e8-4cf0-b616-939793ad75aa}]
2008-11-24 04:03 1784856 ----a-w c:\program files\The_Union_of_Soviet_Republics\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8d4f7313-07e8-4cf0-b616-939793ad75aa}"= "c:\program files\The_Union_of_Soviet_Republics\tbThe_.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{8d4f7313-07e8-4cf0-b616-939793ad75aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8D4F7313-07E8-4CF0-B616-939793AD75AA}"= "c:\program files\The_Union_of_Soviet_Republics\tbThe_.dll" [2008-11-24 1784856]

[HKEY_CLASSES_ROOT\clsid\{8d4f7313-07e8-4cf0-b616-939793ad75aa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-10 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E08AE05-29F9-4FA2-A855-BC94B1812FEC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8AD4B445-2665-49C1-868C-57B236CEDCA4}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CEE89B6C-00C8-4144-B5A6-0476047653A5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{43127B7F-6787-4AC9-98E9-5FB21C41FD6A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{92363EFE-3ED7-45D5-8406-56DA8AEEF7E2}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{1FBA613B-8DB4-4AC4-B1BF-F0D97D0E2198}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{25C42470-733A-44AA-9C25-08180AF8F86B}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{E5C1C5C6-E862-46F7-9566-D884DD2BFAC3}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E4CE3B3A-59B8-4E11-8F2A-7993F4B86185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6485DC41-213D-4A8D-AA8B-551F99D23BE9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{12619514-D9E8-4900-9E4D-ECDF93F13427}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{944880D9-B475-483D-BC04-009A3F5E2CE7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DE12E2DE-87E7-44F8-B3EE-2959C4DB6C77}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D51E78BF-818E-445C-943E-B27861212FF5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B343D754-39E2-4A80-A438-69DDF0E22CFC}"= Disabled:UDP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"{31C6F872-AA7F-4341-96B6-DFF107ECC198}"= Disabled:TCP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{C352E295-B7BC-477D-ADDB-C4810E08659C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0109439E-45F1-41F1-B7F0-6748A2A8A15F}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{136AB26F-A23B-466C-B39C-10BCC2771E14}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{7F47E8DB-88D2-4EBF-B627-A8035304EE53}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{AE3FF1C4-0F8D-4AB5-9617-D07E6E16007B}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{629EA833-B25E-4DB7-A58A-80A5256EF445}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{C52C77A0-3402-4108-A038-D8A5CED973EF}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{5415322A-73C4-44F6-818B-CA08E872D5E9}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{7208035F-AF23-4BB7-997A-857AE477148B}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{2A76038B-8B01-423E-9600-A4FC876EE5FF}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{36B3B922-A508-44B3-AC3F-94F69ACA6150}"= UDP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{3F361C0F-87F8-43A0-BED3-8AF0145E54E8}"= TCP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"TCP Query User{CE26D9F6-CE56-45AE-9407-7435AFBBEEA8}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= UDP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"UDP Query User{80CA91EF-0DDF-4B6B-BE3B-1B71B9C7AF28}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= TCP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"{0B5AB7DE-E09D-4C13-87C4-1605F9CE967B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6A2F1A66-CEE5-4C59-B56D-0430BE55ECFA}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{64FC9C59-0F70-4747-847A-917A01DB97F1}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{96D8C8C1-80D0-48BA-8C5A-3B9C74D79FEF}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= UDP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"UDP Query User{B86C1014-6FEC-4735-83A8-F5A35B5F225B}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= TCP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"TCP Query User{3781B50F-2F49-46F6-9F09-91E0CC9FB9D4}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3865A410-5CC0-4A4F-8F3E-C56916B57170}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{616AD601-2940-42E3-B506-9EC7E0DFCD99}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{86280A6F-3C16-4C13-87B8-603434E99CDA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{62508D56-7C80-40A8-8469-3CD4EB387B17}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{3986D233-EAC6-4439-87B5-5F3C8A0EB5AC}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"{1C049293-D22A-48CC-906B-501858B7641A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{4DE24660-3D79-4483-8D41-856338E890F3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{75AA3FAA-56D3-4B1C-B955-0F7809383101}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{63D8AA64-A223-4B73-A602-C5B3888D6EC3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{0E110257-B05F-4EF8-AFEC-13FB69183D62}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E39EC2E6-DF3B-4D78-81CB-DF34DF2E5C1B}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{24646C0D-1E5B-4AB4-B040-F102B7E7BB9D}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{E02DBA53-13CF-4CE1-BF72-492811B8B7BD}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{0CC14753-C322-4562-AAE1-F4EB35630349}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{887FD0C2-5E26-4C14-B540-7E6302ED18F2}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{8CF7E3DA-22F4-4F23-BF2D-399DBFB02704}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= UDP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords
"UDP Query User{3C86D191-24DC-4828-BFCC-17466EEE6C84}c:\\program files\\2k games\\firaxis games\\sid meier's civilization 4 gold\\warlords\\civ4warlords.exe"= TCP:c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe:Sid Meier's Civilization 4 : Warlords
"TCP Query User{02178F8D-6559-4E3D-9F0A-DA5DC4C2E216}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{51DDBA45-F2D1-47AD-8C55-CA5A14762E08}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{A7667F82-3934-4514-A567-20F52F70B024}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{A23EE927-3D6A-4D9E-B660-B7A834D7D2C0}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{991808B7-ACE9-477A-A877-6BB1AC746554}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{E9809A84-6E5E-4B35-92F0-15777DC82B3F}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{ADA3D4B2-D0A9-40A9-9F5D-220BCC310664}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{E3AC20E4-227E-46D8-9D8F-97F0A4049042}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{B20C09BB-6867-46DA-B238-53FB6CC0E700}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{FC83E912-5AC7-457C-B6C5-1B57F087948E}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{706902E4-9CF7-4FF5-A05A-0253BC0E12AC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62A96C04-99EB-4BA0-9E2C-572E913ACDF2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E32A2595-2054-4A80-AD01-45F75EFE38B6}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{7AF5EF37-9A7D-43A8-839B-22F092866F5E}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{C1F9108F-CF80-4FEE-872C-B9E8A7DCA49F}"= UDP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"{319DA0B3-4219-4B4F-AC0C-C789CE661448}"= TCP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"TCP Query User{CD5723DE-60B4-492C-99C0-9703701B00D3}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= UDP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"UDP Query User{57B49C85-110E-4D19-962B-B25D0649D223}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= TCP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"{D3EEAB74-0179-4930-B68B-4180A044F218}"= UDP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{3185CC47-7DE2-47AA-8D6C-1C406B938909}"= TCP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"TCP Query User{0338224C-024A-406B-AD66-949F526C0AD0}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{E3A9A5E1-F84A-4982-9610-8DF6891F6BA7}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{9915D440-5BA6-4F79-AB00-76EF17FDC633}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{6AE36A6F-9923-41A6-803B-1E045C25C6E1}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{9924839A-BF3B-4088-8955-EA262992B81C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{44611565-CCE9-43CA-9723-34FCF836F75B}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"{B6667F6B-5711-40DE-850C-4CCCA247F39A}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{ABD5DD0F-8630-4154-86F4-AE464383375F}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{FF47E40B-2954-4C89-A22C-C9A75B9AB492}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= UDP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"UDP Query User{555B963C-95F4-4CFD-8F72-B0BD48CFFBB2}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= TCP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"TCP Query User{90542C4F-A05C-4B30-A53D-AB21B630C717}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{DF64320C-DD1A-4C70-8C1E-D39FAE7F24CB}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{97515018-6AD3-4FFE-B462-2545F4395441}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{2925D282-5720-4EFA-8040-CFCB4261D420}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{713F97DE-D064-4700-8FF8-D21C97347B64}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{30BC75CF-64BA-4117-A715-B29878204E73}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{C7DCDB99-D71C-434A-B8AC-8CFD7ABBD75B}j:\\program files\\call of duty\\codmp.exe"= UDP:j:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{EB428A05-5F71-4C99-96D4-07FBFF47D27A}j:\\program files\\call of duty\\codmp.exe"= TCP:j:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{B6A40926-B237-4838-8750-A819E96ED3AF}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{919A188E-F760-4252-99E8-96B4A497CFC4}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{262DE056-90E9-4AFA-AB4D-0BABA8CF73AE}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{5756675A-0209-4102-A14B-D915827B2434}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{7C3AAD3E-930E-45FC-B5CB-DED218523DD8}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{1D542D76-3AE6-4A6A-B81C-513FF9E71B4D}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{077F5CF7-685A-4390-BF5A-A6A74EA60E05}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{AC44E92C-F0DF-4791-8558-640303CC2BCC}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{B2E17F4F-E2E8-4C43-B97F-4BA0C6A79C30}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= UDP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"UDP Query User{CC59E66D-B717-4F84-863A-F554BF975B23}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= TCP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"TCP Query User{54171E41-6DB7-497B-910C-183DB605BD4F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7EF9A23C-E405-4BA3-89D6-CC58FE61EF79}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{98D79AA9-1FF5-4218-9D30-7AB7DF4EE1BE}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"{6ABE3629-A62F-4C10-8F81-4B7617982423}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"TCP Query User{201331DB-A8CD-450C-A1A5-3BB3001F5466}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{FB05B732-683F-4C1F-9353-9A33DDAFC6E7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{6FD39D2D-D05F-408D-8C8E-2AA8AE9152CD}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{F133EE3A-098F-4E33-ABB8-83E9B7EFEF41}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{94EF3D9B-2F1B-4453-B3D4-058A65452BDE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{64B11F26-BF5F-4203-88C6-CFD0033FE1D6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{24642E68-8E52-4355-BC89-E55623AD77F9}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{8CAF7734-33F5-4DD9-AD35-23934DB0B200}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3B88E914-48BC-41F1-BCF9-570BDE15286B}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{EE764B46-A980-414B-BEB4-50668AC0C4D5}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2092D855-AFCA-432B-AFE2-30902FE0D765}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C0AD94A3-467D-45B3-BA47-0F85E87C6F48}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{CFF8E426-9CD0-4FED-A92C-E6A7E9328012}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E6A6279-38F7-4E70-A42D-4FAB5C967A0F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{112EE7C1-DBF4-4327-825D-9C489C41F871}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{88465BAD-574B-4156-AC08-8AAFC8904A6D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B8B39E06-E6C2-4FC2-8D9F-0F77972D9695}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{73FA97A3-B1F2-451F-BCBA-EEA102815424}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{920B712B-9BF4-4A2A-BB25-D7503DC6F9AC}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= UDP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"UDP Query User{DE5E95D5-3A1C-49DC-97A8-EB1BD802B55F}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= TCP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"{9ADD150E-D167-4CED-AB2B-A035EBF830BB}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{82786D3D-116F-41B3-84D3-33A67B2F23F6}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E136AF00-BE5E-41D3-A7F1-227A83561E31}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{FF74DD82-1D54-47F4-83BF-2E0317026354}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{3B137F77-6627-4B23-88BB-29888883D540}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B96ADE7C-CE5B-4B88-A398-12D18A923CA9}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"{85E90AFA-9B61-4D70-8745-E93343CEFFB1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FC04D75-60C0-4DA8-9ED9-E8EB88FBBBA6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{03B2ED58-9295-4E1A-91AA-D09F30903D72}"= UDP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"{9436F4B3-27C2-4F5D-AC25-E9FB8F061E94}"= TCP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"TCP Query User{54D26C84-B0E9-40C3-AC99-6ACEA42BD175}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{80ECAE73-FFFC-433B-889C-BD12603FC555}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{ADF8446B-080F-4C26-BAEF-E66CF423B3DB}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{6E0A5A95-2E54-4619-A440-FAC3D73B1B18}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{83DFB048-9C17-4306-AB2A-1DE53D9E777B}c:\\program files\\netbattleship\\battleship.exe"= UDP:c:\program files\netbattleship\battleship.exe:BattleShip
"UDP Query User{4AEFA628-F793-4528-9CD0-31812DE0063B}c:\\program files\\netbattleship\\battleship.exe"= TCP:c:\program files\netbattleship\battleship.exe:BattleShip
"TCP Query User{66270228-390A-4CE6-8216-A07700A1D48B}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{94278B84-35ED-4054-98C9-9DB482A954E6}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"{757C98C3-7540-4DA6-8B23-6C492145B133}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{B264F731-866E-4660-9752-B3D831662FA4}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"TCP Query User{7297D068-6FE7-49C8-A375-4E5E4424EA1F}c:\\program files\\3do\\army men rts\\army men rts.exe"= UDP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"UDP Query User{6EF176A2-5F9F-4A35-9DC2-AC2EAF69B878}c:\\program files\\3do\\army men rts\\army men rts.exe"= TCP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"TCP Query User{D84D87A9-40EF-4824-86BB-427958F9887C}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= UDP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"UDP Query User{0E3D3B5F-3C45-4374-820F-8B26D05F3DEA}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= TCP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"TCP Query User{DE1F89BE-F457-4D04-A7AA-9DB936608846}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{8A8C4A72-9611-4E82-BF7A-137B4E588032}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{22BE6D27-A334-4F26-9732-F93C8F6775C1}"= UDP:c:\windows\Temp\~os61EE.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{BE3729C2-EC53-4F33-BFEC-1DB0A81894C5}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{0FC5A59E-E0C8-4C15-90AF-F202F176B4CC}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{D19D3E96-67E9-478F-ABF3-D0EE155F9F1E}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{B114AAB5-8B90-4A98-BAB1-CE5F87A657AA}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"TCP Query User{FD1AA35B-6EEC-4096-9542-D38B2AD28C7D}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= UDP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"UDP Query User{42CFCBCE-D10B-49D0-8687-FF7AE1A48306}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= TCP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"TCP Query User{C6613558-FC1E-466B-AB75-0E55C64DD959}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{CBE5997F-B20E-421A-98E2-EF3549BFA6A7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{1A8FD464-E268-4ACC-9234-A7922B922CE7}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{38C920E8-C345-465B-9495-9A0E1B12D696}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"{89EA5414-765E-4394-8BBF-0EC4DF2C51AC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38F85E00-525A-491D-8DAA-487A21072883}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C2A9BA33-1B54-43D6-BFF8-DD8274E38B33}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B18210A-79D2-49FE-AD1A-88067BBE7B70}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AFE0AE9C-E4E6-4387-991E-C2431ABA793D}c:\\program files\\kali95\\kali.exe"= UDP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"UDP Query User{90049B67-D726-4E0D-9507-60A0757B98A0}c:\\program files\\kali95\\kali.exe"= TCP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"TCP Query User{20BA518D-9897-483A-A0A0-73A0FA0B4044}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"UDP Query User{0C21B453-9C48-4F99-BBC4-2AAC417F5D4C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"{52D6C540-869A-459B-BEB6-50B8BBA64156}"= UDP:86:BroadCam Web Server
"TCP Query User{B45B3A1C-8338-4927-A095-C8A385A8D0DB}c:\\doomsday\\bin\\doomsday.exe"= UDP:c:\doomsday\bin\doomsday.exe:Doomsday
"UDP Query User{E6090E32-DFF4-45B9-8A36-29ED6E061470}c:\\doomsday\\bin\\doomsday.exe"= TCP:c:\doomsday\bin\doomsday.exe:Doomsday
"{4AB88326-30E4-4C9A-9DDB-BD81365816B9}"= UDP:c:\windows\Temp\~os873A.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{28E40DD4-A5D6-41D0-A62B-A2AA48B0D9AA}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"UDP Query User{EB5306D2-27B6-4EFC-96DC-91C4D4745607}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"TCP Query User{E599EA44-36C6-4B9C-8C18-45FF8904628F}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"UDP Query User{9D8F2767-633E-49EA-A89F-6D903470B002}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"TCP Query User{E9562E4D-75A2-4DF0-8635-CFC64A70992B}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{D98590B0-15AD-4BFB-A0D4-C6205FD9E80F}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{82871D64-C7C4-484B-83A7-B1C6304D8E12}"= UDP:c:\windows\Temp\~os94FF.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B7205484-CAA0-472E-BC49-A58944840735}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{3F383EF5-59ED-4CB8-AA6D-00BBEB8FA5DC}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{CCA31625-FDDA-4BE8-89C2-A2D848E184C3}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{80FE052E-F5A4-485D-BCAD-B22BE131B986}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{AACD6CC3-A4FC-4975-9161-A4094E751803}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{16C4C627-0D14-4527-A1CB-975BCDD8400B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"TCP Query User{07E23151-B4AF-47B5-B0E4-24BE4893C4CC}c:\\alien arena 2008\\crx.exe"= UDP:c:\alien arena 2008\crx.exe:crx
"UDP Query User{E831E684-23A7-49E3-B909-EEE62573322A}c:\\alien arena 2008\\crx.exe"= TCP:c:\alien arena 2008\crx.exe:crx
"TCP Query User{4985048C-6E67-4EAA-A35C-EEE58DC95A4A}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= UDP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"UDP Query User{331B65BE-8145-45D1-A99D-F1997D146A9F}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= TCP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"TCP Query User{42ABB59B-7E58-4663-BAC2-C09EDCDA1555}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{E5D6768D-7235-4687-9341-1BD25DE055B5}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"TCP Query User{51914876-18B6-4C32-82AC-C7E494948D86}c:\\program files\\doom 3\\doom3.exe"= UDP:c:\program files\doom 3\doom3.exe:DOOM 3
"UDP Query User{31B6C80A-E479-4F47-B58B-76C9920DB2EF}c:\\program files\\doom 3\\doom3.exe"= TCP:c:\program files\doom 3\doom3.exe:DOOM 3
"{5FE529B2-7654-49DA-9650-64644429AA4A}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{D70F35AE-45F2-417E-8750-6CEB461F2F90}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{682572DE-3511-47D2-9639-344A24361A09}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{2D837C8E-654A-4E66-B336-36FB2ACEB6BD}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"{EA45607E-6182-42C4-A4DF-EFA3BB6D97EF}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{924FEA48-E797-46ED-A885-D3D5D19545F0}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{8EB06BC8-729F-4CC9-9433-60DFB0F925E2}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"UDP Query User{19AA014C-C012-4458-8947-BBFB20228EEF}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"TCP Query User{A9D81BFC-C1B9-4C61-B6A6-6824B7D50BE9}c:\\program files\\zdaemon\\zlauncher.exe"= UDP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{A1FAC889-2162-4A90-8A94-42F2EF4CADE0}c:\\program files\\zdaemon\\zlauncher.exe"= TCP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{AD42E9A5-B0AA-4B60-AE96-6B989BCAA913}c:\\program files\\midway home entertainment\\area-51\\a51"= UDP:c:\program files\midway home entertainment\area-51\a51:A51
"UDP Query User{BEA2D15E-CBC6-46DB-AAD7-60ED443195BB}c:\\program files\\midway home entertainment\\area-51\\a51"= TCP:c:\program files\midway home entertainment\area-51\a51:A51
"TCP Query User{C0BF50B7-D9A6-4CAE-89C1-EDF354DB5D9A}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"UDP Query User{72121048-DEA2-40A2-A81F-10440E209E90}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"TCP Query User{D36E4B95-49C8-487E-88E6-F4B3EC8A21D8}c:\\program files\\relevantknowledge\\rlvknlg.exe"= UDP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"UDP Query User{3201E0BD-6B53-403E-9FF0-B3B85AEBC60A}c:\\program files\\relevantknowledge\\rlvknlg.exe"= TCP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{132AF9A4-74C5-4CAF-A3E6-6D5461FB363E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"UDP Query User{6EE2DCB2-692E-433D-A2B2-E283B363929E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"TCP Query User{49562FDB-CCB4-47BE-A25B-45F44E5AE7BC}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"UDP Query User{BF2735FE-AA34-44BA-BE20-983C4200DD2E}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"{FD8232AE-BF17-446B-90EC-AE3D3CE96C0C}"= UDP:c:\windows\Temp\~os71D6.tmp\ossproxy.exe:ossproxy.exe
"{75CA5DD5-142D-4FAD-BC15-8C8C14107DFA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9AEBE96A-22A8-45DC-8C2D-A7ECCE619902}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{62A95F6D-48F4-4C3D-9AD6-F59057146506}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{2C47C7C8-E408-4973-A4A9-AAFFFF03B52D}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{FBA005CA-FE8F-4DDC-AF82-46D55E40DDCD}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{6ADC6045-92C2-49BF-BBED-3BB99616430A}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"UDP Query User{AEAC2BDB-BF72-4F24-B2A3-D11415722F77}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"{78689174-2515-4DED-80BE-F66E723D4ACA}"= UDP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{6B0B0083-799B-491D-8FBF-00290B71C6AC}"= TCP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"TCP Query User{0957DEA0-21B1-4B1E-8408-649CA80A78F7}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= UDP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"UDP Query User{773573E8-D4E1-4837-ACCB-CD75DBBA23B9}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= TCP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"TCP Query User{F37864FD-D92A-44C8-BA87-DCD325B7FCFF}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{8D1DA4A1-B4B4-493B-8098-B4DF1C989B75}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{9A21D6C8-5C8D-49AA-A0E0-A183B3F0C023}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{2C8FA446-5AA4-410C-AA82-A1E62AAFD9DC}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{41DE1E8F-D62A-407A-8858-469BAD6BA780}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4689DB89-9603-46F9-B598-9F11ED59A9D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7348C1C6-031D-4599-9CC7-0E7F6738FCE8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3D7335C5-F4F7-450D-BA37-520328D50C04}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{3F7A5CD1-58A3-487E-BA01-96F632536600}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8EE3C56C-535C-4E8B-95EC-B5AA1C32247F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7DC975E3-2CCF-4970-B660-DDA211ECECD2}"= UDP:c:\windows\Temp\~osB947.tmp\ossproxy.exe:ossproxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R3 musbehco;musbehco;c:\users\Bill\AppData\Local\Temp\musbehco.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-01 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-01 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-01 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-01 298776]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{0B6F78EC-6022-41DD-83DC-980A10DBAF8A}.job
- c:\windows\system32\msfeedssync.exe [2008-09-27 07:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{477dfee7-cd74-aec0-169a-d8fe95706c3b} - c:\windows\system32\utzezwrobbpvj.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKLM-Run-PWRISOVM.EXE - c:\program files\PowerISO\PWRISOVM.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: games-workshop.com
Trusted Zone: nationstates.net
Trusted Zone: runescape.com
Trusted Zone: starwars.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\3x4tfghu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 16:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000023232222A735EE0013 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{38372d67-abb8-4437-ae76-35c8b3e0ef8e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,d3,32,fe,10,14,f5,65,95,c9,48,8b,ca,7b,8c,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,41,d8,65,ba,f5,4a,bb,54,f8,57,35,3c,27,2c,cd,05,e1,8e,7e,bc,
1d,d0,61,60,ad,2e,f1,58,18,9d,14,fb,45,af,37,7f,94,0e,de,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,4e,8e,a3,fb,1a,f2,19,74,3c,63,bd,7c,72,55,32,5c,7d,fb,46,b5,99,22,
a8,73,4b,df,d2,76,b2,ed,a4,30,8a,5b,cd,b5,b2,55,4d,2a,df,f7,35,01,19,44,0c,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\License information*]
"datasecu"=hex:d4,c8,b5,5e,be,19,45,54,12,4f,6f,76,8f,db,da,15,53,cb,e6,e1,6b,
50,ca,00,7f,4c,a4,99,9e,5b,8c,1a,69,ea,02,9b,8b,02,2e,21,ad,d3,57,1a,1a,0e,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001_Classes\CLSID\{392cdb74-31d5-4039-9e78-dd66d0b6519b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010f
"Therad"=dword:00000009

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):09,1b,f1,81,77,b0,40,b2,c3,20,e5,c4,05,6f,9a,3a,d7,0a,8d,6a,57,
97,d7,43,5f,42,38,27,9c,5d,33,1a,57,73,a3,64,3d,9d,25,8e,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-18 16:18
ComboFix-quarantined-files.txt 2009-05-18 20:18

Pre-Run: 46,581,567,488 bytes free
Post-Run: 47,146,782,720 bytes free

644 --- E O F --- 2009-05-18 14:07


now's for the Hijack This file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:22 PM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08111E97-AB7D-B099-1D3F-F88F47E13432} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {477dfee7-cd74-aec0-169a-d8fe95706c3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! ¤uØć¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.5;MEGAUPLOAD 1.0 (.NET CLR 3.5.30729)" -"http://health.howstuffworks.com/adam-200107.htm"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11526 bytes

Hello Da Doom Guy,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now. TeaTimer can be re-activated once we have finished cleaning your machine.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot your computer.

After that

We need to disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Before we do anything please disable Windows Defender to prevent it from interfering with our fixes.

Go to this link for instructions on how to enable/disable Windows Defender

http://windowshelp.microsoft.com/Windows/e...1bf0dc1033.mspx

Step 2

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

Now

Note: There is one there I think is bad but am unable to find certainty on it - C:\Program Files\The_Union_of_Soviet_Republics - I have listed it for removal to be on the safe side. However, if you know it's good and you want to keep it then remove that item from the HijackThis and Combofix script.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O2 - BHO: (no name) - {08111E97-AB7D-B099-1D3F-F88F47E13432} - (no file)
O2 - BHO: (no name) - {477dfee7-cd74-aec0-169a-d8fe95706c3b} - (no file)
O2 - BHO: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O3 - Toolbar: Yahoo! ¤uØć¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt Please post that here together with a new HijackThis log for further review.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Topic re-opened at users request.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:34 PM, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WerCon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08111E97-AB7D-B099-1D3F-F88F47E13432} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {477dfee7-cd74-aec0-169a-d8fe95706c3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! ¤uØć¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: The Union of Soviet Republics Toolbar - {8d4f7313-07e8-4cf0-b616-939793ad75aa} - C:\Program Files\The_Union_of_Soviet_Republics\tbThe_.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11119 bytes

sorry for the new topic but I messaged several staff who were online, but none responded/opened the thread, so I figured a new one would gain attention.

Hello Da Doom Guy,

Did you manage to run that Combofix script?

Don't see the log there

ComboFix 09-06-07.05 - Bill 06/08/2009 0:34.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1095 [GMT -4:00]
Running from: c:\users\Bill\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RelevantKnowledge
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 04:47 . 2009-06-08 04:47 -------- d-----w- c:\users\Bill\AppData\Local\temp
2009-06-08 04:47 . 2009-06-08 04:47 -------- d-----w- C:\temp
2009-06-08 04:47 . 2009-06-08 04:47 -------- d-----w- \temp
2009-06-08 04:34 . 2009-06-08 04:47 -------- d-s---w- \ComboFix
2009-06-07 02:08 . 2009-06-07 02:08 -------- d-----w- c:\programdata\SiteAdvisor
2009-06-07 02:08 . 2009-06-07 02:08 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-07 02:07 . 2009-06-07 14:49 -------- d-----w- c:\program files\McAfee
2009-06-07 02:07 . 2009-06-07 02:08 -------- d-----w- c:\programdata\McAfee
2009-06-07 02:07 . 2009-06-07 02:08 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-05 14:38 . 2009-06-05 14:38 -------- d-----w- C:\Matrix Games
2009-06-05 14:38 . 2009-06-05 14:38 -------- d-----w- \Matrix Games
2009-06-05 05:39 . 2009-06-05 05:39 -------- d-----w- c:\program files\Mario Forever
2009-06-04 06:44 . 2008-10-30 13:15 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2009-06-04 06:44 . 2009-06-04 07:29 -------- d-----w- c:\program files\CrosuS
2009-06-04 00:25 . 2009-06-04 00:25 -------- d-----w- c:\program files\Digital Reality
2009-05-29 00:58 . 2004-02-02 00:50 131072 ----a-w- c:\windows\system32\LuaDC.dll
2009-05-29 00:58 . 2002-03-13 20:46 53248 ----a-w- c:\windows\system32\zlib.dll
2009-05-27 22:51 . 2006-11-01 18:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-27 22:51 . 2006-11-01 18:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-27 22:10 . 1999-09-20 12:18 180 ------w- c:\windows\system32\msftpd.exe
2009-05-27 22:10 . 2009-05-27 22:10 -------- d-----w- C:\FT Demo
2009-05-27 22:10 . 2009-05-27 22:10 -------- d-----w- \FT Demo
2009-05-21 13:38 . 2009-05-21 13:38 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-18 20:03 . 2009-06-08 04:38 -------- d---a-w- \Qoobox
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\windows\system32\AGEIA
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-16 14:06 . 2009-05-16 14:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\program files\CONEXANT
2009-05-13 21:29 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-13 20:45 . 2009-05-13 20:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 04:27 . 2009-05-18 01:13 31776 ----a-w- c:\programdata\nvModes.dat
2009-06-08 03:08 . 2008-06-19 22:19 -------- d-----w- c:\program files\Steam
2009-06-08 03:07 . 2008-09-13 03:16 2145869824 --sha-w- \hiberfil.sys
2009-06-08 03:07 . 2007-04-21 10:35 2459709440 --sha-w- \pagefile.sys
2009-06-07 02:07 . 2008-05-14 20:59 -------- d-----w- c:\program files\Yahoo!
2009-06-06 18:16 . 2008-01-02 22:06 2708 ----a-w- c:\users\Bill\AppData\Local\d3d9caps.dat
2009-06-05 15:01 . 2009-03-09 16:47 -------- d-----w- c:\program files\Midway Home Entertainment
2009-06-05 14:37 . 2008-01-09 22:05 737280 ----a-w- c:\windows\iun6002.exe
2009-06-04 06:47 . 2007-12-29 21:41 -------- d-----w- c:\program files\Warcraft III
2009-06-04 06:30 . 2007-04-21 10:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 00:00 . 2008-09-05 20:36 -------- d-----w- c:\users\Bill\AppData\Roaming\gtk-2.0
2009-05-25 05:00 . 2009-02-24 00:11 -------- d-----w- c:\users\Bill\AppData\Roaming\FrostWire
2009-05-24 20:40 . 2008-01-20 22:25 -------- d-----w- c:\program files\LucasArts
2009-05-20 19:18 . 2008-09-23 00:43 34 ----a-w- c:\users\Bill\jagex_runescape_preferences.dat
2009-05-19 14:39 . 2008-06-19 22:29 -------- d-----w- c:\program files\Common Files\Steam
2009-05-18 01:15 . 2008-01-03 21:47 -------- d-----w- c:\programdata\NVIDIA
2009-05-14 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-14 02:32 . 2007-08-01 15:58 -------- d-----w- c:\program files\Google
2009-05-13 21:43 . 2008-01-09 21:47 -------- d-----w- c:\program files\EA GAMES
2009-05-08 17:52 . 2008-05-01 18:16 -------- d-----w- c:\users\Bill\AppData\Roaming\My Battle for Middle-earth™ II Files
2009-05-06 00:16 . 2009-05-06 00:09 -------- d-----w- c:\program files\epsxe170
2009-05-06 00:05 . 2009-05-06 00:05 -------- d-----w- c:\users\Bill\AppData\Roaming\fltk.org
2009-05-05 18:20 . 2008-06-03 21:53 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-05 00:23 . 2007-12-30 02:25 -------- d-----w- c:\program files\Sony
2009-05-05 00:23 . 2008-06-03 21:52 -------- d-----w- c:\programdata\Sony
2009-05-04 02:25 . 2009-05-04 02:25 -------- d-----w- c:\program files\Microsoft.NET
2009-05-04 02:21 . 2008-04-29 18:06 -------- d-----w- c:\program files\Sony Setup
2009-05-03 18:19 . 2009-05-03 18:19 -------- d-----w- c:\users\Bill\AppData\Roaming\.bsnes
2009-05-03 15:51 . 2009-05-03 15:44 -------- d-----w- c:\program files\GCFScape
2009-05-01 22:14 . 2009-03-27 03:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-01 22:14 . 2009-03-27 03:42 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 22:14 . 2007-09-30 22:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 22:13 . 2009-03-27 03:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 04:08 . 2009-05-01 04:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2008-04-30 12:38 -------- d-----w- c:\users\Bill\AppData\Roaming\Publish Providers
2009-05-01 04:08 . 2009-05-01 04:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-05-01 04:07 . 2009-05-01 04:07 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-05-01 04:07 . 2009-05-01 04:07 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 4020768 ----a-w- c:\windows\system32\nvdisps.dll
2009-05-01 04:07 . 2009-05-01 04:07 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-05-01 04:07 . 2009-05-01 04:07 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-05-01 04:07 . 2009-05-01 04:07 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-05-01 04:07 . 2009-05-01 04:07 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-05-01 04:07 . 2009-05-01 04:07 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-05-01 04:07 . 2009-05-01 04:07 13781536 ----a-w- c:\windows\system32\nvcpl.dll
2009-05-01 04:07 . 2009-05-01 04:07 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-05-01 02:02 . 2009-05-01 02:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2009-05-01 02:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-05-01 02:02 . 2009-05-01 02:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2008-05-16 16:24 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 00:45 . 2009-05-01 00:45 -------- d-----w- c:\users\Bill\AppData\Roaming\TortoiseSVN
2009-05-01 00:14 . 2009-05-01 00:14 -------- d-----w- c:\users\Bill\AppData\Roaming\Subversion
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w- c:\program files\TortoiseSVN
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-04-30 00:08 . 2009-04-29 23:56 -------- d-----w- c:\program files\Project64 1.6
2009-04-29 23:56 . 2009-04-29 23:56 8854 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-29 23:56 . 2009-04-29 23:56 40960 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-29 23:56 . 2009-04-29 23:56 40960 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-27 04:42 . 2008-09-13 03:04 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-25 16:47 . 2008-10-15 15:46 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 16:46 . 2008-10-15 15:45 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-25 03:58 . 2008-10-15 15:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-25 03:15 . 2009-04-25 03:15 22328 ----a-w- c:\users\Bill\AppData\Roaming\PnkBstrK.sys
2009-04-25 03:15 . 2009-04-25 03:15 22328 ----a-w- c:\users\Bill\AppData\Roaming\PnkBstrK.sys
2009-04-25 03:15 . 2009-04-25 03:15 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-25 03:15 . 2009-04-25 03:15 -------- d-----w- c:\programdata\id Software
2009-04-24 02:32 . 2009-01-30 00:54 -------- d-----w- c:\programdata\Media Center Programs
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-22 01:52 . 2009-04-21 22:49 -------- d-----w- c:\users\Bill\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2009-04-21 22:49 . 2008-10-12 22:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-21 22:27 . 2008-05-01 17:42 -------- d-----w- c:\program files\Electronic Arts
2009-04-21 21:43 . 2009-04-21 21:42 -------- d-----w- c:\users\Bill\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-04-21 21:41 . 2009-04-21 21:41 -------- d--h--r- c:\users\Bill\AppData\Roaming\SecuROM
2009-04-21 21:41 . 2008-01-26 04:15 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-04-20 21:09 . 2009-02-24 00:10 -------- d-----w- c:\program files\FrostWire
2009-04-20 20:54 . 2009-04-20 20:54 -------- d-----w- c:\program files\Incomplete
2009-04-20 20:53 . 2009-03-15 02:48 -------- d-----w- c:\program files\LimeWire
2009-04-20 03:18 . 2008-01-10 00:52 -------- d-----w- c:\program files\Guild Wars
2009-04-16 04:31 . 2009-04-16 04:31 -------- d-----w- c:\program files\3000AD
2009-04-14 21:30 . 2009-04-14 21:30 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w- c:\program files\Pollux Gamelabs
2009-04-12 00:33 . 2009-04-12 00:31 -------- d-----w- c:\program files\Spiderman
2009-04-04 19:49 . 2009-04-04 19:49 15240 ----a-w- c:\users\Bill\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-01 21:43 . 2009-04-01 21:43 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-04-01 21:43 . 2009-04-01 21:43 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-04-01 21:32 . 2009-04-01 21:32 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-03-17 03:38 . 2009-04-16 00:07 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 00:07 24064 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_20.15.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-07 00:14 . 2009-06-07 00:14 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82\vcomp90.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2007-04-21 10:46 . 2009-06-08 03:09 98908 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-08 03:09 70640 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-07-28 17:01 . 2009-06-08 03:09 21622 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-269047593-2358176518-1712421543-1001_UserData.bin
- 2007-07-23 21:59 . 2009-05-13 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-23 21:59 . 2009-06-06 05:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-23 21:59 . 2009-05-13 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-23 21:59 . 2009-06-06 05:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-20 17:31 . 2009-04-20 17:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-06-03 14:25 . 2009-06-07 00:14 5411 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2007-07-28 16:53 . 2009-05-19 23:13 2034 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-08 04:24 . 2009-06-08 04:24 5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
+ 2009-06-08 04:28 . 2009-06-08 04:28 4224 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\970AEE652C2EBC4C0080E9C5AA678B3C30EAEB7F\970AEE652C2EBC4C0080E9C5AA678B3C30EAEB7F\Data.dat
+ 2009-06-08 04:24 . 2009-06-08 04:24 7994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat
+ 2009-06-08 04:26 . 2009-06-08 04:26 5882 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\Data.dat
- 2009-05-18 14:01 . 2009-05-18 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-08 03:07 . 2009-06-08 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-18 14:01 . 2009-05-18 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-08 03:07 . 2009-06-08 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-03 02:01 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-06-03 02:01 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-06-03 02:01 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-06-03 02:01 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
- 2006-11-02 10:33 . 2009-05-18 14:08 668312 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-08 03:13 668312 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-18 14:08 130400 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-08 03:13 130400 c:\windows\System32\perfc009.dat
- 2007-07-23 21:59 . 2009-05-13 20:56 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-23 21:59 . 2009-06-06 05:14 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 23:53 . 2009-05-27 23:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-06-03 02:01 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
+ 2006-11-02 10:22 . 2009-06-07 06:47 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-05-15 03:02 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-27 23:53 . 2009-05-27 23:53 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-20 17:31 . 2009-04-20 17:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-27 23:53 . 2009-05-27 23:53 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-02-15 14:45 . 2009-06-03 01:36 214489449 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-05-18 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E08AE05-29F9-4FA2-A855-BC94B1812FEC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8AD4B445-2665-49C1-868C-57B236CEDCA4}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CEE89B6C-00C8-4144-B5A6-0476047653A5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{43127B7F-6787-4AC9-98E9-5FB21C41FD6A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{92363EFE-3ED7-45D5-8406-56DA8AEEF7E2}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{1FBA613B-8DB4-4AC4-B1BF-F0D97D0E2198}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{25C42470-733A-44AA-9C25-08180AF8F86B}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{E5C1C5C6-E862-46F7-9566-D884DD2BFAC3}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E4CE3B3A-59B8-4E11-8F2A-7993F4B86185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6485DC41-213D-4A8D-AA8B-551F99D23BE9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{12619514-D9E8-4900-9E4D-ECDF93F13427}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{944880D9-B475-483D-BC04-009A3F5E2CE7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DE12E2DE-87E7-44F8-B3EE-2959C4DB6C77}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D51E78BF-818E-445C-943E-B27861212FF5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B343D754-39E2-4A80-A438-69DDF0E22CFC}"= Disabled:UDP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"{31C6F872-AA7F-4341-96B6-DFF107ECC198}"= Disabled:TCP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{C352E295-B7BC-477D-ADDB-C4810E08659C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0109439E-45F1-41F1-B7F0-6748A2A8A15F}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{136AB26F-A23B-466C-B39C-10BCC2771E14}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{7F47E8DB-88D2-4EBF-B627-A8035304EE53}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{AE3FF1C4-0F8D-4AB5-9617-D07E6E16007B}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{629EA833-B25E-4DB7-A58A-80A5256EF445}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{C52C77A0-3402-4108-A038-D8A5CED973EF}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{5415322A-73C4-44F6-818B-CA08E872D5E9}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{7208035F-AF23-4BB7-997A-857AE477148B}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{2A76038B-8B01-423E-9600-A4FC876EE5FF}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{36B3B922-A508-44B3-AC3F-94F69ACA6150}"= UDP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{3F361C0F-87F8-43A0-BED3-8AF0145E54E8}"= TCP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"TCP Query User{CE26D9F6-CE56-45AE-9407-7435AFBBEEA8}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= UDP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"UDP Query User{80CA91EF-0DDF-4B6B-BE3B-1B71B9C7AF28}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= TCP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"{0B5AB7DE-E09D-4C13-87C4-1605F9CE967B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6A2F1A66-CEE5-4C59-B56D-0430BE55ECFA}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{64FC9C59-0F70-4747-847A-917A01DB97F1}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{96D8C8C1-80D0-48BA-8C5A-3B9C74D79FEF}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= UDP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"UDP Query User{B86C1014-6FEC-4735-83A8-F5A35B5F225B}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= TCP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"TCP Query User{3781B50F-2F49-46F6-9F09-91E0CC9FB9D4}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3865A410-5CC0-4A4F-8F3E-C56916B57170}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{616AD601-2940-42E3-B506-9EC7E0DFCD99}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{86280A6F-3C16-4C13-87B8-603434E99CDA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{62508D56-7C80-40A8-8469-3CD4EB387B17}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{3986D233-EAC6-4439-87B5-5F3C8A0EB5AC}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"{1C049293-D22A-48CC-906B-501858B7641A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{4DE24660-3D79-4483-8D41-856338E890F3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{75AA3FAA-56D3-4B1C-B955-0F7809383101}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{63D8AA64-A223-4B73-A602-C5B3888D6EC3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{0E110257-B05F-4EF8-AFEC-13FB69183D62}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E39EC2E6-DF3B-4D78-81CB-DF34DF2E5C1B}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{24646C0D-1E5B-4AB4-B040-F102B7E7BB9D}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{E02DBA53-13CF-4CE1-BF72-492811B8B7BD}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{0CC14753-C322-4562-AAE1-F4EB35630349}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{887FD0C2-5E26-4C14-B540-7E6302ED18F2}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{02178F8D-6559-4E3D-9F0A-DA5DC4C2E216}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{51DDBA45-F2D1-47AD-8C55-CA5A14762E08}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{A7667F82-3934-4514-A567-20F52F70B024}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{A23EE927-3D6A-4D9E-B660-B7A834D7D2C0}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{991808B7-ACE9-477A-A877-6BB1AC746554}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{E9809A84-6E5E-4B35-92F0-15777DC82B3F}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{ADA3D4B2-D0A9-40A9-9F5D-220BCC310664}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{E3AC20E4-227E-46D8-9D8F-97F0A4049042}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{B20C09BB-6867-46DA-B238-53FB6CC0E700}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{FC83E912-5AC7-457C-B6C5-1B57F087948E}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{706902E4-9CF7-4FF5-A05A-0253BC0E12AC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62A96C04-99EB-4BA0-9E2C-572E913ACDF2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E32A2595-2054-4A80-AD01-45F75EFE38B6}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{7AF5EF37-9A7D-43A8-839B-22F092866F5E}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{C1F9108F-CF80-4FEE-872C-B9E8A7DCA49F}"= UDP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"{319DA0B3-4219-4B4F-AC0C-C789CE661448}"= TCP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"TCP Query User{CD5723DE-60B4-492C-99C0-9703701B00D3}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= UDP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"UDP Query User{57B49C85-110E-4D19-962B-B25D0649D223}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= TCP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"{D3EEAB74-0179-4930-B68B-4180A044F218}"= UDP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{3185CC47-7DE2-47AA-8D6C-1C406B938909}"= TCP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"TCP Query User{0338224C-024A-406B-AD66-949F526C0AD0}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{E3A9A5E1-F84A-4982-9610-8DF6891F6BA7}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{9915D440-5BA6-4F79-AB00-76EF17FDC633}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{6AE36A6F-9923-41A6-803B-1E045C25C6E1}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{9924839A-BF3B-4088-8955-EA262992B81C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{44611565-CCE9-43CA-9723-34FCF836F75B}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"{B6667F6B-5711-40DE-850C-4CCCA247F39A}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{ABD5DD0F-8630-4154-86F4-AE464383375F}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{FF47E40B-2954-4C89-A22C-C9A75B9AB492}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= UDP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"UDP Query User{555B963C-95F4-4CFD-8F72-B0BD48CFFBB2}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= TCP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"TCP Query User{90542C4F-A05C-4B30-A53D-AB21B630C717}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{DF64320C-DD1A-4C70-8C1E-D39FAE7F24CB}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{97515018-6AD3-4FFE-B462-2545F4395441}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{2925D282-5720-4EFA-8040-CFCB4261D420}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{713F97DE-D064-4700-8FF8-D21C97347B64}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{30BC75CF-64BA-4117-A715-B29878204E73}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{C7DCDB99-D71C-434A-B8AC-8CFD7ABBD75B}j:\\program files\\call of duty\\codmp.exe"= UDP:j:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{EB428A05-5F71-4C99-96D4-07FBFF47D27A}j:\\program files\\call of duty\\codmp.exe"= TCP:j:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{B6A40926-B237-4838-8750-A819E96ED3AF}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{919A188E-F760-4252-99E8-96B4A497CFC4}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{262DE056-90E9-4AFA-AB4D-0BABA8CF73AE}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{5756675A-0209-4102-A14B-D915827B2434}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{7C3AAD3E-930E-45FC-B5CB-DED218523DD8}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{1D542D76-3AE6-4A6A-B81C-513FF9E71B4D}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{077F5CF7-685A-4390-BF5A-A6A74EA60E05}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{AC44E92C-F0DF-4791-8558-640303CC2BCC}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{B2E17F4F-E2E8-4C43-B97F-4BA0C6A79C30}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= UDP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"UDP Query User{CC59E66D-B717-4F84-863A-F554BF975B23}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= TCP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"TCP Query User{54171E41-6DB7-497B-910C-183DB605BD4F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7EF9A23C-E405-4BA3-89D6-CC58FE61EF79}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{98D79AA9-1FF5-4218-9D30-7AB7DF4EE1BE}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"{6ABE3629-A62F-4C10-8F81-4B7617982423}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"TCP Query User{201331DB-A8CD-450C-A1A5-3BB3001F5466}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{FB05B732-683F-4C1F-9353-9A33DDAFC6E7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{6FD39D2D-D05F-408D-8C8E-2AA8AE9152CD}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{F133EE3A-098F-4E33-ABB8-83E9B7EFEF41}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{94EF3D9B-2F1B-4453-B3D4-058A65452BDE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{64B11F26-BF5F-4203-88C6-CFD0033FE1D6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{24642E68-8E52-4355-BC89-E55623AD77F9}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{8CAF7734-33F5-4DD9-AD35-23934DB0B200}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3B88E914-48BC-41F1-BCF9-570BDE15286B}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{EE764B46-A980-414B-BEB4-50668AC0C4D5}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2092D855-AFCA-432B-AFE2-30902FE0D765}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C0AD94A3-467D-45B3-BA47-0F85E87C6F48}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{CFF8E426-9CD0-4FED-A92C-E6A7E9328012}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E6A6279-38F7-4E70-A42D-4FAB5C967A0F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{112EE7C1-DBF4-4327-825D-9C489C41F871}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{88465BAD-574B-4156-AC08-8AAFC8904A6D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B8B39E06-E6C2-4FC2-8D9F-0F77972D9695}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{73FA97A3-B1F2-451F-BCBA-EEA102815424}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{920B712B-9BF4-4A2A-BB25-D7503DC6F9AC}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= UDP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"UDP Query User{DE5E95D5-3A1C-49DC-97A8-EB1BD802B55F}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= TCP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"{9ADD150E-D167-4CED-AB2B-A035EBF830BB}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{82786D3D-116F-41B3-84D3-33A67B2F23F6}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E136AF00-BE5E-41D3-A7F1-227A83561E31}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{FF74DD82-1D54-47F4-83BF-2E0317026354}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{3B137F77-6627-4B23-88BB-29888883D540}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B96ADE7C-CE5B-4B88-A398-12D18A923CA9}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"{85E90AFA-9B61-4D70-8745-E93343CEFFB1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FC04D75-60C0-4DA8-9ED9-E8EB88FBBBA6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{03B2ED58-9295-4E1A-91AA-D09F30903D72}"= UDP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"{9436F4B3-27C2-4F5D-AC25-E9FB8F061E94}"= TCP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"TCP Query User{54D26C84-B0E9-40C3-AC99-6ACEA42BD175}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{80ECAE73-FFFC-433B-889C-BD12603FC555}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{ADF8446B-080F-4C26-BAEF-E66CF423B3DB}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{6E0A5A95-2E54-4619-A440-FAC3D73B1B18}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{83DFB048-9C17-4306-AB2A-1DE53D9E777B}c:\\program files\\netbattleship\\battleship.exe"= UDP:c:\program files\netbattleship\battleship.exe:BattleShip
"UDP Query User{4AEFA628-F793-4528-9CD0-31812DE0063B}c:\\program files\\netbattleship\\battleship.exe"= TCP:c:\program files\netbattleship\battleship.exe:BattleShip
"TCP Query User{66270228-390A-4CE6-8216-A07700A1D48B}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{94278B84-35ED-4054-98C9-9DB482A954E6}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"{757C98C3-7540-4DA6-8B23-6C492145B133}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{B264F731-866E-4660-9752-B3D831662FA4}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"TCP Query User{7297D068-6FE7-49C8-A375-4E5E4424EA1F}c:\\program files\\3do\\army men rts\\army men rts.exe"= UDP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"UDP Query User{6EF176A2-5F9F-4A35-9DC2-AC2EAF69B878}c:\\program files\\3do\\army men rts\\army men rts.exe"= TCP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"TCP Query User{D84D87A9-40EF-4824-86BB-427958F9887C}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= UDP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"UDP Query User{0E3D3B5F-3C45-4374-820F-8B26D05F3DEA}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= TCP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"TCP Query User{DE1F89BE-F457-4D04-A7AA-9DB936608846}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{8A8C4A72-9611-4E82-BF7A-137B4E588032}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{22BE6D27-A334-4F26-9732-F93C8F6775C1}"= UDP:c:\windows\Temp\~os61EE.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{BE3729C2-EC53-4F33-BFEC-1DB0A81894C5}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{0FC5A59E-E0C8-4C15-90AF-F202F176B4CC}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{D19D3E96-67E9-478F-ABF3-D0EE155F9F1E}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{B114AAB5-8B90-4A98-BAB1-CE5F87A657AA}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"TCP Query User{FD1AA35B-6EEC-4096-9542-D38B2AD28C7D}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= UDP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"UDP Query User{42CFCBCE-D10B-49D0-8687-FF7AE1A48306}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= TCP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"TCP Query User{C6613558-FC1E-466B-AB75-0E55C64DD959}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{CBE5997F-B20E-421A-98E2-EF3549BFA6A7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{1A8FD464-E268-4ACC-9234-A7922B922CE7}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{38C920E8-C345-465B-9495-9A0E1B12D696}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"{89EA5414-765E-4394-8BBF-0EC4DF2C51AC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38F85E00-525A-491D-8DAA-487A21072883}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C2A9BA33-1B54-43D6-BFF8-DD8274E38B33}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B18210A-79D2-49FE-AD1A-88067BBE7B70}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AFE0AE9C-E4E6-4387-991E-C2431ABA793D}c:\\program files\\kali95\\kali.exe"= UDP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"UDP Query User{90049B67-D726-4E0D-9507-60A0757B98A0}c:\\program files\\kali95\\kali.exe"= TCP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"TCP Query User{20BA518D-9897-483A-A0A0-73A0FA0B4044}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"UDP Query User{0C21B453-9C48-4F99-BBC4-2AAC417F5D4C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"{52D6C540-869A-459B-BEB6-50B8BBA64156}"= UDP:86:BroadCam Web Server
"TCP Query User{B45B3A1C-8338-4927-A095-C8A385A8D0DB}c:\\doomsday\\bin\\doomsday.exe"= UDP:c:\doomsday\bin\doomsday.exe:Doomsday
"UDP Query User{E6090E32-DFF4-45B9-8A36-29ED6E061470}c:\\doomsday\\bin\\doomsday.exe"= TCP:c:\doomsday\bin\doomsday.exe:Doomsday
"{4AB88326-30E4-4C9A-9DDB-BD81365816B9}"= UDP:c:\windows\Temp\~os873A.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{28E40DD4-A5D6-41D0-A62B-A2AA48B0D9AA}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"UDP Query User{EB5306D2-27B6-4EFC-96DC-91C4D4745607}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"TCP Query User{E599EA44-36C6-4B9C-8C18-45FF8904628F}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"UDP Query User{9D8F2767-633E-49EA-A89F-6D903470B002}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"TCP Query User{E9562E4D-75A2-4DF0-8635-CFC64A70992B}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{D98590B0-15AD-4BFB-A0D4-C6205FD9E80F}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{82871D64-C7C4-484B-83A7-B1C6304D8E12}"= UDP:c:\windows\Temp\~os94FF.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B7205484-CAA0-472E-BC49-A58944840735}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{3F383EF5-59ED-4CB8-AA6D-00BBEB8FA5DC}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{CCA31625-FDDA-4BE8-89C2-A2D848E184C3}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{80FE052E-F5A4-485D-BCAD-B22BE131B986}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{AACD6CC3-A4FC-4975-9161-A4094E751803}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{16C4C627-0D14-4527-A1CB-975BCDD8400B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"TCP Query User{07E23151-B4AF-47B5-B0E4-24BE4893C4CC}c:\\alien arena 2008\\crx.exe"= UDP:c:\alien arena 2008\crx.exe:crx
"UDP Query User{E831E684-23A7-49E3-B909-EEE62573322A}c:\\alien arena 2008\\crx.exe"= TCP:c:\alien arena 2008\crx.exe:crx
"TCP Query User{4985048C-6E67-4EAA-A35C-EEE58DC95A4A}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= UDP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"UDP Query User{331B65BE-8145-45D1-A99D-F1997D146A9F}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= TCP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"TCP Query User{42ABB59B-7E58-4663-BAC2-C09EDCDA1555}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{E5D6768D-7235-4687-9341-1BD25DE055B5}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"TCP Query User{51914876-18B6-4C32-82AC-C7E494948D86}c:\\program files\\doom 3\\doom3.exe"= UDP:c:\program files\doom 3\doom3.exe:DOOM 3
"UDP Query User{31B6C80A-E479-4F47-B58B-76C9920DB2EF}c:\\program files\\doom 3\\doom3.exe"= TCP:c:\program files\doom 3\doom3.exe:DOOM 3
"{5FE529B2-7654-49DA-9650-64644429AA4A}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{D70F35AE-45F2-417E-8750-6CEB461F2F90}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{682572DE-3511-47D2-9639-344A24361A09}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{2D837C8E-654A-4E66-B336-36FB2ACEB6BD}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"{EA45607E-6182-42C4-A4DF-EFA3BB6D97EF}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{924FEA48-E797-46ED-A885-D3D5D19545F0}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{8EB06BC8-729F-4CC9-9433-60DFB0F925E2}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"UDP Query User{19AA014C-C012-4458-8947-BBFB20228EEF}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"TCP Query User{A9D81BFC-C1B9-4C61-B6A6-6824B7D50BE9}c:\\program files\\zdaemon\\zlauncher.exe"= UDP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{A1FAC889-2162-4A90-8A94-42F2EF4CADE0}c:\\program files\\zdaemon\\zlauncher.exe"= TCP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{AD42E9A5-B0AA-4B60-AE96-6B989BCAA913}c:\\program files\\midway home entertainment\\area-51\\a51"= UDP:c:\program files\midway home entertainment\area-51\a51:A51
"UDP Query User{BEA2D15E-CBC6-46DB-AAD7-60ED443195BB}c:\\program files\\midway home entertainment\\area-51\\a51"= TCP:c:\program files\midway home entertainment\area-51\a51:A51
"TCP Query User{C0BF50B7-D9A6-4CAE-89C1-EDF354DB5D9A}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"UDP Query User{72121048-DEA2-40A2-A81F-10440E209E90}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"TCP Query User{D36E4B95-49C8-487E-88E6-F4B3EC8A21D8}c:\\program files\\relevantknowledge\\rlvknlg.exe"= UDP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"UDP Query User{3201E0BD-6B53-403E-9FF0-B3B85AEBC60A}c:\\program files\\relevantknowledge\\rlvknlg.exe"= TCP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{132AF9A4-74C5-4CAF-A3E6-6D5461FB363E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"UDP Query User{6EE2DCB2-692E-433D-A2B2-E283B363929E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"TCP Query User{49562FDB-CCB4-47BE-A25B-45F44E5AE7BC}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"UDP Query User{BF2735FE-AA34-44BA-BE20-983C4200DD2E}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"{FD8232AE-BF17-446B-90EC-AE3D3CE96C0C}"= UDP:c:\windows\Temp\~os71D6.tmp\ossproxy.exe:ossproxy.exe
"{75CA5DD5-142D-4FAD-BC15-8C8C14107DFA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9AEBE96A-22A8-45DC-8C2D-A7ECCE619902}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{62A95F6D-48F4-4C3D-9AD6-F59057146506}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{2C47C7C8-E408-4973-A4A9-AAFFFF03B52D}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{FBA005CA-FE8F-4DDC-AF82-46D55E40DDCD}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{6ADC6045-92C2-49BF-BBED-3BB99616430A}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"UDP Query User{AEAC2BDB-BF72-4F24-B2A3-D11415722F77}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"{78689174-2515-4DED-80BE-F66E723D4ACA}"= UDP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{6B0B0083-799B-491D-8FBF-00290B71C6AC}"= TCP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"TCP Query User{0957DEA0-21B1-4B1E-8408-649CA80A78F7}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= UDP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"UDP Query User{773573E8-D4E1-4837-ACCB-CD75DBBA23B9}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= TCP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"TCP Query User{F37864FD-D92A-44C8-BA87-DCD325B7FCFF}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{8D1DA4A1-B4B4-493B-8098-B4DF1C989B75}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{9A21D6C8-5C8D-49AA-A0E0-A183B3F0C023}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{2C8FA446-5AA4-410C-AA82-A1E62AAFD9DC}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{41DE1E8F-D62A-407A-8858-469BAD6BA780}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4689DB89-9603-46F9-B598-9F11ED59A9D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7348C1C6-031D-4599-9CC7-0E7F6738FCE8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3D7335C5-F4F7-450D-BA37-520328D50C04}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{3F7A5CD1-58A3-487E-BA01-96F632536600}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8EE3C56C-535C-4E8B-95EC-B5AA1C32247F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7DC975E3-2CCF-4970-B660-DDA211ECECD2}"= UDP:c:\windows\Temp\~osB947.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{A9FCE28D-14D6-4527-8314-AC6A73DB85D2}j:\\starcraft\\starcraft.exe"= UDP:j:\starcraft\starcraft.exe:Starcraft
"UDP Query User{50337673-C950-4E8A-BEE7-B86BA8E7E8E7}j:\\starcraft\\starcraft.exe"= TCP:j:\starcraft\starcraft.exe:Starcraft
"{0FD1680E-91A3-4835-9666-93442725ADE3}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{ECC86FD0-4297-48A2-92A2-969B3242FE8F}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{C5831C5A-9108-4E5E-ACE1-E62EBAFA4A7B}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{D8B12C13-8A9D-49C6-98F3-A1E1B87FF3DC}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{58805D09-4CE4-49C6-A7F5-11AE2C405A66}"= UDP:c:\program files\CrosuS\CrosuSApp.exe:Crosus
"{F39742C7-91D3-4603-B847-A14ECA6BE68E}"= TCP:c:\program files\CrosuS\CrosuSApp.exe:Crosus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\drivers\Achernar.sys [12/28/2008 11:43 AM 18432]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/26/2009 11:42 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/26/2009 11:42 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 11:42 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 11:42 PM 298776]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 1:32 PM 208896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/6/2009 10:07 PM 210216]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 12:13 PM 29696]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [9/27/2008 9:46 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [9/27/2008 9:46 AM 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{0B6F78EC-6022-41DD-83DC-980A10DBAF8A}.job
- c:\windows\system32\msfeedssync.exe [2008-09-27 07:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{08111E97-AB7D-B099-1D3F-F88F47E13432} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{477dfee7-cd74-aec0-169a-d8fe95706c3b} - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: games-workshop.com
Trusted Zone: nationstates.net
Trusted Zone: runescape.com
Trusted Zone: starwars.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\3x4tfghu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 00:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{38372d67-abb8-4437-ae76-35c8b3e0ef8e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,d3,32,fe,10,14,f5,65,95,c9,48,8b,ca,7b,8c,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,41,d8,65,ba,f5,4a,bb,54,f8,57,35,3c,27,2c,cd,05,e1,8e,7e,bc,
1d,d0,61,60,ad,2e,f1,58,18,9d,14,fb,45,af,37,7f,94,0e,de,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,4e,8e,a3,fb,1a,f2,19,74,3c,63,bd,7c,72,55,32,5c,7d,fb,46,b5,99,22,
a8,73,4b,df,d2,76,b2,ed,a4,30,8a,5b,cd,b5,b2,55,4d,2a,df,f7,35,01,19,44,0c,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\License information*]
"datasecu"=hex:41,a0,f1,be,07,30,cc,5f,cf,74,8f,0d,8b,20,61,2d,bf,98,20,9c,c8,
e3,80,f5,78,7e,e4,8c,27,22,09,25,29,6b,5d,74,b9,b8,49,0c,42,08,70,13,bc,2b,\
"rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-08 0:50
ComboFix-quarantined-files.txt 2009-06-08 04:50
ComboFix2.txt 2009-05-18 20:18

Pre-Run: 23,635,525,632 bytes free
Post-Run: 23,544,369,152 bytes free

687 --- E O F --- 2009-06-03 14:25

Here's the combofix report, everything turned off as instructed.

I didn't run the script to destroy the USSR Search engine because it was created by a friend.

I actually unnstalled it because I wanted some more space free on my pc(got 21GB left)

This post has been edited by Da Doom Guy: Jun 7 2009, 10:56 PM

Hello Da Doom Guy,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Malwarebytes' Anti-Malware 1.37
Database version: 2248
Windows 6.0.6001 Service Pack 1

6/8/2009 9:39:54 PM
mbam-log-2009-06-08 (21-39-54).txt

Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 638198
Time elapsed: 9 hour(s), 51 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy components (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\microsoft\Windows\start menu\Programs\privacy components\Privacy components.lnk (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.

there's the log

Hi Da Doom Guy,

Moving along now.

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ComboFix 09-06-08.05 - Bill 06/09/2009 10:39.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1118 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\klttd323.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 15:01 . 2009-06-09 15:01 -------- d-----w- c:\users\Bill\AppData\Local\temp
2009-06-09 15:01 . 2009-06-09 15:01 -------- d-----w- C:\temp
2009-06-09 15:01 . 2009-06-09 15:01 -------- d-----w- \temp
2009-06-09 14:38 . 2009-06-09 15:01 -------- d-s---w- \ComboFix
2009-06-08 15:46 . 2009-06-08 15:46 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2009-06-08 15:46 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 15:46 . 2009-06-08 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 15:46 . 2009-06-08 15:46 -------- d-----w- c:\programdata\Malwarebytes
2009-06-08 15:46 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 02:08 . 2009-06-07 02:08 -------- d-----w- c:\programdata\SiteAdvisor
2009-06-07 02:08 . 2009-06-07 02:08 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-07 02:07 . 2009-06-07 14:49 -------- d-----w- c:\program files\McAfee
2009-06-07 02:07 . 2009-06-07 02:08 -------- d-----w- c:\programdata\McAfee
2009-06-07 02:07 . 2009-06-07 02:08 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-05 14:38 . 2009-06-05 14:38 -------- d-----w- C:\Matrix Games
2009-06-05 14:38 . 2009-06-05 14:38 -------- d-----w- \Matrix Games
2009-06-05 05:39 . 2009-06-05 05:39 -------- d-----w- c:\program files\Mario Forever
2009-06-04 06:44 . 2008-10-30 13:15 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2009-06-04 06:44 . 2009-06-04 07:29 -------- d-----w- c:\program files\CrosuS
2009-06-04 00:25 . 2009-06-04 00:25 -------- d-----w- c:\program files\Digital Reality
2009-05-29 00:58 . 2004-02-02 00:50 131072 ----a-w- c:\windows\system32\LuaDC.dll
2009-05-29 00:58 . 2002-03-13 20:46 53248 ----a-w- c:\windows\system32\zlib.dll
2009-05-27 22:51 . 2006-11-01 18:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-27 22:51 . 2006-11-01 18:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-27 22:10 . 1999-09-20 12:18 180 ------w- c:\windows\system32\msftpd.exe
2009-05-27 22:10 . 2009-05-27 22:10 -------- d-----w- C:\FT Demo
2009-05-27 22:10 . 2009-05-27 22:10 -------- d-----w- \FT Demo
2009-05-21 13:38 . 2009-05-21 13:38 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-18 20:03 . 2009-06-09 14:39 -------- d---a-w- \Qoobox
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\windows\system32\AGEIA
2009-05-18 01:07 . 2009-05-18 01:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-18 00:20 . 2009-05-18 00:20 290816 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-17 22:46 . 2009-05-18 00:20 -------- d-----w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-17 22:46 . 2009-05-17 22:46 207872 ----a-w- c:\users\Bill\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-16 14:06 . 2009-05-16 14:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 13:29 . 2009-05-15 13:29 -------- d-----w- c:\program files\CONEXANT
2009-05-13 21:29 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-13 20:45 . 2009-05-13 20:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 14:31 . 2008-06-19 22:19 -------- d-----w- c:\program files\Steam
2009-06-09 14:30 . 2009-05-18 01:13 31776 ----a-w- c:\programdata\nvModes.dat
2009-06-09 14:30 . 2008-09-13 03:16 2145869824 --sha-w- \hiberfil.sys
2009-06-09 14:30 . 2007-04-21 10:35 2459709440 --sha-w- \pagefile.sys
2009-06-07 02:07 . 2008-05-14 20:59 -------- d-----w- c:\program files\Yahoo!
2009-06-06 18:16 . 2008-01-02 22:06 2708 ----a-w- c:\users\Bill\AppData\Local\d3d9caps.dat
2009-06-05 15:01 . 2009-03-09 16:47 -------- d-----w- c:\program files\Midway Home Entertainment
2009-06-05 14:37 . 2008-01-09 22:05 737280 ----a-w- c:\windows\iun6002.exe
2009-06-04 06:47 . 2007-12-29 21:41 -------- d-----w- c:\program files\Warcraft III
2009-06-04 06:30 . 2007-04-21 10:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 00:00 . 2008-09-05 20:36 -------- d-----w- c:\users\Bill\AppData\Roaming\gtk-2.0
2009-05-25 05:00 . 2009-02-24 00:11 -------- d-----w- c:\users\Bill\AppData\Roaming\FrostWire
2009-05-24 20:40 . 2008-01-20 22:25 -------- d-----w- c:\program files\LucasArts
2009-05-20 19:18 . 2008-09-23 00:43 34 ----a-w- c:\users\Bill\jagex_runescape_preferences.dat
2009-05-19 14:39 . 2008-06-19 22:29 -------- d-----w- c:\program files\Common Files\Steam
2009-05-18 01:15 . 2008-01-03 21:47 -------- d-----w- c:\programdata\NVIDIA
2009-05-14 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-14 02:32 . 2007-08-01 15:58 -------- d-----w- c:\program files\Google
2009-05-13 21:43 . 2008-01-09 21:47 -------- d-----w- c:\program files\EA GAMES
2009-05-08 17:52 . 2008-05-01 18:16 -------- d-----w- c:\users\Bill\AppData\Roaming\My Battle for Middle-earth™ II Files
2009-05-06 00:16 . 2009-05-06 00:09 -------- d-----w- c:\program files\epsxe170
2009-05-06 00:05 . 2009-05-06 00:05 -------- d-----w- c:\users\Bill\AppData\Roaming\fltk.org
2009-05-05 18:20 . 2008-06-03 21:53 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-05 00:23 . 2007-12-30 02:25 -------- d-----w- c:\program files\Sony
2009-05-05 00:23 . 2008-06-03 21:52 -------- d-----w- c:\programdata\Sony
2009-05-04 02:25 . 2009-05-04 02:25 -------- d-----w- c:\program files\Microsoft.NET
2009-05-04 02:21 . 2008-04-29 18:06 -------- d-----w- c:\program files\Sony Setup
2009-05-03 18:19 . 2009-05-03 18:19 -------- d-----w- c:\users\Bill\AppData\Roaming\.bsnes
2009-05-03 15:51 . 2009-05-03 15:44 -------- d-----w- c:\program files\GCFScape
2009-05-01 22:14 . 2009-03-27 03:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-01 22:14 . 2009-03-27 03:42 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 22:14 . 2007-09-30 22:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 22:13 . 2009-03-27 03:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 04:08 . 2009-05-01 04:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2008-04-30 12:38 -------- d-----w- c:\users\Bill\AppData\Roaming\Publish Providers
2009-05-01 04:08 . 2009-05-01 04:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-05-01 04:07 . 2009-05-01 04:07 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-05-01 04:07 . 2009-05-01 04:07 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 4020768 ----a-w- c:\windows\system32\nvdisps.dll
2009-05-01 04:07 . 2009-05-01 04:07 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-05-01 04:07 . 2009-05-01 04:07 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-05-01 04:07 . 2009-05-01 04:07 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-05-01 04:07 . 2009-05-01 04:07 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-05-01 04:07 . 2009-05-01 04:07 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-05-01 04:07 . 2009-05-01 04:07 13781536 ----a-w- c:\windows\system32\nvcpl.dll
2009-05-01 04:07 . 2009-05-01 04:07 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-05-01 02:02 . 2009-05-01 02:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2009-05-01 02:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-05-01 02:02 . 2009-05-01 02:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2008-05-16 16:24 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 00:45 . 2009-05-01 00:45 -------- d-----w- c:\users\Bill\AppData\Roaming\TortoiseSVN
2009-05-01 00:14 . 2009-05-01 00:14 -------- d-----w- c:\users\Bill\AppData\Roaming\Subversion
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w- c:\program files\TortoiseSVN
2009-05-01 00:01 . 2009-05-01 00:01 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-04-30 00:08 . 2009-04-29 23:56 -------- d-----w- c:\program files\Project64 1.6
2009-04-29 23:56 . 2009-04-29 23:56 8854 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-29 23:56 . 2009-04-29 23:56 40960 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-29 23:56 . 2009-04-29 23:56 40960 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-27 04:42 . 2008-09-13 03:04 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-25 16:47 . 2008-10-15 15:46 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 16:46 . 2008-10-15 15:45 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-25 03:58 . 2008-10-15 15:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-25 03:15 . 2009-04-25 03:15 22328 ----a-w- c:\users\Bill\AppData\Roaming\PnkBstrK.sys
2009-04-25 03:15 . 2009-04-25 03:15 22328 ----a-w- c:\users\Bill\AppData\Roaming\PnkBstrK.sys
2009-04-25 03:15 . 2009-04-25 03:15 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-25 03:15 . 2009-04-25 03:15 -------- d-----w- c:\programdata\id Software
2009-04-24 02:32 . 2009-01-30 00:54 -------- d-----w- c:\programdata\Media Center Programs
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-22 01:52 . 2009-04-21 22:49 -------- d-----w- c:\users\Bill\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2009-04-21 22:49 . 2008-10-12 22:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-21 22:27 . 2008-05-01 17:42 -------- d-----w- c:\program files\Electronic Arts
2009-04-21 21:43 . 2009-04-21 21:42 -------- d-----w- c:\users\Bill\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2009-04-21 21:41 . 2009-04-21 21:41 -------- d--h--r- c:\users\Bill\AppData\Roaming\SecuROM
2009-04-21 21:41 . 2008-01-26 04:15 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-04-20 21:09 . 2009-02-24 00:10 -------- d-----w- c:\program files\FrostWire
2009-04-20 20:54 . 2009-04-20 20:54 -------- d-----w- c:\program files\Incomplete
2009-04-20 20:53 . 2009-03-15 02:48 -------- d-----w- c:\program files\LimeWire
2009-04-20 03:18 . 2008-01-10 00:52 -------- d-----w- c:\program files\Guild Wars
2009-04-16 04:31 . 2009-04-16 04:31 -------- d-----w- c:\program files\3000AD
2009-04-14 21:30 . 2009-04-14 21:30 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-04-14 20:13 . 2009-04-14 20:13 -------- d-----w- c:\program files\Pollux Gamelabs
2009-04-12 00:33 . 2009-04-12 00:31 -------- d-----w- c:\program files\Spiderman
2009-04-04 19:49 . 2009-04-04 19:49 15240 ----a-w- c:\users\Bill\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-01 21:43 . 2009-04-01 21:43 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-04-01 21:43 . 2009-04-01 21:43 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-04-01 21:32 . 2009-04-01 21:32 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-03-17 03:38 . 2009-04-16 00:07 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 00:07 24064 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-08_04.47.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-21 10:46 . 2009-06-09 14:32 99012 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-09 14:32 70716 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-07-28 17:01 . 2009-06-09 14:32 21622 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-269047593-2358176518-1712421543-1001_UserData.bin
- 2007-07-28 17:01 . 2009-06-08 03:09 21622 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-269047593-2358176518-1712421543-1001_UserData.bin
- 2009-06-08 04:24 . 2009-06-08 04:24 5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
+ 2009-06-09 14:32 . 2009-06-09 14:32 5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
- 2009-06-08 04:26 . 2009-06-08 04:26 5882 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\Data.dat
+ 2009-06-09 14:33 . 2009-06-09 14:33 5882 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\6B4C27592649412FC24F35D9CB1FC7EBF0F2ED17\Data.dat
+ 2009-06-09 14:33 . 2009-06-09 14:33 5438 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\13782AEBEF3851C13C48DBDCAF209A35E171D741\13782AEBEF3851C13C48DBDCAF209A35E171D741\Data.dat
- 2009-06-08 03:07 . 2009-06-08 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-09 14:30 . 2009-06-09 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-09 14:30 . 2009-06-09 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-08 03:07 . 2009-06-08 03:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-09 14:37 668312 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-08 03:13 668312 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-09 14:37 130400 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-08 03:13 130400 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-05-18 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E08AE05-29F9-4FA2-A855-BC94B1812FEC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8AD4B445-2665-49C1-868C-57B236CEDCA4}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{CEE89B6C-00C8-4144-B5A6-0476047653A5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{43127B7F-6787-4AC9-98E9-5FB21C41FD6A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{92363EFE-3ED7-45D5-8406-56DA8AEEF7E2}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{1FBA613B-8DB4-4AC4-B1BF-F0D97D0E2198}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{25C42470-733A-44AA-9C25-08180AF8F86B}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{E5C1C5C6-E862-46F7-9566-D884DD2BFAC3}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E4CE3B3A-59B8-4E11-8F2A-7993F4B86185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6485DC41-213D-4A8D-AA8B-551F99D23BE9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{12619514-D9E8-4900-9E4D-ECDF93F13427}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{944880D9-B475-483D-BC04-009A3F5E2CE7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DE12E2DE-87E7-44F8-B3EE-2959C4DB6C77}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D51E78BF-818E-445C-943E-B27861212FF5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B343D754-39E2-4A80-A438-69DDF0E22CFC}"= Disabled:UDP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"{31C6F872-AA7F-4341-96B6-DFF107ECC198}"= Disabled:TCP:c:\users\Bill\AppData\Local\Temp\7zS5E64.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{C352E295-B7BC-477D-ADDB-C4810E08659C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0109439E-45F1-41F1-B7F0-6748A2A8A15F}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{136AB26F-A23B-466C-B39C-10BCC2771E14}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{7F47E8DB-88D2-4EBF-B627-A8035304EE53}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{AE3FF1C4-0F8D-4AB5-9617-D07E6E16007B}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{629EA833-B25E-4DB7-A58A-80A5256EF445}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{C52C77A0-3402-4108-A038-D8A5CED973EF}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{5415322A-73C4-44F6-818B-CA08E872D5E9}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{7208035F-AF23-4BB7-997A-857AE477148B}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{2A76038B-8B01-423E-9600-A4FC876EE5FF}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{36B3B922-A508-44B3-AC3F-94F69ACA6150}"= UDP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"{3F361C0F-87F8-43A0-BED3-8AF0145E54E8}"= TCP:c:\program files\Microsoft Games\Rise of Nations\thrones.exe:Rise of Nations
"TCP Query User{CE26D9F6-CE56-45AE-9407-7435AFBBEEA8}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= UDP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"UDP Query User{80CA91EF-0DDF-4B6B-BE3B-1B71B9C7AF28}c:\\program files\\ea games\\the battle for middle-earth ™\\patchget.dat"= TCP:c:\program files\ea games\the battle for middle-earth ™\patchget.dat:patchgrabber
"{0B5AB7DE-E09D-4C13-87C4-1605F9CE967B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6A2F1A66-CEE5-4C59-B56D-0430BE55ECFA}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{64FC9C59-0F70-4747-847A-917A01DB97F1}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{96D8C8C1-80D0-48BA-8C5A-3B9C74D79FEF}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= UDP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"UDP Query User{B86C1014-6FEC-4735-83A8-F5A35B5F225B}c:\\users\\bill\\wow-2.0.0-enus-installer-downloader.exe"= TCP:c:\users\bill\wow-2.0.0-enus-installer-downloader.exe:wow-2.0.0-enus-installer-downloader.exe
"TCP Query User{3781B50F-2F49-46F6-9F09-91E0CC9FB9D4}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3865A410-5CC0-4A4F-8F3E-C56916B57170}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{616AD601-2940-42E3-B506-9EC7E0DFCD99}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{86280A6F-3C16-4C13-87B8-603434E99CDA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{62508D56-7C80-40A8-8469-3CD4EB387B17}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{3986D233-EAC6-4439-87B5-5F3C8A0EB5AC}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"{1C049293-D22A-48CC-906B-501858B7641A}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{4DE24660-3D79-4483-8D41-856338E890F3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{75AA3FAA-56D3-4B1C-B955-0F7809383101}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{63D8AA64-A223-4B73-A602-C5B3888D6EC3}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{0E110257-B05F-4EF8-AFEC-13FB69183D62}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E39EC2E6-DF3B-4D78-81CB-DF34DF2E5C1B}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{24646C0D-1E5B-4AB4-B040-F102B7E7BB9D}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{E02DBA53-13CF-4CE1-BF72-492811B8B7BD}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{0CC14753-C322-4562-AAE1-F4EB35630349}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{887FD0C2-5E26-4C14-B540-7E6302ED18F2}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{02178F8D-6559-4E3D-9F0A-DA5DC4C2E216}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{51DDBA45-F2D1-47AD-8C55-CA5A14762E08}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{A7667F82-3934-4514-A567-20F52F70B024}c:\\program files\\atari\\axis & allies\\aa.exe"= UDP:c:\program files\atari\axis & allies\aa.exe:AA
"UDP Query User{A23EE927-3D6A-4D9E-B660-B7A834D7D2C0}c:\\program files\\atari\\axis & allies\\aa.exe"= TCP:c:\program files\atari\axis & allies\aa.exe:AA
"TCP Query User{991808B7-ACE9-477A-A877-6BB1AC746554}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{E9809A84-6E5E-4B35-92F0-15777DC82B3F}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{ADA3D4B2-D0A9-40A9-9F5D-220BCC310664}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{E3AC20E4-227E-46D8-9D8F-97F0A4049042}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{B20C09BB-6867-46DA-B238-53FB6CC0E700}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{FC83E912-5AC7-457C-B6C5-1B57F087948E}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{706902E4-9CF7-4FF5-A05A-0253BC0E12AC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62A96C04-99EB-4BA0-9E2C-572E913ACDF2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E32A2595-2054-4A80-AD01-45F75EFE38B6}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{7AF5EF37-9A7D-43A8-839B-22F092866F5E}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{C1F9108F-CF80-4FEE-872C-B9E8A7DCA49F}"= UDP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"{319DA0B3-4219-4B4F-AC0C-C789CE661448}"= TCP:c:\program files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars™: Empire at War™: Forces of Corruption™
"TCP Query User{CD5723DE-60B4-492C-99C0-9703701B00D3}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= UDP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"UDP Query User{57B49C85-110E-4D19-962B-B25D0649D223}j:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= TCP:j:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW
"{D3EEAB74-0179-4930-B68B-4180A044F218}"= UDP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"{3185CC47-7DE2-47AA-8D6C-1C406B938909}"= TCP:j:\program files\EA GAMES\The Battle for Middle-earth ™\game.dat:The Battle for Middle-earth ™
"TCP Query User{0338224C-024A-406B-AD66-949F526C0AD0}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{E3A9A5E1-F84A-4982-9610-8DF6891F6BA7}c:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{9915D440-5BA6-4F79-AB00-76EF17FDC633}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{6AE36A6F-9923-41A6-803B-1E045C25C6E1}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{9924839A-BF3B-4088-8955-EA262992B81C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{44611565-CCE9-43CA-9723-34FCF836F75B}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe:Main executable for Tiberian Sun
"{B6667F6B-5711-40DE-850C-4CCCA247F39A}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{ABD5DD0F-8630-4154-86F4-AE464383375F}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{FF47E40B-2954-4C89-A22C-C9A75B9AB492}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= UDP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"UDP Query User{555B963C-95F4-4CFD-8F72-B0BD48CFFBB2}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= TCP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations
"TCP Query User{90542C4F-A05C-4B30-A53D-AB21B630C717}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{DF64320C-DD1A-4C70-8C1E-D39FAE7F24CB}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{97515018-6AD3-4FFE-B462-2545F4395441}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{2925D282-5720-4EFA-8040-CFCB4261D420}j:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:j:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{713F97DE-D064-4700-8FF8-D21C97347B64}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{30BC75CF-64BA-4117-A715-B29878204E73}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{C7DCDB99-D71C-434A-B8AC-8CFD7ABBD75B}j:\\program files\\call of duty\\codmp.exe"= UDP:j:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{EB428A05-5F71-4C99-96D4-07FBFF47D27A}j:\\program files\\call of duty\\codmp.exe"= TCP:j:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{B6A40926-B237-4838-8750-A819E96ED3AF}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{919A188E-F760-4252-99E8-96B4A497CFC4}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{262DE056-90E9-4AFA-AB4D-0BABA8CF73AE}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{5756675A-0209-4102-A14B-D915827B2434}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{7C3AAD3E-930E-45FC-B5CB-DED218523DD8}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{1D542D76-3AE6-4A6A-B81C-513FF9E71B4D}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{077F5CF7-685A-4390-BF5A-A6A74EA60E05}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{AC44E92C-F0DF-4791-8558-640303CC2BCC}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{B2E17F4F-E2E8-4C43-B97F-4BA0C6A79C30}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= UDP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"UDP Query User{CC59E66D-B717-4F84-863A-F554BF975B23}c:\\program files\\sierra\\empire earth ii\\ee2x.exe"= TCP:c:\program files\sierra\empire earth ii\ee2x.exe:Empire Earth II: The Art of Supremacy
"TCP Query User{54171E41-6DB7-497B-910C-183DB605BD4F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7EF9A23C-E405-4BA3-89D6-CC58FE61EF79}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{98D79AA9-1FF5-4218-9D30-7AB7DF4EE1BE}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"{6ABE3629-A62F-4C10-8F81-4B7617982423}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:The Battle for Middle-earth™ II
"TCP Query User{201331DB-A8CD-450C-A1A5-3BB3001F5466}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{FB05B732-683F-4C1F-9353-9A33DDAFC6E7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{6FD39D2D-D05F-408D-8C8E-2AA8AE9152CD}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{F133EE3A-098F-4E33-ABB8-83E9B7EFEF41}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{94EF3D9B-2F1B-4453-B3D4-058A65452BDE}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{64B11F26-BF5F-4203-88C6-CFD0033FE1D6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{24642E68-8E52-4355-BC89-E55623AD77F9}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{8CAF7734-33F5-4DD9-AD35-23934DB0B200}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3B88E914-48BC-41F1-BCF9-570BDE15286B}c:\\users\\bill\\program files\\dna\\btdna.exe"= UDP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"UDP Query User{EE764B46-A980-414B-BEB4-50668AC0C4D5}c:\\users\\bill\\program files\\dna\\btdna.exe"= TCP:c:\users\bill\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2092D855-AFCA-432B-AFE2-30902FE0D765}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C0AD94A3-467D-45B3-BA47-0F85E87C6F48}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{CFF8E426-9CD0-4FED-A92C-E6A7E9328012}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E6A6279-38F7-4E70-A42D-4FAB5C967A0F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{112EE7C1-DBF4-4327-825D-9C489C41F871}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{88465BAD-574B-4156-AC08-8AAFC8904A6D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B8B39E06-E6C2-4FC2-8D9F-0F77972D9695}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{73FA97A3-B1F2-451F-BCBA-EEA102815424}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{920B712B-9BF4-4A2A-BB25-D7503DC6F9AC}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= UDP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"UDP Query User{DE5E95D5-3A1C-49DC-97A8-EB1BD802B55F}c:\\program files\\stardock\\sdcentral\\sdcentral.exe"= TCP:c:\program files\stardock\sdcentral\sdcentral.exe:Stardock Central
"{9ADD150E-D167-4CED-AB2B-A035EBF830BB}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{82786D3D-116F-41B3-84D3-33A67B2F23F6}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E136AF00-BE5E-41D3-A7F1-227A83561E31}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{FF74DD82-1D54-47F4-83BF-2E0317026354}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{3B137F77-6627-4B23-88BB-29888883D540}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B96ADE7C-CE5B-4B88-A398-12D18A923CA9}c:\\program files\\steam\\steamapps\\yarrick20\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\half-life 2 deathmatch\hl2.exe:hl2
"{85E90AFA-9B61-4D70-8745-E93343CEFFB1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2FC04D75-60C0-4DA8-9ED9-E8EB88FBBBA6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{03B2ED58-9295-4E1A-91AA-D09F30903D72}"= UDP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"{9436F4B3-27C2-4F5D-AC25-E9FB8F061E94}"= TCP:c:\program files\LiberTV\LiberTV.exe:LiberTV Player
"TCP Query User{54D26C84-B0E9-40C3-AC99-6ACEA42BD175}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{80ECAE73-FFFC-433B-889C-BD12603FC555}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{ADF8446B-080F-4C26-BAEF-E66CF423B3DB}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{6E0A5A95-2E54-4619-A440-FAC3D73B1B18}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{83DFB048-9C17-4306-AB2A-1DE53D9E777B}c:\\program files\\netbattleship\\battleship.exe"= UDP:c:\program files\netbattleship\battleship.exe:BattleShip
"UDP Query User{4AEFA628-F793-4528-9CD0-31812DE0063B}c:\\program files\\netbattleship\\battleship.exe"= TCP:c:\program files\netbattleship\battleship.exe:BattleShip
"TCP Query User{66270228-390A-4CE6-8216-A07700A1D48B}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{94278B84-35ED-4054-98C9-9DB482A954E6}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"{757C98C3-7540-4DA6-8B23-6C492145B133}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{B264F731-866E-4660-9752-B3D831662FA4}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"TCP Query User{7297D068-6FE7-49C8-A375-4E5E4424EA1F}c:\\program files\\3do\\army men rts\\army men rts.exe"= UDP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"UDP Query User{6EF176A2-5F9F-4A35-9DC2-AC2EAF69B878}c:\\program files\\3do\\army men rts\\army men rts.exe"= TCP:c:\program files\3do\army men rts\army men rts.exe:Army Men RTS
"TCP Query User{D84D87A9-40EF-4824-86BB-427958F9887C}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= UDP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"UDP Query User{0E3D3B5F-3C45-4374-820F-8B26D05F3DEA}c:\\users\\bill\\appdata\\local\\temp\\rar$ex01.450\\cossaks\\dmcr.exe"= TCP:c:\users\bill\appdata\local\temp\rar$ex01.450\cossaks\dmcr.exe:dmcr.exe
"TCP Query User{DE1F89BE-F457-4D04-A7AA-9DB936608846}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{8A8C4A72-9611-4E82-BF7A-137B4E588032}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{22BE6D27-A334-4F26-9732-F93C8F6775C1}"= UDP:c:\windows\Temp\~os61EE.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{BE3729C2-EC53-4F33-BFEC-1DB0A81894C5}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{0FC5A59E-E0C8-4C15-90AF-F202F176B4CC}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{D19D3E96-67E9-478F-ABF3-D0EE155F9F1E}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{B114AAB5-8B90-4A98-BAB1-CE5F87A657AA}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"TCP Query User{FD1AA35B-6EEC-4096-9542-D38B2AD28C7D}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= UDP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"UDP Query User{42CFCBCE-D10B-49D0-8687-FF7AE1A48306}c:\\program files\\starwarsgalaxies\\swgclient_r.exe"= TCP:c:\program files\starwarsgalaxies\swgclient_r.exe:SwgClient_r
"TCP Query User{C6613558-FC1E-466B-AB75-0E55C64DD959}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{CBE5997F-B20E-421A-98E2-EF3549BFA6A7}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\gamemd.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{1A8FD464-E268-4ACC-9234-A7922B922CE7}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{38C920E8-C345-465B-9495-9A0E1B12D696}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"{89EA5414-765E-4394-8BBF-0EC4DF2C51AC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{38F85E00-525A-491D-8DAA-487A21072883}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C2A9BA33-1B54-43D6-BFF8-DD8274E38B33}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B18210A-79D2-49FE-AD1A-88067BBE7B70}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AFE0AE9C-E4E6-4387-991E-C2431ABA793D}c:\\program files\\kali95\\kali.exe"= UDP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"UDP Query User{90049B67-D726-4E0D-9507-60A0757B98A0}c:\\program files\\kali95\\kali.exe"= TCP:c:\program files\kali95\kali.exe:Kali II (Ver 2.613)
"TCP Query User{20BA518D-9897-483A-A0A0-73A0FA0B4044}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"UDP Query User{0C21B453-9C48-4F99-BBC4-2AAC417F5D4C}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ tiberian sun™\\sun\\dta.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\dta.exe:Main executable for Tiberian Sun
"{52D6C540-869A-459B-BEB6-50B8BBA64156}"= UDP:86:BroadCam Web Server
"TCP Query User{B45B3A1C-8338-4927-A095-C8A385A8D0DB}c:\\doomsday\\bin\\doomsday.exe"= UDP:c:\doomsday\bin\doomsday.exe:Doomsday
"UDP Query User{E6090E32-DFF4-45B9-8A36-29ED6E061470}c:\\doomsday\\bin\\doomsday.exe"= TCP:c:\doomsday\bin\doomsday.exe:Doomsday
"{4AB88326-30E4-4C9A-9DDB-BD81365816B9}"= UDP:c:\windows\Temp\~os873A.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{28E40DD4-A5D6-41D0-A62B-A2AA48B0D9AA}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"UDP Query User{EB5306D2-27B6-4EFC-96DC-91C4D4745607}c:\\program files\\steam\\steamapps\\yarrick20\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\zombie panic! source\hl2.exe:hl2
"TCP Query User{E599EA44-36C6-4B9C-8C18-45FF8904628F}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"UDP Query User{9D8F2767-633E-49EA-A89F-6D903470B002}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\sweaw.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe:Star Wars: Empire at War
"TCP Query User{E9562E4D-75A2-4DF0-8635-CFC64A70992B}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{D98590B0-15AD-4BFB-A0D4-C6205FD9E80F}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{82871D64-C7C4-484B-83A7-B1C6304D8E12}"= UDP:c:\windows\Temp\~os94FF.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{B7205484-CAA0-472E-BC49-A58944840735}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{3F383EF5-59ED-4CB8-AA6D-00BBEB8FA5DC}c:\\users\\bill\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\bill\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{CCA31625-FDDA-4BE8-89C2-A2D848E184C3}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{80FE052E-F5A4-485D-BCAD-B22BE131B986}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{AACD6CC3-A4FC-4975-9161-A4094E751803}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{16C4C627-0D14-4527-A1CB-975BCDD8400B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"TCP Query User{07E23151-B4AF-47B5-B0E4-24BE4893C4CC}c:\\alien arena 2008\\crx.exe"= UDP:c:\alien arena 2008\crx.exe:crx
"UDP Query User{E831E684-23A7-49E3-B909-EEE62573322A}c:\\alien arena 2008\\crx.exe"= TCP:c:\alien arena 2008\crx.exe:crx
"TCP Query User{4985048C-6E67-4EAA-A35C-EEE58DC95A4A}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= UDP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"UDP Query User{331B65BE-8145-45D1-A99D-F1997D146A9F}c:\\users\\bill\\desktop\\anarchyonline_17.9.1-large.exe"= TCP:c:\users\bill\desktop\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"TCP Query User{42ABB59B-7E58-4663-BAC2-C09EDCDA1555}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{E5D6768D-7235-4687-9341-1BD25DE055B5}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"TCP Query User{51914876-18B6-4C32-82AC-C7E494948D86}c:\\program files\\doom 3\\doom3.exe"= UDP:c:\program files\doom 3\doom3.exe:DOOM 3
"UDP Query User{31B6C80A-E479-4F47-B58B-76C9920DB2EF}c:\\program files\\doom 3\\doom3.exe"= TCP:c:\program files\doom 3\doom3.exe:DOOM 3
"{5FE529B2-7654-49DA-9650-64644429AA4A}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{D70F35AE-45F2-417E-8750-6CEB461F2F90}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{682572DE-3511-47D2-9639-344A24361A09}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{2D837C8E-654A-4E66-B336-36FB2ACEB6BD}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"{EA45607E-6182-42C4-A4DF-EFA3BB6D97EF}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{924FEA48-E797-46ED-A885-D3D5D19545F0}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{8EB06BC8-729F-4CC9-9433-60DFB0F925E2}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"UDP Query User{19AA014C-C012-4458-8947-BBFB20228EEF}c:\\program files\\steam\\steamapps\\yarrick20\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\source sdk base\hl2.exe:hl2
"TCP Query User{A9D81BFC-C1B9-4C61-B6A6-6824B7D50BE9}c:\\program files\\zdaemon\\zlauncher.exe"= UDP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{A1FAC889-2162-4A90-8A94-42F2EF4CADE0}c:\\program files\\zdaemon\\zlauncher.exe"= TCP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{AD42E9A5-B0AA-4B60-AE96-6B989BCAA913}c:\\program files\\midway home entertainment\\area-51\\a51"= UDP:c:\program files\midway home entertainment\area-51\a51:A51
"UDP Query User{BEA2D15E-CBC6-46DB-AAD7-60ED443195BB}c:\\program files\\midway home entertainment\\area-51\\a51"= TCP:c:\program files\midway home entertainment\area-51\a51:A51
"TCP Query User{C0BF50B7-D9A6-4CAE-89C1-EDF354DB5D9A}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"UDP Query User{72121048-DEA2-40A2-A81F-10440E209E90}c:\\program files\\steam\\steamapps\\yarrick20\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\garrysmod\hl2.exe:hl2
"TCP Query User{D36E4B95-49C8-487E-88E6-F4B3EC8A21D8}c:\\program files\\relevantknowledge\\rlvknlg.exe"= UDP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"UDP Query User{3201E0BD-6B53-403E-9FF0-B3B85AEBC60A}c:\\program files\\relevantknowledge\\rlvknlg.exe"= TCP:c:\program files\relevantknowledge\rlvknlg.exe:rlvknlg.exe
"TCP Query User{132AF9A4-74C5-4CAF-A3E6-6D5461FB363E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"UDP Query User{6EE2DCB2-692E-433D-A2B2-E283B363929E}c:\\program files\\steam\\steamapps\\yarrick20\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\counter-strike source\hl2.exe:hl2
"TCP Query User{49562FDB-CCB4-47BE-A25B-45F44E5AE7BC}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"UDP Query User{BF2735FE-AA34-44BA-BE20-983C4200DD2E}c:\\program files\\steam\\steamapps\\yarrick20\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\day of defeat source\hl2.exe:hl2
"{FD8232AE-BF17-446B-90EC-AE3D3CE96C0C}"= UDP:c:\windows\Temp\~os71D6.tmp\ossproxy.exe:ossproxy.exe
"{75CA5DD5-142D-4FAD-BC15-8C8C14107DFA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{9AEBE96A-22A8-45DC-8C2D-A7ECCE619902}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{62A95F6D-48F4-4C3D-9AD6-F59057146506}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{2C47C7C8-E408-4973-A4A9-AAFFFF03B52D}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{FBA005CA-FE8F-4DDC-AF82-46D55E40DDCD}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{6ADC6045-92C2-49BF-BBED-3BB99616430A}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"UDP Query User{AEAC2BDB-BF72-4F24-B2A3-D11415722F77}c:\\program files\\steam\\steamapps\\yarrick20\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\yarrick20\age of chivalry\hl2.exe:hl2
"{78689174-2515-4DED-80BE-F66E723D4ACA}"= UDP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{6B0B0083-799B-491D-8FBF-00290B71C6AC}"= TCP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"TCP Query User{0957DEA0-21B1-4B1E-8408-649CA80A78F7}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= UDP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"UDP Query User{773573E8-D4E1-4837-ACCB-CD75DBBA23B9}c:\\program files\\midway home entertainment\\rise and fall\\riseandfall.exe"= TCP:c:\program files\midway home entertainment\rise and fall\riseandfall.exe:Rise And Fall
"TCP Query User{F37864FD-D92A-44C8-BA87-DCD325B7FCFF}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{8D1DA4A1-B4B4-493B-8098-B4DF1C989B75}c:\\users\\bill\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\bill\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{9A21D6C8-5C8D-49AA-A0E0-A183B3F0C023}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{2C8FA446-5AA4-410C-AA82-A1E62AAFD9DC}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert™ ii\\ra2\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe:Main executable for Red Alert 2
"{41DE1E8F-D62A-407A-8858-469BAD6BA780}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4689DB89-9603-46F9-B598-9F11ED59A9D5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7348C1C6-031D-4599-9CC7-0E7F6738FCE8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3D7335C5-F4F7-450D-BA37-520328D50C04}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{3F7A5CD1-58A3-487E-BA01-96F632536600}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8EE3C56C-535C-4E8B-95EC-B5AA1C32247F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7DC975E3-2CCF-4970-B660-DDA211ECECD2}"= UDP:c:\windows\Temp\~osB947.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{A9FCE28D-14D6-4527-8314-AC6A73DB85D2}j:\\starcraft\\starcraft.exe"= UDP:j:\starcraft\starcraft.exe:Starcraft
"UDP Query User{50337673-C950-4E8A-BEE7-B86BA8E7E8E7}j:\\starcraft\\starcraft.exe"= TCP:j:\starcraft\starcraft.exe:Starcraft
"{0FD1680E-91A3-4835-9666-93442725ADE3}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{ECC86FD0-4297-48A2-92A2-969B3242FE8F}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{C5831C5A-9108-4E5E-ACE1-E62EBAFA4A7B}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{D8B12C13-8A9D-49C6-98F3-A1E1B87FF3DC}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{58805D09-4CE4-49C6-A7F5-11AE2C405A66}"= UDP:c:\program files\CrosuS\CrosuSApp.exe:Crosus
"{F39742C7-91D3-4603-B847-A14ECA6BE68E}"= TCP:c:\program files\CrosuS\CrosuSApp.exe:Crosus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\drivers\Achernar.sys [12/28/2008 11:43 AM 18432]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/26/2009 11:42 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/26/2009 11:42 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/26/2009 11:42 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/26/2009 11:42 PM 298776]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 1:32 PM 208896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/6/2009 10:07 PM 210216]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 12:13 PM 29696]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [9/27/2008 9:46 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [9/27/2008 9:46 AM 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{0B6F78EC-6022-41DD-83DC-980A10DBAF8A}.job
- c:\windows\system32\msfeedssync.exe [2008-09-27 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: games-workshop.com
Trusted Zone: nationstates.net
Trusted Zone: runescape.com
Trusted Zone: starwars.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\3x4tfghu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 11:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{38372d67-abb8-4437-ae76-35c8b3e0ef8e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,d3,32,fe,10,14,f5,65,95,c9,48,8b,ca,7b,8c,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):96,41,d8,65,ba,f5,4a,bb,54,f8,57,35,3c,27,2c,cd,05,e1,8e,7e,bc,
1d,d0,61,60,ad,2e,f1,58,18,9d,14,fb,45,af,37,7f,94,0e,de,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,4e,8e,a3,fb,1a,f2,19,74,3c,63,bd,7c,72,55,32,5c,7d,fb,46,b5,99,22,
a8,73,4b,df,d2,76,b2,ed,a4,30,8a,5b,cd,b5,b2,55,4d,2a,df,f7,35,01,19,44,0c,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001\Software\SecuROM\License information*]
"datasecu"=hex:41,a0,f1,be,07,30,cc,5f,cf,74,8f,0d,8b,20,61,2d,bf,98,20,9c,c8,
e3,80,f5,78,7e,e4,8c,27,22,09,25,29,6b,5d,74,b9,b8,49,0c,42,08,70,13,bc,2b,\
"rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001_Classes\CLSID\{392cdb74-31d5-4039-9e78-dd66d0b6519b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010f
"Therad"=dword:00000009

[HKEY_USERS\S-1-5-21-269047593-2358176518-1712421543-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):09,1b,f1,81,77,b0,40,b2,c3,20,e5,c4,05,6f,9a,3a,d7,0a,8d,6a,57,
97,d7,43,5f,42,38,27,9c,5d,33,1a,57,73,a3,64,3d,9d,25,8e,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-09 11:08
ComboFix-quarantined-files.txt 2009-06-09 15:08
ComboFix2.txt 2009-06-08 04:50
ComboFix3.txt 2009-05-18 20:18

Pre-Run: 21,900,341,248 bytes free
Post-Run: 21,779,169,280 bytes free

613 --- E O F --- 2009-06-03 14:25

here.

Hello Da Doom Guy,

Download Lop S&D by Eric_71 and save it to your desktop.

Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon.

• Double-click LopSD.exe
  If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
• Type 2 to choose Option 2 (Fix + Hosts), then press Enter
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 4400 @ 2.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Bill ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:289 Go (Free:20 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:0 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - NTFS - Total:31 Go (Free:20 Go)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Tue 06/09/2009|22:28 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[01/25/2009|01:43] C:\Users\Bill\AppData\Local\<DIR> ’&
[01/24/2009|12:02] C:\Users\Bill\AppData\Local\<DIR> ^O,
[02/16/2008|09:33] C:\Users\Bill\AppData\Local\<DIR> Adobe
[01/05/2008|01:21] C:\Users\Bill\AppData\Local\<DIR> Apple
[07/14/2008|10:43] C:\Users\Bill\AppData\Local\<DIR> Apple Computer
[07/23/2007|06:02] C:\Users\Bill\AppData\Local\<JUNCTION> Application Data
[05/24/2009|07:56] C:\Users\Bill\AppData\Local\<DIR> ApplicationHistory
[01/30/2008|10:20] C:\Users\Bill\AppData\Local\<DIR> Apps
[10/03/2008|10:56] C:\Users\Bill\AppData\Local\552 d3d8caps.dat
[06/06/2009|02:16] C:\Users\Bill\AppData\Local\2,708 d3d9caps.dat
[06/07/2009|09:07] C:\Users\Bill\AppData\Local\114,688 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/09/2009|07:23] C:\Users\Bill\AppData\Local\<DIR> Deployment
[06/07/2009|10:36] C:\Users\Bill\AppData\Local\<DIR> DFH
[03/30/2009|11:43] C:\Users\Bill\AppData\Local\<DIR> Downloaded Installations
[01/23/2009|05:16] C:\Users\Bill\AppData\Local\<DIR> E˜(
[01/06/2008|05:47] C:\Users\Bill\AppData\Local\92 fusioncache.dat
[01/06/2008|05:48] C:\Users\Bill\AppData\Local\<DIR> GameSpy
[08/27/2008|05:16] C:\Users\Bill\AppData\Local\<DIR> gctmp
[09/29/2008|02:12] C:\Users\Bill\AppData\Local\93,640 GDIPFONTCACHEV1.DAT
[05/13/2009|05:45] C:\Users\Bill\AppData\Local\<DIR> Google
[04/12/2008|08:54] C:\Users\Bill\AppData\Local\<DIR> Graboid_Inc
[07/23/2007|06:25] C:\Users\Bill\AppData\Local\<DIR> Hewlett-Packard
[07/23/2007|06:02] C:\Users\Bill\AppData\Local\<JUNCTION> History
[09/02/2007|02:07] C:\Users\Bill\AppData\Local\<DIR> HP
[08/01/2007|01:39] C:\Users\Bill\AppData\Local\<DIR> HP Guide
[06/09/2009|07:23] C:\Users\Bill\AppData\Local\4,510,391 IconCache.db
[03/02/2009|12:24] C:\Users\Bill\AppData\Local\<DIR> Ironclad Games
[03/30/2009|12:01] C:\Users\Bill\AppData\Local\<DIR> LaunchpadEnhanced
[05/10/2009|04:42] C:\Users\Bill\AppData\Local\<DIR> Microsoft
[09/05/2008|11:20] C:\Users\Bill\AppData\Local\<DIR> Microsoft Games
[02/10/2008|03:59] C:\Users\Bill\AppData\Local\<DIR> MicroVision Applications
[02/02/2008|03:04] C:\Users\Bill\AppData\Local\<DIR> Mozilla
[06/04/2008|01:26] C:\Users\Bill\AppData\Local\<DIR> My Games
[01/10/2009|12:36] C:\Users\Bill\AppData\Local\<DIR> NewSoft
[12/04/2008|04:46] C:\Users\Bill\AppData\Local\<DIR> Paint.NET
[04/24/2009|11:28] C:\Users\Bill\AppData\Local\<DIR> PunkBuster
[01/19/2008|05:22] C:\Users\Bill\AppData\Local\<DIR> Stardock
[06/19/2008|06:29] C:\Users\Bill\AppData\Local\<DIR> Steam
[06/09/2009|10:28] C:\Users\Bill\AppData\Local\<DIR> temp
[07/23/2007|06:02] C:\Users\Bill\AppData\Local\<JUNCTION> Temporary Internet Files
[06/09/2009|10:13] C:\Users\Bill\AppData\Local\<DIR> TSVNCache
[08/13/2007|11:56] C:\Users\Bill\AppData\Local\<DIR> VirtualStore
[01/02/2008|11:28] C:\Users\Bill\AppData\Local\<DIR> Warhammer Mark of Chaos
[03/05/2009|10:08] C:\Users\Bill\AppData\Local\<DIR> WarRockDF
[09/24/2007|12:18] C:\Users\Bill\AppData\Local\<DIR> WindowsUpdate
[05/27/2009|12:31] C:\Users\Bill\AppData\Local\<DIR> WinZip
[07/09/2008|10:21] C:\Users\Bill\AppData\Local\<DIR> Xenocode

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[06/09/2009 10:25 PM][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0B6F78EC-6022-41DD-83DC-980A10DBAF8A}.job
[06/09/2009 10:13 PM][--ah-----] C:\Windows\tasks\SA.DAT
[06/09/2009 07:23 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/02/2009|12:24] C:\ProgramData\<DIR> {0E8E33D8-193A-414A-A909-0F101A142D26}
[11/17/2008|10:47] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[04/21/2007|07:15] C:\ProgramData\<DIR> {623D32E9-0C62-4453-AD44-98B31F52A5E1}
[01/22/2009|11:36] C:\ProgramData\<DIR> 2370
[10/04/2007|11:29] C:\ProgramData\<DIR> 3DWA_L
[01/07/2009|12:29] C:\ProgramData\<DIR> Adobe
[06/20/2008|01:40] C:\ProgramData\<DIR> Adobe Systems
[08/13/2008|02:53] C:\ProgramData\<DIR> Age of Empires 3
[01/05/2008|01:20] C:\ProgramData\<DIR> Apple
[11/17/2008|10:47] C:\ProgramData\<DIR> Apple Computer
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Application Data
[03/26/2009|11:42] C:\ProgramData\<DIR> avg8
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Documents
[03/09/2009|04:02] C:\ProgramData\<DIR> EmailNotifier
[11/30/2008|11:50] C:\ProgramData\56 ezsidmv.dat
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Favorites
[05/13/2009|05:45] C:\ProgramData\<DIR> Google
[07/23/2007|06:25] C:\ProgramData\<DIR> Hewlett-Packard
[07/29/2007|06:53] C:\ProgramData\<DIR> HP
[01/13/2008|03:28] C:\ProgramData\7,456 hpzinstall.log
[04/24/2009|11:15] C:\ProgramData\<DIR> id Software
[04/21/2007|06:51] C:\ProgramData\<DIR> Intel
[01/30/2008|03:50] C:\ProgramData\<DIR> Lionhead Studios
[06/08/2009|11:46] C:\ProgramData\<DIR> Malwarebytes
[06/06/2009|10:08] C:\ProgramData\<DIR> McAfee
[04/23/2009|10:32] C:\ProgramData\<DIR> Media Center Programs
[05/26/2008|10:40] C:\ProgramData\<DIR> Microsoft
[01/17/2008|09:53] C:\ProgramData\<DIR> Microsoft Help
[04/21/2007|07:09] C:\ProgramData\<DIR> muvee Technologies
[01/04/2009|01:38] C:\ProgramData\<DIR> NCH Software
[03/14/2009|11:09] C:\ProgramData\<DIR> NCH Swift Sound
[12/28/2008|11:42] C:\ProgramData\<DIR> Newsoft
[05/17/2009|09:15] C:\ProgramData\<DIR> NVIDIA
[06/09/2009|10:13] C:\ProgramData\31,776 nvModes.001
[06/09/2009|10:13] C:\ProgramData\31,776 nvModes.dat
[04/21/2007|07:17] C:\ProgramData\<DIR> PC-Doctor
[09/18/2008|10:09] C:\ProgramData\<DIR> Roxio
[06/06/2009|10:08] C:\ProgramData\<DIR> SiteAdvisor
[02/15/2009|09:34] C:\ProgramData\<DIR> Skype
[04/21/2007|07:04] C:\ProgramData\<DIR> Sonic
[05/04/2009|08:23] C:\ProgramData\<DIR> Sony
[12/03/2008|02:57] C:\ProgramData\<DIR> SpeedBit
[09/04/2008|09:32] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Start Menu
[09/30/2007|06:19] C:\ProgramData\<DIR> Symantec
[05/18/2009|09:39] C:\ProgramData\<DIR> TEMP
[11/02/2006|09:02] C:\ProgramData\<JUNCTION> Templates
[12/14/2008|04:39] C:\ProgramData\<DIR> Trymedia
[07/29/2007|06:57] C:\ProgramData\<DIR> WEBREG
[12/29/2007|09:10] C:\ProgramData\<DIR> WildTangent
[11/20/2008|03:30] C:\ProgramData\<DIR> WindowsSearch
[12/09/2008|01:03] C:\ProgramData\<DIR> WinZip
[01/01/2008|05:58] C:\ProgramData\<DIR> WLInstaller
[06/06/2009|10:08] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[01/06/2008|03:28] C:\Program Files\<DIR> 2K Games
[04/16/2009|12:31] C:\Program Files\<DIR> 3000AD
[03/09/2009|09:53] C:\Program Files\<DIR> 3DO
[04/21/2007|07:15] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[02/06/2009|11:42] C:\Program Files\<DIR> Activision
[02/17/2009|12:32] C:\Program Files\<DIR> Adobe
[12/18/2008|01:17] C:\Program Files\<DIR> Adobe PhotoShop CS3
[05/17/2009|09:07] C:\Program Files\<DIR> AGEIA Technologies
[07/19/2008|10:21] C:\Program Files\<DIR> Allume BoostXP
[11/17/2008|10:48] C:\Program Files\<DIR> Apple Software Update
[11/03/2008|10:22] C:\Program Files\<DIR> Atari
[10/27/2008|01:54] C:\Program Files\<DIR> Audacity
[03/26/2009|11:42] C:\Program Files\<DIR> AVG
[01/01/2008|07:36] C:\Program Files\<DIR> Belarc
[01/24/2009|09:05] C:\Program Files\<DIR> BitLord
[12/03/2008|12:40] C:\Program Files\<DIR> Bonjour
[01/11/2009|05:55] C:\Program Files\<DIR> BYOND
[04/08/2008|11:24] C:\Program Files\<DIR> CMBO
[12/08/2008|12:27] C:\Program Files\<DIR> CnC_Tools
[06/09/2009|10:43] C:\Program Files\<DIR> Common Files
[05/15/2009|09:29] C:\Program Files\<DIR> CONEXANT
[06/04/2009|03:29] C:\Program Files\<DIR> CrosuS
[06/03/2009|08:25] C:\Program Files\<DIR> Digital Reality
[09/29/2008|09:08] C:\Program Files\<DIR> directx
[03/08/2009|12:22] C:\Program Files\<DIR> Disney Interactive
[02/19/2009|01:56] C:\Program Files\<DIR> DOOM 3
[03/09/2009|10:33] C:\Program Files\<DIR> DOSBox-0.72
[05/13/2009|05:43] C:\Program Files\<DIR> EA GAMES
[04/21/2009|06:27] C:\Program Files\<DIR> Electronic Arts
[05/05/2009|08:16] C:\Program Files\<DIR> epsxe170
[01/01/2008|04:39] C:\Program Files\<DIR> EuroTalk
[08/27/2008|12:41] C:\Program Files\<DIR> FinalAlert 2 Yuri's Revenge
[08/08/2008|09:11] C:\Program Files\<DIR> Firaxis Games
[12/29/2007|09:16] C:\Program Files\<DIR> Firefly Studios
[10/05/2008|06:32] C:\Program Files\<DIR> FLV Player
[03/28/2008|07:46] C:\Program Files\<DIR> FPSC_BRG
[04/20/2009|05:09] C:\Program Files\<DIR> FrostWire
[01/31/2009|02:13] C:\Program Files\<DIR> Funcom
[07/09/2008|10:21] C:\Program Files\<DIR> Game Cam V2
[01/31/2009|12:39] C:\Program Files\<DIR> GamersFirst
[01/06/2008|03:28] C:\Program Files\<DIR> GameSpy
[10/15/2008|08:57] C:\Program Files\<DIR> GameSpy Arcade
[05/03/2009|11:51] C:\Program Files\<DIR> GCFScape
[07/08/2008|11:57] C:\Program Files\<DIR> GIMP-2.0
[05/13/2009|10:32] C:\Program Files\<DIR> Google
[09/30/2007|06:27] C:\Program Files\<DIR> Grisoft
[04/19/2009|11:18] C:\Program Files\<DIR> Guild Wars
[02/17/2009|12:35] C:\Program Files\<DIR> Haemimont Games
[08/02/2008|02:21] C:\Program Files\<DIR> Hasbro Interactive
[04/21/2007|07:19] C:\Program Files\<DIR> Hewlett-Packard
[01/02/2008|12:41] C:\Program Files\<DIR> HP
[06/03/2008|08:40] C:\Program Files\<DIR> Image-Line
[01/28/2009|07:09] C:\Program Files\<DIR> iMesh Applications
[04/20/2009|04:54] C:\Program Files\<DIR> Incomplete
[09/10/2008|11:09] C:\Program Files\<DIR> Infogrames Interactive
[05/22/2008|11:24] C:\Program Files\<DIR> Install Creator
[06/04/2009|02:30] C:\Program Files\<DIR> InstallShield Installation Information
[10/28/2007|12:20] C:\Program Files\<DIR> Intel
[04/20/2008|04:28] C:\Program Files\<DIR> InterActual
[04/16/2009|12:59] C:\Program Files\<DIR> Internet Explorer
[11/17/2008|10:47] C:\Program Files\<DIR> iPod
[11/17/2008|10:47] C:\Program Files\<DIR> iTunes
[01/09/2009|01:52] C:\Program Files\<DIR> Java
[03/30/2009|12:14] C:\Program Files\<DIR> Launchpad Enhanced
[06/19/2008|07:41] C:\Program Files\<DIR> LEGO Media
[05/23/2007|01:03] C:\Program Files\<DIR> Lego-Racers
[04/20/2009|04:53] C:\Program Files\<DIR> LimeWire
[01/30/2008|03:50] C:\Program Files\<DIR> Lionhead Studios Ltd
[05/24/2009|04:40] C:\Program Files\<DIR> LucasArts
[06/08/2009|11:46] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[06/05/2009|01:39] C:\Program Files\<DIR> Mario Forever
[06/07/2009|10:49] C:\Program Files\<DIR> McAfee
[09/24/2007|12:26] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[03/25/2009|08:07] C:\Program Files\<DIR> Microsoft Games
[01/30/2009|01:12] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[01/17/2008|09:50] C:\Program Files\<DIR> Microsoft Office
[05/05/2009|02:20] C:\Program Files\<DIR> Microsoft SQL Server
[10/04/2007|11:38] C:\Program Files\<DIR> Microsoft Windows Vista Upgrade Advisor
[09/11/2008|09:16] C:\Program Files\<DIR> Microsoft Works
[05/03/2009|10:25] C:\Program Files\<DIR> Microsoft.NET
[06/05/2009|11:01] C:\Program Files\<DIR> Midway Home Entertainment
[09/28/2008|06:33] C:\Program Files\<DIR> Movie Maker
[04/28/2009|10:00] C:\Program Files\<DIR> Mozilla Firefox
[11/02/2006|08:37] C:\Program Files\<DIR> MSBuild
[07/28/2007|02:34] C:\Program Files\<DIR> MSN
[07/28/2007|12:01] C:\Program Files\<DIR> MSXML 4.0
[01/02/2008|09:31] C:\Program Files\<DIR> NAMCO BANDAI Games
[03/14/2009|11:08] C:\Program Files\<DIR> NCH Software
[04/04/2009|01:43] C:\Program Files\<DIR> NCH Swift Sound
[07/25/2008|08:25] C:\Program Files\<DIR> NetBattleShip
[12/28/2008|11:40] C:\Program Files\<DIR> NewSoft
[04/14/2009|04:13] C:\Program Files\<DIR> Pollux Gamelabs
[01/25/2009|10:02] C:\Program Files\<DIR> PowerISO
[04/29/2009|08:08] C:\Program Files\<DIR> Project64 1.6
[11/17/2008|10:45] C:\Program Files\<DIR> QuickTime
[12/29/2007|05:18] C:\Program Files\<DIR> Real
[04/29/2008|11:13] C:\Program Files\<DIR> Realtek
[11/02/2006|08:37] C:\Program Files\<DIR> Reference Assemblies
[02/27/2009|08:03] C:\Program Files\<DIR> Return to Castle Wolfenstein
[04/21/2007|07:05] C:\Program Files\<DIR> Roxio
[03/31/2009|06:19] C:\Program Files\<DIR> SEGA
[01/09/2008|06:44] C:\Program Files\<DIR> Sierra
[01/28/2008|02:21] C:\Program Files\<DIR> Sierra On-Line
[02/20/2009|05:03] C:\Program Files\<DIR> sims
[04/21/2007|07:11] C:\Program Files\<DIR> Snapfish Media Detector
[05/04/2009|08:23] C:\Program Files\<DIR> Sony
[05/03/2009|10:21] C:\Program Files\<DIR> Sony Setup
[04/11/2009|08:33] C:\Program Files\<DIR> Spiderman
[01/23/2009|05:58] C:\Program Files\<DIR> Spybot - Search & Destroy
[06/02/2008|03:22] C:\Program Files\<DIR> Stardock
[03/02/2009|12:17] C:\Program Files\<DIR> Stardock Games
[01/30/2009|12:32] C:\Program Files\<DIR> StarWarsGalaxies
[06/09/2009|10:13] C:\Program Files\<DIR> Steam
[05/17/2009|08:20] C:\Program Files\<DIR> SystemRequirementsLab
[07/25/2008|07:04] C:\Program Files\<DIR> The 3DO Company
[02/21/2008|02:05] C:\Program Files\<DIR> The Game Creators
[10/11/2008|06:46] C:\Program Files\<DIR> THQ
[07/23/2008|11:07] C:\Program Files\<DIR> TibEd
[07/23/2008|11:05] C:\Program Files\<DIR> TibEd 2
[04/30/2009|08:01] C:\Program Files\<DIR> TortoiseSVN
[01/29/2009|01:14] C:\Program Files\<DIR> Total War
[05/13/2009|04:45] C:\Program Files\<DIR> Trend Micro
[01/21/2008|01:54] C:\Program Files\<DIR> Universal Interactive
[01/07/2007|04:39] C:\Program Files\<DIR> UnrealTournament
[03/17/2009|04:31] C:\Program Files\<DIR> Valve
[04/12/2008|08:53] C:\Program Files\<DIR> VideoLAN
[06/03/2008|08:38] C:\Program Files\<DIR> Vstplugins
[06/01/2008|03:14] C:\Program Files\<DIR> VUGames
[06/04/2009|02:47] C:\Program Files\<DIR> Warcraft III
[11/08/2008|01:55] C:\Program Files\<DIR> Wargamer
[01/28/2009|07:12] C:\Program Files\<DIR> WarRock
[03/08/2009|09:55] C:\Program Files\<DIR> Warzone 2100
[09/28/2008|06:33] C:\Program Files\<DIR> Windows Calendar
[09/28/2008|06:33] C:\Program Files\<DIR> Windows Collaboration
[12/03/2008|03:06] C:\Program Files\<DIR> Windows Defender
[09/28/2008|06:33] C:\Program Files\<DIR> Windows Journal
[01/01/2008|06:03] C:\Program Files\<DIR> Windows Live
[02/06/2009|08:30] C:\Program Files\<DIR> Windows Live Safety Center
[05/14/2009|11:09] C:\Program Files\<DIR> Windows Mail
[03/11/2009|09:59] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|08:37] C:\Program Files\<DIR> Windows NT
[09/28/2008|06:33] C:\Program Files\<DIR> Windows Photo Gallery
[09/28/2008|06:33] C:\Program Files\<DIR> Windows Sidebar
[03/10/2008|03:14] C:\Program Files\<DIR> WinRAR
[12/09/2008|12:54] C:\Program Files\<DIR> WinZip
[07/21/2008|12:20] C:\Program Files\<DIR> Wolfenstein - Enemy Territory
[06/06/2009|10:07] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/17/2009|12:32] C:\Program Files\Common Files\<DIR> Adobe
[06/03/2008|08:45] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[11/17/2008|10:44] C:\Program Files\Common Files\<DIR> Apple
[09/10/2008|06:22] C:\Program Files\Common Files\<DIR> AVSMedia
[02/16/2008|12:27] C:\Program Files\Common Files\<DIR> Bcgsoft
[11/16/2008|02:28] C:\Program Files\Common Files\<DIR> FotoNation
[07/29/2007|06:46] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[07/29/2007|06:48] C:\Program Files\Common Files\<DIR> HP
[01/28/2008|04:01] C:\Program Files\Common Files\<DIR> InstallShield
[04/21/2007|06:51] C:\Program Files\Common Files\<DIR> Intel
[04/21/2007|07:06] C:\Program Files\Common Files\<DIR> LightScribe
[04/21/2007|07:05] C:\Program Files\Common Files\<DIR> LS Getting Started
[06/06/2009|10:08] C:\Program Files\Common Files\<DIR> McAfee
[08/13/2008|02:52] C:\Program Files\Common Files\<DIR> Microsoft Games
[05/03/2009|10:25] C:\Program Files\Common Files\<DIR> microsoft shared
[01/17/2008|09:56] C:\Program Files\Common Files\<DIR> muvee Technologies
[12/28/2008|11:42] C:\Program Files\Common Files\<DIR> NewSoft
[09/10/2008|03:20] C:\Program Files\Common Files\<DIR> PX Storage Engine
[12/29/2007|05:18] C:\Program Files\Common Files\<DIR> Real
[04/21/2007|07:04] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/02/2006|07:18] C:\Program Files\Common Files\<DIR> Services
[10/01/2008|07:19] C:\Program Files\Common Files\<DIR> Solveig Multimedia
[04/21/2007|07:05] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/02/2006|07:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/02/2008|03:23] C:\Program Files\Common Files\<DIR> Stardock
[05/19/2009|10:39] C:\Program Files\Common Files\<DIR> Steam
[04/21/2007|07:05] C:\Program Files\Common Files\<DIR> SureThing Shared
[09/30/2007|06:19] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/28/2008|06:32] C:\Program Files\Common Files\<DIR> System
[04/30/2009|08:01] C:\Program Files\Common Files\<DIR> TortoiseOverlays
[01/01/2008|06:02] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[05/17/2009|09:07] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 22:29:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 432

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Bill\AppData\Local\VirtualStore\Program Files\THQ\Dawn of War - Dark Crusade\Dow40k_fok\Data\attrib\abilities\eldar_crack_shot.rgd
C:\Users\Bill\Desktop\Crack120722.exe
C:\Users\Bill\Downloads\Cossacks__European_Wars___Art_of_War_(Patches__Cracks__Covers).4206092.TPB.torrent
C:\Users\Bill\Downloads\Imperium_Galactica_II___Crack.3578621.TPB.torrent
C:\Users\Bill\Downloads\Star_Wars__KotOR_PC.iso___no-CD_crack.4848270.TPB.torrent


[F:13][D:4]-> C:\Users\Bill\AppData\Local\Temp
[F:54][D:1]-> C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\Cookies
[F:59][D:4]-> C:\Users\Bill\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Tue 06/09/2009|22:33 - Option : [2]

--------------------\\ Scan completed at 22:33:15
[ UAC => 1 ]