ComboFix 08-06-20.4 - Trupti 2008-06-30 14:20:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.2263 [GMT -4:00]
Running from: C:\Users\Trupti\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\abJjPXbc.ini
C:\Windows\System32\abJjPXbc.ini2
C:\Windows\system32\awtsSmkl.dll
C:\Windows\system32\cbXRIcYs.dll
C:\Windows\system32\ddcDsqno.dll
C:\Windows\system32\EffhjQss.ini
C:\Windows\System32\EffhjQss.ini2
C:\Windows\System32\eKknWvut.ini
C:\Windows\System32\eKknWvut.ini2
C:\Windows\system32\ffvfpmhi.ini
C:\Windows\system32\fhlwulqi.ini
C:\Windows\System32\FMWvCcdd.ini
C:\Windows\System32\FMWvCcdd.ini2
C:\Windows\system32\fsknlbqu.ini
C:\Windows\system32\gmqpiogk.ini
C:\Windows\system32\iqbauyun.ini
C:\Windows\system32\jkkJDvTJ.dll
C:\Windows\System32\jmnTEfhk.ini
C:\Windows\System32\jmnTEfhk.ini2
C:\Windows\system32\jusched.exe
C:\Windows\System32\lkmSstwa.ini
C:\Windows\System32\lkmSstwa.ini2
C:\Windows\system32\ludyrndo.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mnvknoxd.ini
C:\Windows\system32\nvfyspip.ini
C:\Windows\System32\onqsDcdd.ini
C:\Windows\System32\onqsDcdd.ini2
C:\Windows\System32\OpWxwGgh.ini
C:\Windows\System32\OpWxwGgh.ini2
C:\Windows\system32\pkhdnkao.ini
C:\Windows\system32\ssQjhffE.dll
C:\Windows\system32\tuvWnkKe.dll
C:\Windows\System32\XIRsBJjl.ini
C:\Windows\System32\XIRsBJjl.ini2

.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  )))))))))))))))))))))))))))))))
.

2008-06-30 14:41 . 2008-06-30 14:41	294	---hs----	C:\Windows\System32\gmqpiogk.ini
2008-06-30 12:45 . 2008-06-30 12:45	81,920	--a------	C:\Windows\System32\kgoipqmg.dll
2008-06-30 12:42 . 2008-06-30 12:42	91,136	--a------	C:\Windows\System32\utfpahue.dll
2008-06-30 10:13 . 2008-06-30 10:13	91,136	--a------	C:\Windows\System32\yxanccrb.dll
2008-06-30 09:09 . 2008-06-30 09:09	103,424	--a------	C:\Windows\System32\xcdecx.dll
2008-06-30 09:09 . 2008-06-30 09:09	103,424	--a------	C:\Windows\System32\tqjghgkf.dll
2008-06-30 09:09 . 2008-06-30 09:09	91,136	--a------	C:\Windows\System32\hxcyldqp.dll
2008-06-30 07:44 . 2008-06-30 07:44	91,136	--a------	C:\Windows\System32\jbvompqo.dll
2008-06-29 09:29 . 2008-06-29 09:31	<DIR>	d--------	C:\Users\All Users\Lavasoft
2008-06-29 09:29 . 2008-06-29 09:31	<DIR>	d--------	C:\ProgramData\Lavasoft
2008-06-29 09:29 . 2008-06-29 09:29	<DIR>	d--------	C:\Program Files\Lavasoft
2008-06-29 09:28 . 2008-06-29 09:28	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 08:13 . 2008-06-29 08:13	103,424	--a------	C:\Windows\System32\ccfxpumx.dll
2008-06-29 08:13 . 2008-06-29 08:13	103,424	--a------	C:\Windows\System32\bpxork.dll
2008-06-29 08:09 . 2008-06-29 08:09	90,624	--a------	C:\Windows\System32\dormwobf.dll
2008-06-28 22:14 . 2008-06-28 22:14	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\DivX
2008-06-28 22:13 . 2008-06-30 09:12	<DIR>	d--------	C:\Program Files\DivX
2008-06-28 22:13 . 2008-06-30 09:12	<DIR>	d--------	C:\Program Files\Common Files\PX Storage Engine
2008-06-28 19:19 . 2008-06-28 19:19	90,624	--a------	C:\Windows\System32\whjisfgj.dll
2008-06-28 19:19 . 2008-06-28 19:19	90,624	--a------	C:\Windows\System32\scodcsrq.dll
2008-06-28 18:16 . 2008-06-28 18:53	524,288	--ahs----	C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TMContainer00000000000000000002.regtrans-ms
2008-06-28 18:16 . 2008-06-28 18:53	524,288	--ahs----	C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TMContainer00000000000000000001.regtrans-ms
2008-06-28 18:16 . 2008-06-28 18:53	65,536	--ahs----	C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TM.blf
2008-06-28 18:11 . 2008-06-28 19:48	429	--a------	C:\Windows\wininit.ini
2008-06-28 17:51 . 2008-06-28 19:57	<DIR>	d--------	C:\Users\All Users\Spybot - Search & Destroy
2008-06-28 17:51 . 2008-06-28 19:57	<DIR>	d--------	C:\ProgramData\Spybot - Search & Destroy
2008-06-28 17:51 . 2008-06-28 19:57	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-28 17:51 . 2008-06-28 18:12	524,288	--ahs----	C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TMContainer00000000000000000002.regtrans-ms
2008-06-28 17:51 . 2008-06-28 18:12	524,288	--ahs----	C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TMContainer00000000000000000001.regtrans-ms
2008-06-28 17:51 . 2008-06-28 18:12	65,536	--ahs----	C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TM.blf
2008-06-28 15:25 . 2008-06-28 15:43	<DIR>	d--------	C:\Users\Trupti\.housecall6.6
2008-06-28 15:25 . 2008-06-28 15:25	102,664	--a------	C:\Windows\System32\drivers\tmcomm.sys
2008-06-28 15:24 . 2008-06-28 15:24	<DIR>	d--------	C:\Windows\Sun
2008-06-28 14:51 . 2008-06-28 19:22	262,144	--a------	C:\ntuser.dat
2008-06-28 14:51 . 2008-06-28 19:22	5,120	--ah-----	C:\ntuser.dat.LOG1
2008-06-28 14:51 . 2008-06-28 17:51	0	--ah-----	C:\ntuser.dat.LOG2
2008-06-28 11:48 . 2008-06-28 11:48	<DIR>	d--------	C:\Program Files\Trend Micro
2008-06-28 09:44 . 2008-06-28 09:44	24,576	--a------	C:\Windows\System32\VundoFixSVC.exe
2008-06-28 08:45 . 2008-06-28 10:03	<DIR>	d--------	C:\VundoFix Backups
2008-06-28 08:11 . 2008-06-28 08:11	103,424	--a------	C:\Windows\System32\yqniah.dll
2008-06-28 08:11 . 2008-06-28 08:11	103,424	--a------	C:\Windows\System32\kyonaujr.dll
2008-06-28 08:10 . 2008-06-28 08:10	81,920	--a------	C:\Windows\System32\uqblnksf.dll
2008-06-28 08:09 . 2008-06-28 08:09	90,624	--a------	C:\Windows\System32\ofcbjsle.dll
2008-06-27 19:51 . 2008-06-27 19:51	<DIR>	d--------	C:\Windows\System32\config\systemprofile\AppData\Roaming\Snapfish
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Videos
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Searches
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Saved Games
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Pictures
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Music
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Links
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Downloads
2008-06-27 19:50 . 2008-06-27 19:50	<DIR>	dr-------	C:\Windows\System32\config\systemprofile\Documents
2008-06-27 14:45 . 2008-06-27 14:45	286,720	---------	C:\Windows\Setup1.exe
2008-06-27 14:45 . 2008-06-27 14:45	73,216	--a------	C:\Windows\ST6UNST.EXE
2008-06-27 10:50 . 2008-06-27 10:50	81,920	---------	C:\Windows\System32\iqluwlhf.dll
2008-06-25 18:13 . 2008-06-25 18:13	<DIR>	d--------	C:\Program Files\Logitech
2008-06-25 18:12 . 2008-06-25 18:13	<DIR>	d--------	C:\Program Files\Jasc Software Inc
2008-06-25 18:10 . 2008-06-25 18:10	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\Jasc Software Inc
2008-06-25 09:34 . 2008-06-25 09:34	<DIR>	d--------	C:\Program Files\uTorrent
2008-06-25 09:33 . 2008-06-26 08:47	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\uTorrent
2008-06-25 09:12 . 2008-06-25 10:09	<DIR>	d--------	C:\Users\All Users\RoboForm
2008-06-25 09:12 . 2008-06-25 10:09	<DIR>	d--------	C:\ProgramData\RoboForm
2008-06-24 18:21 . 2008-06-24 18:21	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-06-24 18:18 . 2008-06-27 10:49	<DIR>	d--------	C:\Users\All Users\Microsoft Help
2008-06-24 18:18 . 2008-06-27 10:49	<DIR>	d--------	C:\ProgramData\Microsoft Help
2008-06-24 18:17 . 2008-06-24 18:17	<DIR>	dr-h-----	C:\MSOCache
2008-06-24 15:58 . 2008-06-24 15:58	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\muvee Technologies
2008-06-24 15:57 . 2008-06-28 11:14	<DIR>	d-a------	C:\Users\All Users\TEMP
2008-06-24 15:57 . 2008-06-28 11:14	<DIR>	d-a------	C:\ProgramData\TEMP
2008-06-24 15:52 . 2008-06-24 15:52	<DIR>	d--------	C:\My Downloads
2008-06-24 13:54 . 2008-06-24 13:54	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\WildTangent
2008-06-24 11:26 . 2008-06-24 11:26	<DIR>	d--------	C:\Program Files\The Font Thing
2008-06-24 11:25 . 2008-06-24 11:25	<DIR>	d--------	C:\Program Files\XP Codec Pack
2008-06-24 11:24 . 2008-06-24 11:24	<DIR>	d--------	C:\Program Files\Siber Systems
2008-06-24 11:13 . 2008-06-24 11:14	<DIR>	d--------	C:\Program Files\FTP Surfer
2008-06-23 21:27 . 2008-06-23 21:27	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\Template
2008-06-23 21:27 . 2008-06-27 12:32	1,966	--a------	C:\Users\Trupti\AppData\Roaming\wklnhst.dat
2008-06-23 14:20 . 2008-06-23 14:20	<DIR>	d--------	C:\Windows\PCHEALTH
2008-06-23 14:17 . 2008-06-23 14:20	<DIR>	d--------	C:\Program Files\Windows Live
2008-06-23 14:17 . 2008-06-23 14:20	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 14:16 . 2008-06-23 14:16	<DIR>	d--------	C:\Users\All Users\WLInstaller
2008-06-23 14:16 . 2008-06-23 14:16	<DIR>	d--------	C:\ProgramData\WLInstaller
2008-06-23 13:58 . 2008-06-23 13:58	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\CyberLink
2008-06-23 13:58 . 2008-06-23 13:58	<DIR>	d--------	C:\Users\Public\CyberLink
2008-06-23 13:58 . 2008-06-23 13:58	<DIR>	d--------	C:\Users\All Users\CyberLink
2008-06-23 13:58 . 2008-06-23 13:58	<DIR>	d--------	C:\ProgramData\CyberLink
2008-06-23 13:58 . 2007-11-14 15:18	553	--a------	C:\Windows\USetup.iss
2008-06-23 13:57 . 2008-01-15 11:26	4,874,240	--a------	C:\Windows\RtHDVCpl.exe
2008-06-23 13:57 . 2008-01-07 19:30	2,156,544	--a------	C:\Windows\System32\RtkAPO.dll
2008-06-23 13:57 . 2008-01-15 19:19	2,047,576	--a------	C:\Windows\System32\drivers\RTKVHDA.sys
2008-06-23 13:57 . 2007-11-07 17:31	1,191,936	--a------	C:\Windows\RtlUpd.exe
2008-06-23 13:57 . 2008-01-09 18:52	636,416	--a------	C:\Windows\System32\RtkPgExt.dll
2008-06-23 13:57 . 2007-11-13 12:35	532,480	--a------	C:\Windows\System32\RTSndMgr.cpl
2008-06-23 13:57 . 2008-01-14 16:18	29,696	--a------	C:\Windows\System32\RtkCoInst.dll
2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\Users\Trupti\AppData\Roaming\WinBatch
2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\Users\All Users\eBay
2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\ProgramData\eBay
2008-06-23 13:54 . 2008-06-23 13:54	<DIR>	d--------	C:\Program Files\eBay
2008-06-23 13:45 . 2008-06-23 13:45	194,560	--a------	C:\Windows\System32\WebClnt.dll
2008-06-23 13:45 . 2008-06-23 13:45	110,080	--a------	C:\Windows\System32\drivers\mrxdav.sys
2008-06-23 13:44 . 2008-06-23 13:44	<DIR>	d--------	C:\Windows\OvtCam
2008-06-23 13:44 . 2008-06-23 13:44	1,060,920	--a------	C:\Windows\System32\drivers\ntfs.sys
2008-06-23 13:44 . 2008-06-23 13:44	41,984	--a------	C:\Windows\System32\drivers\monitor.sys
2008-06-23 13:41 . 2008-06-23 13:41	2,027,008	--a------	C:\Windows\System32\win32k.sys
2008-06-23 13:41 . 2008-06-23 13:41	296,448	--a------	C:\Windows\System32\gdi32.dll
2008-06-23 13:41 . 2008-06-23 13:41	223,232	--a------	C:\Windows\System32\WMASF.DLL
2008-06-23 13:41 . 2008-06-23 13:41	113,664	--a------	C:\Windows\System32\drivers\rmcast.sys
2008-06-23 13:41 . 2008-06-23 13:41	14,848	--a------	C:\Windows\System32\wshrm.dll
2008-06-23 13:41 . 2008-06-23 13:41	11,776	--a------	C:\Windows\System32\sbunattend.exe
2008-06-23 13:41 . 2008-06-23 13:41	9,728	--a------	C:\Windows\System32\LAPRXY.DLL
2008-06-23 13:41 . 2008-06-23 13:41	2,048	--a------	C:\Windows\System32\asferror.dll
2008-06-23 13:40 . 2008-06-23 13:40	4,247,552	--a------	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-23 13:40 . 2008-06-23 13:40	1,686,528	--a------	C:\Windows\System32\gameux.dll
2008-06-23 13:40 . 2008-06-23 13:40	1,327,104	--a------	C:\Windows\System32\quartz.dll
2008-06-23 13:40 . 2008-06-23 13:40	130,048	--a------	C:\Windows\System32\drivers\srv2.sys
2008-06-23 13:40 . 2008-06-23 13:40	101,888	--a------	C:\Windows\System32\drivers\mrxsmb.sys
2008-06-23 13:40 . 2008-06-23 13:40	84,992	--a------	C:\Windows\System32\drivers\srvnet.sys
2008-06-23 13:40 . 2008-06-23 13:40	84,480	--a------	C:\Windows\System32\dnsrslvr.dll
2008-06-23 13:40 . 2008-06-23 13:40	58,368	--a------	C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-23 13:40 . 2008-06-23 13:40	24,576	--a------	C:\Windows\System32\dnscacheugc.exe
2008-06-23 13:39 . 2008-06-23 13:39	1,244,672	--a------	C:\Windows\System32\mcmde.dll
2008-06-23 13:39 . 2008-06-23 13:39	428,032	--a------	C:\Windows\System32\EncDec.dll
2008-06-23 13:39 . 2008-06-23 13:39	292,352	--a------	C:\Windows\System32\psisdecd.dll
2008-06-23 13:39 . 2008-06-23 13:39	218,624	--a------	C:\Windows\System32\psisrndr.ax
2008-06-23 13:39 . 2008-06-23 13:39	80,896	--a------	C:\Windows\System32\MSNP.ax

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 14:13	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-30 14:11	---------	d-----w	C:\ProgramData\Symantec
2008-06-24 17:54	---------	d-----w	C:\ProgramData\WildTangent
2008-06-23 18:04	---------	d-----w	C:\Program Files\Windows Sidebar
2008-06-23 18:04	---------	d-----w	C:\Program Files\Windows Mail
2008-06-23 17:57	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-06-23 17:54	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-23 17:40	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-23 17:40	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-06-23 17:40	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-06-23 17:40	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-06-23 17:40	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-23 17:38	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-04-29 15:20	15,648	----a-w	C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 15:19	15,648	----a-w	C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 15:19	12,960	----a-w	C:\Windows\system32\drivers\Awrtpd.sys
2008-02-06 20:14	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{127FCD91-32E0-49BE-BFEF-2F73610CC207}]
			C:\Windows\system32\khfETnmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83C7CD5A-A5D6-47F8-8BF3-9314FEA875F6}]
			C:\Windows\system32\hgGwxWpO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da717a75-2da6-4011-b203-a3ffb532fcc5}]
2008-06-30 09:09	103424	--a------	C:\Windows\system32\xcdecx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-23 13:41 1232896]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-26 08:43 160592]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 14:37 2321600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-24 13:51 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:45 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:45 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:45 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 06:56 54936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"1412da4a"="C:\Windows\system32\kgoipqmg.dll" [2008-06-30 12:45 81920]
"BM1721e9d6"="C:\Windows\system32\utfpahue.dll" [2008-06-30 12:42 91136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-10-09 14:02 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25202E35-BBB8-4517-A284-46525D8261E7}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1C86E564-CE51-4B81-A97E-8C6B2D5DEE5F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{86202441-8667-40C0-AF46-58603C297B78}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C1D86D2A-69C8-4A44-8BC0-4E79A6F314A1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F3C6B646-48C1-4959-9FDD-FA28608806D7}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A1467F1F-7E69-419A-9B41-220FE40C9FE7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{75BA54C5-2A9D-4F1D-8CA6-01104A615B17}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D01DA72-6069-45C0-8EF3-F0547AE8F908}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D3EFDF9A-9F7D-470C-8A9D-A93D118CE36B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FF29D48F-14A3-4E9A-9562-E2B46245E13E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{2400CBB9-E8ED-47D0-8F61-9EC1774C61B3}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{C3AA8713-18C2-4D5F-A9D8-03C7C0313E38}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"{9656687A-A48F-4A36-9255-80AB57D41D2B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{42C3E27A-F843-443D-9B6D-B29EF65EECA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8ECD46DD-0D2B-4FB5-A89F-51DC8AC0EE24}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 19:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{009aa253-414f-11dd-8110-001e8c77262a}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 02:45:14 C:\Windows\Tasks\User_Feed_Synchronization-{F5D1D9D1-2670-46C8-833D-B4F80856E51B}.job"
- C:\Windows\system32\msfeedssync.exe
.