Solved Virus Or Malware cant find or remove.

Chaosmachine420 · 2009/10/02

[Resolved] Virus Or Malware cant find or remove.

My computer has been lately crashing alot lately. I cannot download anything anymore now or run anything. I was luckly able to download one antivirus program but it doesnt find anything anymore. I have tried safe mode with internet and wont download still.

broni · 2009/10/02

What browser do you use? Did you try different browser?
You're able to download AV program somehow...

Chaosmachine420 · 2009/10/02

Im using IE and Firefox doesnt let me open the file i saved to my computer. Ya i downloaded it before it started this stuff. I have this happen before on aonther computer but i was able to restore it. I didnt make restore discs with this computer. But if i made restore disc with my laptop would they work on a different computer?

broni · 2009/10/03

But if i made restore disc with my laptop would they work on a different computer?
Click to expand...

No.
If you want to restore your computer, it may have recovery partition.
What brand of computer is it?
All your data will be lost though.

Chaosmachine420 · 2009/10/03

It is a Cyberpowerpc unfortunately they dont have that the recovery partition. They I have no idea if i could have order it with my computer. Is there any other way to fix this problem without having to reformat my computer or spending 100 dollars for someone to do it for me.

broni · 2009/10/03

Try with this computer, or, if you have another computer on hand, download a program listed below and move it to bad computer.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Chaosmachine420 · 2009/10/04

What program should i do first hijackthis or combofix. I uninstalled avg and avast and now i can save things to my desktop now.

broni · 2009/10/04

Combofix first.

I uninstalled avg and avast
Click to expand...

Running two AV is always a bad idea, but you have to have some protection.
I suggest, you reinstall Avast.

Chaosmachine420 · 2009/10/06

How do i post the log.

broni · 2009/10/06

Copy and paste.
If it doesn't fit into one reply, split it between a couple of posts.

Chaosmachine420 · 2009/10/06

ComboFix 09-10-05.01 - Administrator 10/06/2009 4:37.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1971 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\Installer\13afae6.msp
c:\windows\Installer\1e62d90f.msi
c:\windows\system32\235800.dll
c:\windows\system32\8340090.dll
c:\windows\Temp\logishrd\LVPrcInj03.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 10:49 . 2009-10-06 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-06 10:49 . 2009-10-06 10:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-02 23:20 . 2009-10-01 16:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- C:\acccore
2009-10-01 00:28 . 2009-10-01 00:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-30 03:18 . 2009-09-30 03:18 -------- d-----w- C:\found.001
2009-09-27 14:36 . 2009-09-27 14:36 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo!
2009-09-23 22:43 . 2009-09-23 22:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-23 22:29 . 2009-09-23 22:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo! Companion
2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\AirPort
2009-09-22 14:06 . 2009-09-22 14:06 -------- d-----w- c:\program files\Alwil Software
2009-09-22 11:51 . 2009-09-23 03:34 -------- d-----w- c:\programdata\Systweak
2009-09-22 11:49 . 2009-09-23 03:55 -------- d-----w- c:\windows\Repair
2009-09-22 11:49 . 2009-09-23 03:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Systweak
2009-09-22 11:49 . 2009-09-22 11:49 -------- d-----w- c:\programdata\MyDefrag
2009-09-22 11:49 . 2009-09-23 03:34 -------- d-----w- c:\program files\Advanced System Optimizer 3
2009-09-22 01:02 . 2009-09-22 01:02 243752 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:28 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-21 22:28 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-21 22:27 . 2009-09-21 22:27 -------- d-----w- c:\program files\iPod
2009-09-21 22:27 . 2009-09-21 22:28 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 22:24 . 2009-09-21 22:24 -------- d-----w- c:\program files\QuickTime
2009-09-21 09:09 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-09-21 09:09 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-09-21 09:03 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2009-09-21 09:03 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2009-09-21 09:03 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2009-09-21 09:03 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2009-09-21 09:03 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2009-09-21 09:03 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2009-09-21 09:03 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2009-09-20 00:32 . 2009-09-20 00:32 -------- d-----w- c:\programdata\NOS
2009-09-20 00:32 . 2009-09-20 00:32 -------- d-----w- c:\program files\NOS
2009-09-18 15:31 . 2009-09-18 15:31 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-09-18 12:32 . 2009-10-04 06:23 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-09-18 12:32 . 2004-08-04 14:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-09-18 11:54 . 2009-10-04 06:26 -------- d-----w- c:\program files\ThreatFire
2009-09-18 11:47 . 2009-09-18 11:48 -------- d-----w- c:\program files\Zune
2009-09-18 10:14 . 2009-09-18 10:14 -------- d-----w- C:\$WINDOWS.~BT
2009-09-18 03:41 . 2009-09-22 18:46 -------- d-----w- C:\found.000
2009-09-17 01:58 . 2009-09-17 01:58 -------- d-----w- c:\windows\system32\hwswchecker
2009-09-17 01:58 . 2009-09-04 00:04 290672 ----a-w- c:\windows\system32\YSys.dll
2009-09-14 23:32 . 2009-09-14 23:32 -------- d-----w- c:\program files\Realtek
2009-09-14 23:32 . 2009-09-14 23:32 2510368 ----a-w- c:\windows\system32\RtkHDMI.dll
2009-09-14 23:32 . 2009-09-14 23:32 965664 ----a-w- c:\windows\system32\RHDMIExt.dll
2009-09-14 23:32 . 2009-09-14 23:32 40992 ----a-w- c:\windows\system32\RHCoInst.dll
2009-09-14 23:32 . 2009-09-14 23:32 155808 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
2009-09-14 19:36 . 2009-10-04 03:33 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-14 19:36 . 2009-10-04 03:33 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-09-06 21:29 . 2009-09-06 21:29 -------- d-----w- C:\Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 10:47 . 2009-02-06 22:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2009-10-06 06:07 . 2009-02-06 22:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2009-10-04 18:56 . 2008-10-09 16:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Autodesk
2009-10-04 18:56 . 2008-10-09 16:01 -------- d-----w- c:\programdata\Autodesk
2009-10-04 06:26 . 2008-10-02 17:34 7836 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-10-04 03:46 . 2009-06-08 19:18 -------- d-----w- c:\programdata\Lavasoft
2009-10-04 03:46 . 2009-06-08 19:18 -------- d-----w- c:\program files\Lavasoft
2009-10-04 03:45 . 2009-06-02 07:32 -------- d-----w- c:\programdata\avg8
2009-10-01 00:27 . 2008-10-27 01:40 -------- d-----w- c:\program files\Windows Live
2009-09-28 04:45 . 2009-04-29 14:27 -------- d-----w- c:\program files\Driver Checker
2009-09-27 17:02 . 2008-10-02 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 00:22 . 2009-07-02 12:02 -------- d-----w- c:\program files\Common Files\Akamai
2009-09-23 04:15 . 2008-10-30 18:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\SolidWorks
2009-09-23 04:15 . 2008-12-05 21:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2009-09-23 04:15 . 2008-12-30 00:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2009-09-23 04:15 . 2009-05-05 02:20 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-23 04:15 . 2008-12-20 21:21 -------- d-----w- c:\program files\Diablo II
2009-09-23 04:15 . 2009-04-15 21:39 -------- d-----w- c:\program files\DNA
2009-09-22 18:47 . 2009-04-15 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DNA
2009-09-22 01:01 . 2008-10-09 14:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2009-09-21 23:14 . 2009-08-25 14:25 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-21 23:13 . 2009-06-02 16:31 -------- d-----w- c:\program files\iTunes
2009-09-21 22:27 . 2008-10-09 14:06 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 09:45 . 2009-09-21 09:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-21 09:13 . 2009-09-21 09:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-21 09:13 . 2009-09-21 09:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-20 08:28 . 2009-01-15 05:34 -------- d-----w- c:\programdata\PMB Files
2009-09-20 07:34 . 2008-10-31 22:41 -------- d-----w- c:\programdata\HP
2009-09-17 01:58 . 2009-04-18 06:29 -------- d-----w- c:\program files\GameTap Web Player
2009-09-15 14:17 . 2008-10-09 14:10 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:02 . 2008-12-30 00:51 -------- d-----w- c:\program files\Vuze
2009-09-13 07:07 . 2009-06-24 08:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\IGN_DLM
2009-09-12 01:42 . 2008-10-09 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-09-10 18:09 . 2008-10-18 04:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo!
2009-09-10 18:09 . 2008-10-18 04:35 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 18:09 . 2008-10-18 04:34 -------- d-----w- c:\program files\Yahoo!
2009-09-10 18:09 . 2008-10-27 01:33 -------- d-----w- c:\programdata\Yahoo!
2009-09-10 09:08 . 2008-12-04 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 21:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 21:24 . 2008-10-02 17:55 -------- d-----w- c:\programdata\Microsoft Help
2009-09-04 19:17 . 2009-09-04 19:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-04 04:24 . 2009-05-21 01:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-02 23:11 . 2009-09-02 22:43 18221 ----a-w- c:\windows\DIIUnin.dat
2009-09-02 23:10 . 2008-12-20 21:38 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-09-02 23:10 . 2008-12-20 21:38 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-09-02 23:10 . 2008-12-20 21:38 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-09-02 22:43 . 2009-09-02 22:43 94208 ----a-w- c:\windows\DIIUnin.exe
2009-09-02 22:43 . 2009-09-02 22:43 2829 ----a-w- c:\windows\DIIUnin.pif
2009-09-02 20:12 . 2009-06-21 00:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\IM
2009-09-02 06:29 . 2009-09-02 06:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 06:29 . 2009-09-02 06:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 06:29 . 2009-09-02 06:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 06:29 . 2009-09-02 06:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 06:29 . 2009-09-02 06:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 06:29 . 2009-09-02 06:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-09-02 02:41 . 2009-08-26 03:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\HpUpdate
2009-08-31 01:36 . 2009-05-20 18:09 -------- d-----w- c:\program files\DivX
2009-08-31 01:36 . 2009-08-31 00:09 -------- d--h--w- c:\program files\Temp
2009-08-29 00:27 . 2009-09-02 19:33 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 19:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 22:47 . 2008-10-18 04:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 21:25 . 2009-01-09 09:41 -------- d-----w- c:\program files\Diablo
2009-08-28 17:40 . 2009-06-27 06:52 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-08-26 08:57 . 2009-08-26 08:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-25 14:29 . 2009-08-25 14:29 -------- d-----w- c:\program files\Safari
2009-08-25 14:18 . 2009-08-25 14:18 -------- d-----w- c:\program files\DVD or CD Sharing
2009-08-25 14:00 . 2009-08-25 14:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.ExMan
2009-08-21 00:43 . 2009-08-21 00:36 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-19 07:54 . 2009-08-19 03:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-19 02:06 . 2009-06-21 23:04 -------- d-----w- c:\program files\Java
2009-08-19 01:58 . 2009-08-19 01:58 -------- d-----w- c:\program files\prodegetoolbar764
2009-08-19 01:51 . 2009-08-19 01:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2009-08-17 18:37 . 2009-08-17 18:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 18:37 . 2009-08-17 18:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-14 16:27 . 2009-09-09 10:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 10:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 10:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 10:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 10:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 10:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 10:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 10:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 10:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 10:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 10:30 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 12:58 . 2009-09-18 12:32 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-08 01:51 . 2009-08-08 01:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 01:51 . 2009-08-08 01:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-03 21:07 . 2009-08-03 21:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 21:07 . 2009-08-03 21:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 21:07 . 2009-08-03 21:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 22:44 . 2009-07-26 22:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 11:23 . 2009-06-21 23:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-19 02:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-19 02:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-19 02:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-19 02:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-19 02:10 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-19 02:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-19 02:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 01:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Chatango "= "c:\program files\Chatango\Chatango.exe" [2008-02-05 356352]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-19 5137648]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-23 2363392]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-05-27 24264488]
"CurseClient "= "d:\program files\Curse\CurseClient.exe" [2009-07-06 1966592]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2009-08-27 9351168]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"igndlm.exe "= "c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService "= "c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp "= "c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-05-04 467240]
"XboxStat "= "c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"DVD or CD Sharing "= "c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"AirMac Base Station Agent "= "c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2009-04-29 6144000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2009-08-27 9351168]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2008-10-2 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-6 66864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2009-3-25 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):da,d5,8b,0b,31,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= c:\program files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"c:\\Nexon\\Combat Arms\\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

Chaosmachine420 · 2009/10/06

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83E159DD-D695-46D6-81F5-D86DA758C77E} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{12FD2D1A-2668-42D0-BAD0-B290E902A709} "= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{F25E9090-5A71-4423-A0BC-25890374508B} "= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{D9667377-CBDC-4C62-9F95-F2860CCBDC6F} "= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{FCD24681-A6FE-4D84-BE37-F411FA68A316} "= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{D3B91304-31C5-4251-8017-D43D397DE3A6} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5A7435DE-C282-418C-B8CE-70FB4556BAB1} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2706F5BF-11E1-4FD3-82F0-0F44D9B162C7} "= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A62D7FA6-122D-4728-83C7-F2395B2DC029} "= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1608B5CF-D8F5-491B-81FB-8327E8F4274B} "= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B77636E3-3EC5-4ACF-A078-BBA53292F193} "= TCP:c:\program files\AIM6\aim6.exe:AIM
"{99A076EE-2ED4-4E20-93A5-A2B2E59A4F26} "= Disabled:UDP:f:\setup\HPZNUI01.EXE:hpznui01.exe
"{AA910867-8F46-46F7-9019-3781A397C8F2} "= Disabled:TCP:f:\setup\HPZNUI01.EXE:hpznui01.exe
"{AE3459DC-1E82-47ED-B37B-CE3544E78D10} "= Disabled:UDP:f:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{FD093DEA-6D6F-492A-A5ED-36C48E62417E} "= Disabled:TCP:f:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{2FC7E62C-6105-420A-AD84-71A5FFF7F953} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4CA1153E-47CC-473A-860C-BB9A109443E4} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{39E82487-B8A1-46B5-A47D-3DB8DA6E5706} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{73E3B31D-6DA3-4594-ADA9-8CF2882F9C5C} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4A3272C1-C6AF-4EF4-B531-DEDC1B47AA25} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4AFA5C07-3916-444E-8A5E-B3B8C0262E97} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4DAC701B-C51C-49C8-9063-7E97AF7D50CC} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{9AD01BA4-9C15-46BD-B25D-70B8BBFA5FB6} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{13B6CA50-36FE-4B82-A801-67F5695C7722} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F4426B9E-C393-43FF-B246-ECBB45D4D38D} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{61A5C701-43D9-4300-8F15-747E2D3D31DA} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{30796679-6D77-4374-BC27-879001AC194C} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{793ECCF6-3922-40CC-9D42-28E64E527BD2} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{BC080534-688B-42D5-9A14-237CFCBB45A9} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{97C16CD9-D0B1-4FF2-9250-06C1887DC66B} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{339A1641-EDB0-407F-9697-38A52B8073F6} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"TCP Query User{B534F757-1B21-472D-9525-D95B961339CD}c:\\program files\\thq\\dawn of war\\w40k.exe "= UDP:c:\program files\thq\dawn of war\w40k.exe:W40k
"UDP Query User{01B0D50C-135D-4B0C-8BCA-2415AD958F53}c:\\program files\\thq\\dawn of war\\w40k.exe "= TCP:c:\program files\thq\dawn of war\w40k.exe:W40k
"TCP Query User{2DB87786-282F-4ED3-8D24-32DB4F1AD3A8}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe "= UDP:c:\program files\thq\darkcrusade\darkcrusade.exe: DarkCrusade
"UDP Query User{43DFC3E9-501E-43FB-B381-C5A2BBC5EA69}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe "= TCP:c:\program files\thq\darkcrusade\darkcrusade.exearkCrusade
"TCP Query User{42AD69CB-FC3E-4983-A4AE-768BAACAA4FE}c:\\program files\\electronic arts\\eadm\\core.exe "= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FEDC03D9-2C40-4B53-9A4A-74CA5A12EC6A}c:\\program files\\electronic arts\\eadm\\core.exe "= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{DC946A67-C0F2-42ED-A4EF-A2E8DDBB4F31}c:\\program files\\thq\\dawn of war\\w40kwa.exe "= UDP:c:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"UDP Query User{348B7397-C66A-4F1E-B10A-018F68D1CC79}c:\\program files\\thq\\dawn of war\\w40kwa.exe "= TCP:c:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"{3BB42F42-3D9E-4023-9B9F-BC7DD400E972} "= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{F68E385C-B530-4EF5-955C-67DEF27F6444} "= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{BBF71E83-AD34-4A29-AF84-6FEEB083CAB3} "= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{8405ED3E-E16C-4A6F-A22D-3D9A1D40BDFF} "= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{114F8E8D-8B08-4079-BC28-0478307E692B}c:\\program files\\secondlife\\slvoice.exe "= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{670662D9-DFA8-4287-AB7C-B5EB7D54983B}c:\\program files\\secondlife\\slvoice.exe "= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{93DCA17D-387E-4603-BF43-81F49B797209}c:\\program files\\gametap\\bin\\release\\gametap.exe "= UDP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"UDP Query User{1E92A0FD-90BB-492A-937A-02ED5A0DE014}c:\\program files\\gametap\\bin\\release\\gametap.exe "= TCP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"TCP Query User{25F723D1-E857-4112-8ECD-10D559116B69}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe "= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{CE79D1F0-9B08-4326-A33D-477547ECED11}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe "= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{775F9567-4AA2-4F8F-8D35-0C32A09270AC}c:\\program files\\vuze\\azureus.exe "= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{7DEB55B8-7380-441A-A407-79FE803D289B}c:\\program files\\vuze\\azureus.exe "= TCP:c:\program files\vuze\azureus.exe:Azureus
"{A2DC7259-589B-40BE-BEFF-6C4C6AEC4043} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7511C144-D716-4C69-886E-21A912EC83E0} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9FC792ED-19CF-4A13-94E6-265C94EC6E81}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\localserver.exe "= UDP:c:\program files\palestar\darkspace\.cache\darkspace\localserver.exe:LocalServer
"UDP Query User{5711BE07-FBBF-45B5-AD94-94CF81DF2F4B}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\localserver.exe "= TCP:c:\program files\palestar\darkspace\.cache\darkspace\localserver.exe:LocalServer
"TCP Query User{883ECF8B-81E8-4CE4-B58A-26F69CE52548}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\client.exe "= UDP:c:\program files\palestar\darkspace\.cache\darkspace\client.exe:Client
"UDP Query User{AE232AF4-3114-4319-8493-B1F74FF4A7EE}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\client.exe "= TCP:c:\program files\palestar\darkspace\.cache\darkspace\client.exe:Client
"TCP Query User{07D2E06B-A60F-4489-85AA-5BD354B889BF}c:\\program files\\call of duty game of the year edition\\codmp.exe "= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{65F55CFF-513B-4A54-A26B-55C18EE74F6B}c:\\program files\\call of duty game of the year edition\\codmp.exe "= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"{7FF5DB0B-B029-4B6E-B0CF-8E6F9A7E3708} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CB6E2A6A-2755-4A37-BF72-E3C78FA6E485}c:\\program files\\sony\\station\\launchpad\\launchpad.exe "= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{5FAF0762-A196-435A-89B9-5DAEDE287276}c:\\program files\\sony\\station\\launchpad\\launchpad.exe "= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{09E258B6-471D-4D5D-B471-1A5264C6EB7E} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C742FEFF-9C70-4762-B135-F6FD512C993E} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CBD1B2C1-AEA1-49BF-A87C-F8C7B58F025A} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{2B8A692D-E308-45D4-8521-982E9D1EDF7E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E739DB3-C544-4F43-8398-4FAF025D67F4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E079B26D-4657-47CF-BA5D-49601F3B4B06} "= TCP:67: DHCP Discovery Service
"{85443917-13B0-4910-ABAC-C97F4DE10DCF} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F25E089-306D-4438-8D36-E8E4EF576F0E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{01928202-B9F0-4CDB-9146-19BE8BF3C60D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{627EF0FD-06A2-4EFA-8657-51C49A90D470} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D22A8A25-A65F-447C-9AF9-D9E44EB70F10} "= UDP:d:\program files\Curse\CurseClient.exe:Curse Client
"{A4D88677-3AC6-4037-8D65-372BF1D97AF6} "= TCP:d:\program files\Curse\CurseClient.exe:Curse Client
"{49E49F19-783E-418F-98DA-9B823C42DBA3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{18DFE816-928F-46BE-AECC-2B92457E9471} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{622B242E-B2DB-4898-BFE9-FACDA86D9357} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C2FBA2AA-B204-4859-B6BF-A04395AAB0F2} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{75A7D2DC-CA70-4062-8C13-F9B240604BED} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{30AAC4F8-DEEE-4C0C-90D8-3E65850FBE98} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{907ACDA4-5282-452E-A63E-C45B4020F371} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D8772891-649B-48C3-BEBF-8B657C679B5D} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FC5D4D9F-11C0-43AD-A2AC-D2285BE58CB8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4012735C-3B7B-43F0-B2E7-732D57604029}d:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert(tm) ii\\ra2\\game.exe "= UDP:d:\program files\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{622DCDB4-279F-42E6-991B-20B81F897663}d:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert(tm) ii\\ra2\\game.exe "= TCP:d:\program files\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe:Main executable for Red Alert 2
"{58B97D7C-4463-41DF-B083-4EC1BA819042} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1A2A4FF2-58E4-4906-BE54-29E670C320AA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{205A8AE2-F4D2-43C4-933F-0D0E7D366059} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3512625F-9638-4501-A49A-45179782BF41} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{0E3F8D66-F440-458D-A90F-B8686314299E}c:\\program files\\xfire\\xfire.exe "= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{6E3093DE-AF77-4951-A4BF-1A1FA68A734E}c:\\program files\\xfire\\xfire.exe "= TCP:c:\program files\xfire\xfire.exe:Xfire
"{EE91329A-0127-44EF-AF7D-1DE0C13BD829} "= UDP:c:\program files\DNA\btdna.exe: DNA (TCP-In)
"{5D46CD4E-48B0-446E-8990-99FDCE06FF19} "= TCP:c:\program files\DNA\btdna.exe: DNA (UDP-In)
"TCP Query User{8ACFC701-4271-4CF9-8CC8-4EDEF1EC896E}c:\\program files\\ccp\\eve\\bin\\exefile.exe "= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{07951FAC-715A-4341-8F44-10EA390C2962}c:\\program files\\ccp\\eve\\bin\\exefile.exe "= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{E67B9408-5583-4B65-B403-C90F172A9C41} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{68B691BE-A1BB-4DA7-9DDD-063DC063FDE4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{234735BD-3242-4421-B45A-9E0FC6E04668}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe "= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{F7E41912-87A1-415B-BBAC-651DAD75EEF8}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe "= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"{22D1DEF8-B39A-43ED-8461-D65D56073DDD} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{82C035D0-097F-48F5-B881-C19706C03A1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A35FBF56-EE1C-43E8-B964-6142E881DDA2} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{514B5476-D733-48AB-9ABB-6DE7F6D8BC89} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"TCP Query User{182FE0F3-2D2F-4BD4-835D-BF792362045B}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{652739FD-C367-481A-A14D-4473BD37E4EF}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2C20CBA5-9687-430C-AD4F-A48443A333CC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC51405-68F9-463A-883F-41588FAE914D} "= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{35031093-5968-4A15-93E6-02E961361411} "= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"TCP Query User{93F45042-ECC3-4F9F-A902-A295823750EA}x:\\games\\freespace\\fs.exe "= UDP:x:\games\freespace\fs.exe:fs.exe
"UDP Query User{A0BB1388-3F5B-42D1-AE9F-2EA87E1BB23C}x:\\games\\freespace\\fs.exe "= TCP:x:\games\freespace\fs.exe:fs.exe
"TCP Query User{8F285CE5-EF8A-461E-A170-737736545195}c:\\program files\\taikodom\\taikodom-game.exe "= UDP:c:\program files\taikodom\taikodom-game.exe:taikodom-game
"UDP Query User{E40E2284-D2BE-4149-9B35-75C2BD9CBD47}c:\\program files\\taikodom\\taikodom-game.exe "= TCP:c:\program files\taikodom\taikodom-game.exe:taikodom-game
"TCP Query User{5747A468-9915-4B83-82D1-C5FA203D9CF7}d:\\program files\\steam\\steamapps\\quicknuts\\counter-strike\\hl.exe "= UDP:d:\program files\steam\steamapps\quicknuts\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{FDD24B2F-DA53-4C5B-A44E-5B054BAD284B}d:\\program files\\steam\\steamapps\\quicknuts\\counter-strike\\hl.exe "= TCP:d:\program files\steam\steamapps\quicknuts\counter-strike\hl.exe:Half-Life Launcher
"{0B013C14-12A3-47D1-9FC0-FAAC5790738B} "= UDP:d:\thq\Company Of Heros\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{D11E0755-C4E0-4E25-8CEF-198C01A6321E} "= TCP:d:\thq\Company Of Heros\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{910713F3-EC98-4120-807E-924180AC3352}c:\\program files\\microsoft games\\freelancer\\exe\\freelancer.exe "= UDP:c:\program files\microsoft games\freelancer\exe\freelancer.exe:Freelancer
"UDP Query User{BBFB6D04-9B43-4167-BD64-03D4FFA1A66E}c:\\program files\\microsoft games\\freelancer\\exe\\freelancer.exe "= TCP:c:\program files\microsoft games\freelancer\exe\freelancer.exe:Freelancer
"{E3AC5F95-2A10-49A0-ABE7-826F54883023} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{74F4023A-651B-4D74-ABC8-BE7D46E51293}c:\\program files\\postal2stp\\system\\postal2.exe "= UDP:c:\program files\postal2stp\system\postal2.exeostal2
"UDP Query User{A7A7E7D6-3D03-4428-BA4B-21810F22AE8D}c:\\program files\\postal2stp\\system\\postal2.exe "= TCP:c:\program files\postal2stp\system\postal2.exeostal2
"TCP Query User{FAF659B3-0946-49D4-8E0A-1E216FAC8D7F}d:\\thq\\dawn of war ii\\dow2.exe "= UDP:d:\thq\dawn of war ii\dow2.exe: DOW2
"UDP Query User{46A652E8-76C2-4980-965C-13B8A294F9F5}d:\\thq\\dawn of war ii\\dow2.exe "= TCP:d:\thq\dawn of war ii\dow2.exe: DOW2
"{56CD7619-FA1B-4831-ABED-12BD2DFC42D9} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{375EE8CC-DF60-4152-B0F2-573E1191B511} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{EBE70FC7-63A7-4445-85F7-64EB05F9BE7F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAE99734-BD86-4DC3-9483-F6F86ECABB1A} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{01BDAEF8-4550-4DA1-BF5A-B6627D16FB3B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C1626D31-6755-4451-B267-50CB20BE861E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C50DBEC3-2D25-4174-BCC4-00B09E04FB1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F84C4BD9-A93A-4E46-A6FC-15DEAEF91A4D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8B6A01E0-AE63-463E-AAFC-D1C9E344B5F5} "= UDP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{A74A3AD3-4FB9-4033-85C3-562BF622BBBA} "= TCP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{504035CE-62CC-4A0A-8EBC-92520E28C19C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0B32E99-3C4C-48E7-9FD1-53EC31ADE70C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6D04B9B3-0995-4ACF-BB74-6887E2619442} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B9EBEDB7-99F9-4F30-8D62-AEBA88942CFA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9486A3F2-7B52-4D27-9A1C-3CC8AA87D4C0} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{253CFDB6-4694-49FB-9E19-D867A1C47702} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{67B365A9-EF7D-412F-A893-80F84ADC5F55} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F55A6536-09AF-4EC8-9EA3-62DCEF6B4176} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D76A6CAF-B085-4CE6-A4E9-E1948402F348} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{529A3C66-EFBB-459E-885D-A80419C4DA07} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B32AFF21-80C9-4593-B15D-919FFCC65CC6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{69FF18F9-F19D-4BF8-AC69-5FCF72753FAD} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8AA4FED3-50C9-48E7-A08F-E2DB07FCB9FE} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B0EE6FC0-9D8C-4375-8522-4CDF18AA811B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A93CE84F-459F-4C55-8D93-AB89AC25543D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{508E7CF1-49FF-40CE-9E70-15CCF1E8AF91} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C83F7A5F-D8C7-426F-9A11-F93F1F2F8E36} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{315B2511-87D2-4308-9FD8-651B984EBC76} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7E33117A-C5E2-43F3-B0BA-53ADBD28C527} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{41A4C4E0-1FA0-4D4B-98EE-2FDFC8D96AAF} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F7A65427-78B1-4AEA-9600-8978E54079D3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{701FA8E4-429F-45AD-8862-C666AF75FBD8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C5608C8-C8B2-4867-B3CD-A4120A7A4654} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{833BFE12-9C16-4DD3-AA24-E34B435A1823} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD1FCD9D-CD09-4B92-AB76-DAB6813F96B6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AB733CB-89B2-4D46-8DB9-3C0F5FE6FC7B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{820FE82C-B2FF-4CEE-8E70-1765486189BB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EAF355C-8696-4754-958E-563CA7095B25} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4795608B-1BA9-4C5E-AEFF-D3609DA7B03F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F44281F2-D63B-464B-924D-4AD04F02F869} "= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{04311750-FF0F-4722-AAF9-1416704F3D80} "= UDP:d:\program files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe:Codename Panzers Cold War
"{0E61DFA2-03DA-47BD-B070-369285B2968E} "= TCP:d:\program files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe:Codename Panzers Cold War
"{53655FA8-3331-45A9-830D-E2C2BB2039FC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{38522A17-94C8-4860-8848-97C635041E14} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{AF5890AB-A188-466E-BD1F-19CB1E965754}c:\\program files\\java\\jre6\\bin\\java.exe "= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{11807467-ACC4-4103-B157-51C10B9A9C95}c:\\program files\\java\\jre6\\bin\\java.exe "= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{CEE76EA8-498C-4A6B-887D-657F20DFE0C3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6EC4FEB5-8F03-4DF8-BE84-C2B853140225} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FF753F50-A908-44A2-A459-985660C8DE8B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F5BC461A-337E-4F53-A58D-2FFB759DC7B9} "= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{3D21BA47-D596-4C3B-A896-108162295931} "= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{7D2CA610-8DFC-4816-8E57-2655F3BE51AE} "= UDP:d:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{A94A4395-0D30-479C-8337-577BCF44F899} "= TCP:d:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{16BB7460-5A5F-410F-AB8E-39FAC3B402EC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5453CAE-2785-4F2F-A481-A1A8ACD700B1} "= UDP:d:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{70B979A5-AD4F-4BAD-8601-ADF8D7DD0856} "= TCP:d:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{39A550E0-E307-4E7C-B468-923B366EB177} "= UDP:d:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{0A4F6FCC-22F6-4367-A4D1-CEB656092C6F} "= TCP:d:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{39CA23B2-7C6C-4D4C-949B-346A8181CBDC} "= UDP:d:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F33D985F-A582-4A30-B4C6-A073D2D3FA1D} "= TCP:d:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{9FE8B067-03FB-4E9A-8C34-06E5142FBA0C} "= UDP:d:\program files\Stardock Games\Demigod\bin\Demigod.exe: Demigod
"{88D5B530-D881-439C-BB52-AD8ACF13E5CA} "= TCP:d:\program files\Stardock Games\Demigod\bin\Demigod.exe: Demigod
"{15A44C9D-EBFE-457D-BF47-9DCC1303141C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FA0FC05-CD36-438F-A110-26E2FA576705} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D53A9CC-676A-4ABB-8F34-D6AA8D6A18B8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0DA13143-5B55-4BE8-A771-65B48EE17CA7} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\3dsmax.exe:Autodesk 3ds Max Design 2010 32-bit
"{E815431A-029B-49BD-A516-32A459DD26E3} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\3dsmax.exe:Autodesk 3ds Max Design 2010 32-bit
"{52B8FB23-6E05-48FF-9C2D-0EBB028D5BE1} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max Design 2010 32-bit
"{C0160464-DE3E-4836-B66F-D58F70170375} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max Design 2010 32-bit
"{32F215A7-3426-46E7-9094-542A54F33516} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max Design 2010 32-bit
"{3552A89C-DCAF-4E7A-A233-474008702933} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max Design 2010 32-bit
"{4E46422D-0EBA-4B91-8FA7-F81534452ECD} "= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{8F977E22-CBEC-4C12-B034-6AA677E737E3} "= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{2B420EAF-A1D8-4CA5-BBEC-A0083FDEA675} "= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4D894119-FAE9-4048-A220-5DF4D3027AB4} "= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{800AED53-ABA8-4058-84AE-8F00ED0F31A9} "= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{E6773BE2-6CFD-4363-9DE3-BB4FABF032EF} "= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{4A85E04A-A4DD-41A0-B53B-45F2B80DBC8A}d:\\program files\\autodesk\\maya2009\\bin\\maya.exe "= UDP:d:\program files\autodesk\maya2009\bin\maya.exe:Maya
"UDP Query User{5808219A-0950-4E83-AD61-6B9EAA746726}d:\\program files\\autodesk\\maya2009\\bin\\maya.exe "= TCP:d:\program files\autodesk\maya2009\bin\maya.exe:Maya
"{4CF8DCD4-B8C4-4FCA-8EDF-D0371FAAD797} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9AEB53EB-35FD-4A9F-922F-C8FA86C9632B} "= UDP:d:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404
"{3867E346-A3A1-49EB-8823-7BAA1412B1C5} "= TCP:d:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404
"{3C661D8B-D60A-44DA-B976-6C9AFE250748} "= UDP:d:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web
"{5D38E6BA-EBBB-4A88-8D97-3EB49BDD8DAA} "= TCP:d:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web
"{1A2F2FA1-673C-45AC-904B-489BA1100902} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FAD7F84E-FF23-42C6-8366-833DB4542EE6} "= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{43EC4D63-51FB-4A81-9165-5FD55C9205B7} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{961D7E9B-E361-4A8B-9CC1-F73A5398740C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0616BE61-BB13-4F9F-8CBF-3345575A0547} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A4463D29-CE4A-4A8E-9881-2A9E2C5C0A6B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{80F56225-ABCE-4C77-9F06-14B9CAADA587} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC3F4B8D-7F45-4092-845B-0FA0A6B62486} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4989BCEA-B5D2-4DBB-B5DA-3FEE2256D932} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:Blizzard Downloader
"{9A1D6F7B-A196-43B0-B483-D032CAE83D12} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{D2EF1224-698C-4282-A0EC-00DEA0E5EAE6}d:\\users\\public\\games\\world of warcraft\\launcher.exe "= UDP:d:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{38F663F0-FB2D-4F73-8488-C56802833497}d:\\users\\public\\games\\world of warcraft\\launcher.exe "= TCP:d:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{47BF255B-115E-4C76-8291-4A74378BDD27} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader
"{1D404175-F0D4-40B8-9B88-EEB35D01ACE0} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader
"{50451DEE-F430-44CA-B73D-55066995B91F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6383D635-03C4-4BB7-84C4-EB4E5359B2C3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{73706CDD-2C49-411D-9564-E2E8F52EB7AE} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E43DF1EE-538B-4B88-8D91-12A3942DF717} "= UDP:c:\program files\DVD or CD Sharing\ODSAgent.exe: DVD or CD Sharing
"{34465FE5-2434-4303-81E2-F8F252FBC6DC} "= TCP:c:\program files\DVD or CD Sharing\ODSAgent.exe: DVD or CD Sharing
"{DD875490-DB93-4628-885F-80D0165B801C} "= UDP:c:\program files\DVD or CD Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{4101D8E4-F2B3-4CC3-974D-2EA3E20C2470} "= TCP:c:\program files\DVD or CD Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{01A9C9A4-648D-4226-A53A-DCF1FE8150E8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCDA23E5-0F3E-463F-91AB-4D9EA9716700} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5E5F34F-BD7A-4CDF-91F1-3E3352F5D8DA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD15AA3E-D928-471D-9294-D842B13ED535} "= UDP:d:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{D393DFE7-A013-478C-B4A8-2D989DE206BF} "= TCP:d:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{05C167EA-FA77-47DA-BAE5-A1FEF236EDB8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{137410BC-9F8D-48C6-B49E-78CEB7290585} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E7C863D5-DE47-449F-AAEB-93855E652BD2} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{18204C5D-0C29-4A52-856F-225B5547BFD3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1A7A748E-731B-437C-AE8C-72A4548E576F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{792DD84B-9D71-47F5-BE59-4FBD4C5B5362} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A08809AC-BD73-4C7A-9FDB-524A08AA8F9F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{40D2905E-1E1E-4794-BF4B-03CCE92F79D6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4B250DA1-30E5-4B46-A355-84C4574EE68C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1E8BFC47-1DBD-4CE5-B638-4162B30CBA52} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{37DB2B5A-D130-4FC6-8930-8E7A89C1DD02} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7293955A-1128-436F-88BD-8556332089E0} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1C9086D9-0519-4301-A466-58FC26C2359F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1706978D-F6D3-4549-BE67-D085957AE8D4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8CCBC1D3-E8B6-4D94-A0DD-C14BDAD445EA} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{C206FEDB-EB5D-4A12-93CC-06DD678C9F97} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{AD8AC025-E3D6-4C41-A900-D5ABD10BD1B9} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{F53B00FE-ACA6-49EB-8364-1885E25F872B} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{4ABBA406-0D10-4CFC-941F-B0DE3C95B5ED} "= c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{E283E561-DA89-44F0-8794-7E85C394FB70} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CDA1540-D815-4408-85F2-3E4FE30869EB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBB08572-4469-47CD-BCF9-BF742B96CFF5} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3F3DE73F-49E8-4FFB-BC15-478A00F1804B} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B313917F-2211-460D-995A-CCF73222D343} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{16A80B66-F55E-4C3C-8370-E5DC0AA161C4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F7A9843E-E8D3-48DB-A1C8-41152F99A62F} "= UDP:c:\program files\AirPort\APAgent.exe:AirMac
"{90958ECC-D7AF-4294-8FA7-6DC3309B4336} "= TCP:c:\program files\AirPort\APAgent.exe:AirMac
"{1202B4E6-10C1-4CB3-94AF-81574F0BAE1F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{13A2E39A-C942-484D-9911-69E4C13A66DA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C643959-2537-4845-A2A3-1A3E3AC92D51} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{35F32DD3-A37E-4B33-B04C-4E3F07E9595E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{04D188B1-5188-4E16-A123-E48DA6C0E1CA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{55F15F8C-3319-427B-9F8B-025F3A696A91} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{47631B7A-C95A-4FFB-9707-7FB64899F53F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7859529B-A8BE-4BD2-BC93-8D37E81B13A8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4BE4F46B-762C-4313-B033-D9881B46098B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD15E66-730F-4B57-9EC6-32CE59D618BC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E4D5AAE5-8C21-4B04-AF87-4956408E3FB1} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8D29B9F9-9C1D-4C06-9026-D7CAE2D19DB7} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B8C73D21-C69F-4157-BCBD-1AB02D9A77EA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D2846E0-8A95-487E-8347-AFE569E84FD7} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D8127C7D-1DF7-410F-ACAE-BB0294EEFB5B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{67048BF6-E925-4C49-8788-6F1DFD211233} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6D6F74DD-2A49-4714-A207-D35B37F616B9} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1B329A0C-19FE-41D4-9337-06D0DFFC0281} "= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= c:\program files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"c:\\Nexon\\Combat Arms\\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [4/29/2009 2:07 AM 172032]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/29/2008 6:52 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/29/2008 6:52 PM 234888]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [7/5/2006 6:40 AM 976768]
R3 wsvad_driver;WS Audio Device;c:\windows\System32\drivers\VirtualAudio.sys [12/20/2008 7:19 PM 16896]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe --> c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [?]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;d:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [3/25/2009 9:07 PM 2831232]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\System32\drivers\lmvac.sys [10/17/2008 10:42 PM 18912]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VMHybrid;VMHybrid service;c:\windows\System32\drivers\VMHybrid.sys [4/29/2009 8:28 AM 1060224]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\System32\drivers\xPADFL02.sys [5/16/2009 8:19 PM 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\NeroLiveEpgUpdate-Tyler-PC_Administrator.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 20:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: gametap.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1j5cbt3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{A057A204-BACC-4D26-B6F2-49F8CCAB3ED4} - (no file)
WebBrowser-{A057A204-BACC-4D26-B6F2-49F8CCAB3ED4} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Startup Manager - c:\program files\Advanced System Optimizer\startUp manager.exe
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,ed,40,8b,9f,f3,89,42,bf,04,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,e6,e8,77,5f,bd,73,4f,a8,4a,bf,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,ed,40,8b,9f,f3,89,42,bf,04,e1,\

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aif "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aifc "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aiff "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.avi "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Paint.Picture "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.cda "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.cdda "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.HTM "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.HTM "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipa "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipg "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipsw "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\Alcohol.exe "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itb "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itdb "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itl "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itms "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itpc "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "jpegfile "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m3u "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m3u8 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4a "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4b "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4p "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4r "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4v "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\Alcohol.exe "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.MHT "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.MHT "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.mp2 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.mp3 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.pcast "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.pls "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.URL "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.wav "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.wave "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WAX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMD "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMS "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMV "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMZ "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WPL "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WVX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:9e,4f,06,fa,60,a9,a8,5a,41,4a,94,7a,90,d5,16,e7,39,f6,6b,a2,28,d9,a4,
f8,62,6b,3d,99,5f,5f,d0,e2,da,b4,bf,f6,bf,cd,92,c0,17,49,a2,89,b1,81,fd,a6,\
"?? "=hex:88,f0,3d,74,67,f9,77,11,f5,60,4b,b2,f7,e8,4a,39

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\SecuROM\License information*]
"datasecu "=hex:24,a5,8b,da,c2,91,41,c7,e5,ab,4b,bc,15,4c,6b,20,17,65,fe,3b,76,
f9,39,6c,30,74,d0,80,98,a8,36,94,e0,b4,6d,59,e9,81,55,b7,ad,f9,b3,2d,12,53,\
"rkeysecu "=hex:22,f9,52,9c,ee,d2,4d,5a,e2,af,d0,c4,0f,27,a7,c3
.

Chaosmachine420 · 2009/10/06

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5616)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\atieclxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Microsoft Office\Office12\ONENOTE.EXE
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\inetsrv\w3wp.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-10-06 5:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 11:01

Pre-Run: 17,090,355,200 bytes free
Post-Run: 17,438,294,016 bytes free

Current=2 Default=2 Failed=5 LastKnownGood=3 Sets=1,2,3,4,5
872 --- E O F --- 2009-10-06 07:57

broni · 2009/10/06

Did you reinstall Avast already?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\ativpsrm.bin
c:\windows\system32\mlfcache.dat
c:\windows\system32\YSys.dll
c:\windows\system32\rp_stats.dat
c:\windows\system32\rp_rules.dat


Folder::
c:\programdata\avg8


Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Chaosmachine420 · 2009/10/06

Nope i uninstalled everything an still is uninstalled. Ok now I finally got the hijackthis to work.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:07 PM, on 10/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
D:\Program Files\Curse\CurseClient.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AirMac Base Station Agent] "C:\Program Files\AirPort\APAgent.exe "
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: ASUS
O4 - Global Startup: BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://www.gametap.com
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ASO3DiskOptimizer - Unknown owner - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe (file missing)
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16082 bytes

broni · 2009/10/06

Very well.

Run the instructions from my previous post and post fresh logs.
Wait with reinstalling Avast until my next reply.

Chaosmachine420 · 2009/10/06

ComboFix 09-10-05.01 - Administrator 10/06/2009 15:35.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1408 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\ativpsrm.bin "
"c:\windows\system32\mlfcache.dat "
"c:\windows\system32\rp_rules.dat "
"c:\windows\system32\rp_stats.dat "
"c:\windows\system32\YSys.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\avg8
c:\windows\ativpsrm.bin
c:\windows\system32\mlfcache.dat
c:\windows\system32\rp_rules.dat
c:\windows\system32\rp_stats.dat
c:\windows\system32\YSys.dll
c:\windows\Temp\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 21:48 . 2009-10-06 21:48 -------- d-----w- C:\found.002
2009-10-06 21:41 . 2009-10-06 21:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-06 21:41 . 2009-10-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-06 21:41 . 2009-10-06 21:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-06 20:59 . 2009-10-06 20:59 -------- d-----w- c:\program files\Trend Micro
2009-10-06 19:35 . 2009-10-06 19:35 -------- d-----w- c:\program files\AirPort
2009-10-02 23:20 . 2009-10-01 16:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- C:\acccore
2009-10-01 00:28 . 2009-10-01 00:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-30 03:18 . 2009-09-30 03:18 -------- d-----w- C:\found.001
2009-09-27 14:36 . 2009-09-27 14:36 -------- d-----w- c:\users\Administrator\AppData\Local\Yahoo!
2009-09-23 22:29 . 2009-09-23 22:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo! Companion
2009-09-22 14:06 . 2009-09-22 14:06 -------- d-----w- c:\program files\Alwil Software
2009-09-22 11:51 . 2009-09-23 03:34 -------- d-----w- c:\programdata\Systweak
2009-09-22 11:49 . 2009-09-23 03:55 -------- d-----w- c:\windows\Repair
2009-09-22 11:49 . 2009-09-23 03:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Systweak
2009-09-22 11:49 . 2009-09-22 11:49 -------- d-----w- c:\programdata\MyDefrag
2009-09-22 11:49 . 2009-09-23 03:34 -------- d-----w- c:\program files\Advanced System Optimizer 3
2009-09-21 22:28 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-21 22:28 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-21 22:27 . 2009-09-21 22:27 -------- d-----w- c:\program files\iPod
2009-09-21 22:27 . 2009-09-21 22:28 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 22:24 . 2009-09-21 22:24 -------- d-----w- c:\program files\QuickTime
2009-09-21 09:09 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-09-21 09:09 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-09-21 09:03 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2009-09-21 09:03 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2009-09-21 09:03 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2009-09-21 09:03 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2009-09-21 09:03 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2009-09-21 09:03 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2009-09-21 09:03 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2009-09-20 00:32 . 2009-09-20 00:32 -------- d-----w- c:\programdata\NOS
2009-09-20 00:32 . 2009-09-20 00:32 -------- d-----w- c:\program files\NOS
2009-09-18 15:31 . 2009-09-18 15:31 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-09-18 12:32 . 2009-10-04 06:23 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-09-18 12:32 . 2004-08-04 14:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-09-18 11:54 . 2009-10-04 06:26 -------- d-----w- c:\program files\ThreatFire
2009-09-18 11:47 . 2009-09-18 11:48 -------- d-----w- c:\program files\Zune
2009-09-18 10:14 . 2009-09-18 10:14 -------- d-----w- C:\$WINDOWS.~BT
2009-09-18 03:41 . 2009-09-22 18:46 -------- d-----w- C:\found.000
2009-09-17 01:58 . 2009-09-17 01:58 -------- d-----w- c:\windows\system32\hwswchecker
2009-09-14 23:32 . 2009-09-14 23:32 -------- d-----w- c:\program files\Realtek
2009-09-14 23:32 . 2009-09-14 23:32 2510368 ----a-w- c:\windows\system32\RtkHDMI.dll
2009-09-14 23:32 . 2009-09-14 23:32 965664 ----a-w- c:\windows\system32\RHDMIExt.dll
2009-09-14 23:32 . 2009-09-14 23:32 40992 ----a-w- c:\windows\system32\RHCoInst.dll
2009-09-14 23:32 . 2009-09-14 23:32 155808 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 21:08 . 2009-02-06 22:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2009-10-06 19:50 . 2009-02-06 22:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2009-10-06 19:48 . 2008-10-02 17:34 7836 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2009-10-06 19:38 . 2008-10-09 14:06 -------- d-----w- c:\program files\Common Files\Apple
2009-10-04 18:56 . 2008-10-09 16:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Autodesk
2009-10-04 18:56 . 2008-10-09 16:01 -------- d-----w- c:\programdata\Autodesk
2009-10-04 03:46 . 2009-06-08 19:18 -------- d-----w- c:\programdata\Lavasoft
2009-10-04 03:46 . 2009-06-08 19:18 -------- d-----w- c:\program files\Lavasoft
2009-10-01 00:27 . 2008-10-27 01:40 -------- d-----w- c:\program files\Windows Live
2009-09-28 04:45 . 2009-04-29 14:27 -------- d-----w- c:\program files\Driver Checker
2009-09-27 17:02 . 2008-10-02 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 00:22 . 2009-07-02 12:02 -------- d-----w- c:\program files\Common Files\Akamai
2009-09-23 04:15 . 2008-10-30 18:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\SolidWorks
2009-09-23 04:15 . 2008-12-05 21:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2009-09-23 04:15 . 2008-12-30 00:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2009-09-23 04:15 . 2009-05-05 02:20 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-23 04:15 . 2008-12-20 21:21 -------- d-----w- c:\program files\Diablo II
2009-09-23 04:15 . 2009-04-15 21:39 -------- d-----w- c:\program files\DNA
2009-09-22 18:47 . 2009-04-15 21:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DNA
2009-09-22 01:01 . 2008-10-09 14:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2009-09-21 23:14 . 2009-08-25 14:25 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-21 23:13 . 2009-06-02 16:31 -------- d-----w- c:\program files\iTunes
2009-09-21 09:45 . 2009-09-21 09:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-21 09:13 . 2009-09-21 09:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-21 09:13 . 2009-09-21 09:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-20 08:28 . 2009-01-15 05:34 -------- d-----w- c:\programdata\PMB Files
2009-09-20 07:34 . 2008-10-31 22:41 -------- d-----w- c:\programdata\HP
2009-09-17 01:58 . 2009-04-18 06:29 -------- d-----w- c:\program files\GameTap Web Player
2009-09-15 14:17 . 2008-10-09 14:10 -------- d-----w- c:\program files\Apple Software Update
2009-09-14 19:02 . 2008-12-30 00:51 -------- d-----w- c:\program files\Vuze
2009-09-13 07:07 . 2009-06-24 08:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\IGN_DLM
2009-09-12 01:42 . 2008-10-09 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-09-10 18:09 . 2008-10-18 04:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo!
2009-09-10 18:09 . 2008-10-18 04:35 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 18:09 . 2008-10-18 04:34 -------- d-----w- c:\program files\Yahoo!
2009-09-10 18:09 . 2008-10-27 01:33 -------- d-----w- c:\programdata\Yahoo!
2009-09-10 09:08 . 2008-12-04 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 21:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 21:24 . 2008-10-02 17:55 -------- d-----w- c:\programdata\Microsoft Help
2009-09-04 19:17 . 2009-09-04 19:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-04 04:24 . 2009-05-21 01:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-02 23:11 . 2009-09-02 22:43 18221 ----a-w- c:\windows\DIIUnin.dat
2009-09-02 23:10 . 2008-12-20 21:38 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-09-02 23:10 . 2008-12-20 21:38 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-09-02 23:10 . 2008-12-20 21:38 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-09-02 22:43 . 2009-09-02 22:43 94208 ----a-w- c:\windows\DIIUnin.exe
2009-09-02 22:43 . 2009-09-02 22:43 2829 ----a-w- c:\windows\DIIUnin.pif
2009-09-02 20:12 . 2009-06-21 00:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\IM
2009-09-02 06:29 . 2009-09-02 06:29 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 06:29 . 2009-09-02 06:29 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 06:29 . 2009-09-02 06:29 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 06:29 . 2009-09-02 06:29 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 06:29 . 2009-09-02 06:29 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 06:29 . 2009-09-02 06:29 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-09-02 02:41 . 2009-08-26 03:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\HpUpdate
2009-08-31 01:36 . 2009-05-20 18:09 -------- d-----w- c:\program files\DivX
2009-08-31 01:36 . 2009-08-31 00:09 -------- d--h--w- c:\program files\Temp
2009-08-29 00:27 . 2009-09-02 19:33 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 19:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 22:47 . 2008-10-18 04:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 21:25 . 2009-01-09 09:41 -------- d-----w- c:\program files\Diablo
2009-08-28 17:40 . 2009-06-27 06:52 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-08-26 08:57 . 2009-08-26 08:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-25 14:29 . 2009-08-25 14:29 -------- d-----w- c:\program files\Safari
2009-08-25 14:18 . 2009-08-25 14:18 -------- d-----w- c:\program files\DVD or CD Sharing
2009-08-25 14:00 . 2009-08-25 14:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.ExMan
2009-08-21 00:43 . 2009-08-21 00:36 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-19 07:54 . 2009-08-19 03:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-19 02:06 . 2009-06-21 23:04 -------- d-----w- c:\program files\Java
2009-08-19 01:58 . 2009-08-19 01:58 -------- d-----w- c:\program files\prodegetoolbar764
2009-08-19 01:51 . 2009-08-19 01:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2009-08-17 18:37 . 2009-08-17 18:37 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 18:37 . 2009-08-17 18:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-14 16:27 . 2009-09-09 10:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 10:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 10:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 10:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 10:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 10:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 10:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 10:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 10:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 10:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 10:30 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 12:58 . 2009-09-18 12:32 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-08 01:51 . 2009-08-08 01:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 01:51 . 2009-08-08 01:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-03 21:07 . 2009-08-03 21:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 21:07 . 2009-08-03 21:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 21:07 . 2009-08-03 21:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 22:44 . 2009-07-26 22:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 11:23 . 2009-06-21 23:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-19 02:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-19 02:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-19 02:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-19 02:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-19 02:10 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-19 02:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-19 02:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-19 02:09 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

Chaosmachine420 · 2009/10/06

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 01:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Chatango "= "c:\program files\Chatango\Chatango.exe" [2008-02-05 356352]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-19 5137648]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-23 2363392]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-05-27 24264488]
"CurseClient "= "d:\program files\Curse\CurseClient.exe" [2009-07-06 1966592]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2009-08-27 9351168]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"igndlm.exe "= "c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"WindowsWelcomeCenter "= "oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService "= "c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp "= "c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-05-04 467240]
"XboxStat "= "c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"DVD or CD Sharing "= "c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"AirMac Base Station Agent "= "c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2009-04-29 6144000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2009-08-27 9351168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2008-10-2 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-6 66864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ASUS\ASUS Splendid
ASUS Splendid.lnk - c:\program files\ASUS\ASUS Splendid\ASUSplendid.exe [2009-3-25 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):da,d5,8b,0b,31,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= c:\program files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"c:\\Nexon\\Combat Arms\\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83E159DD-D695-46D6-81F5-D86DA758C77E} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{12FD2D1A-2668-42D0-BAD0-B290E902A709} "= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{F25E9090-5A71-4423-A0BC-25890374508B} "= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{D9667377-CBDC-4C62-9F95-F2860CCBDC6F} "= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{FCD24681-A6FE-4D84-BE37-F411FA68A316} "= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{D3B91304-31C5-4251-8017-D43D397DE3A6} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5A7435DE-C282-418C-B8CE-70FB4556BAB1} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2706F5BF-11E1-4FD3-82F0-0F44D9B162C7} "= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A62D7FA6-122D-4728-83C7-F2395B2DC029} "= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1608B5CF-D8F5-491B-81FB-8327E8F4274B} "= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B77636E3-3EC5-4ACF-A078-BBA53292F193} "= TCP:c:\program files\AIM6\aim6.exe:AIM
"{99A076EE-2ED4-4E20-93A5-A2B2E59A4F26} "= Disabled:UDP:f:\setup\HPZNUI01.EXE:hpznui01.exe
"{AA910867-8F46-46F7-9019-3781A397C8F2} "= Disabled:TCP:f:\setup\HPZNUI01.EXE:hpznui01.exe
"{AE3459DC-1E82-47ED-B37B-CE3544E78D10} "= Disabled:UDP:f:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{FD093DEA-6D6F-492A-A5ED-36C48E62417E} "= Disabled:TCP:f:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{2FC7E62C-6105-420A-AD84-71A5FFF7F953} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4CA1153E-47CC-473A-860C-BB9A109443E4} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{39E82487-B8A1-46B5-A47D-3DB8DA6E5706} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{73E3B31D-6DA3-4594-ADA9-8CF2882F9C5C} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4A3272C1-C6AF-4EF4-B531-DEDC1B47AA25} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4AFA5C07-3916-444E-8A5E-B3B8C0262E97} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4DAC701B-C51C-49C8-9063-7E97AF7D50CC} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{9AD01BA4-9C15-46BD-B25D-70B8BBFA5FB6} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{13B6CA50-36FE-4B82-A801-67F5695C7722} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{F4426B9E-C393-43FF-B246-ECBB45D4D38D} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{61A5C701-43D9-4300-8F15-747E2D3D31DA} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{30796679-6D77-4374-BC27-879001AC194C} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{793ECCF6-3922-40CC-9D42-28E64E527BD2} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{BC080534-688B-42D5-9A14-237CFCBB45A9} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{97C16CD9-D0B1-4FF2-9250-06C1887DC66B} "= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{339A1641-EDB0-407F-9697-38A52B8073F6} "= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"TCP Query User{B534F757-1B21-472D-9525-D95B961339CD}c:\\program files\\thq\\dawn of war\\w40k.exe "= UDP:c:\program files\thq\dawn of war\w40k.exe:W40k
"UDP Query User{01B0D50C-135D-4B0C-8BCA-2415AD958F53}c:\\program files\\thq\\dawn of war\\w40k.exe "= TCP:c:\program files\thq\dawn of war\w40k.exe:W40k
"TCP Query User{2DB87786-282F-4ED3-8D24-32DB4F1AD3A8}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe "= UDP:c:\program files\thq\darkcrusade\darkcrusade.exe: DarkCrusade
"UDP Query User{43DFC3E9-501E-43FB-B381-C5A2BBC5EA69}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe "= TCP:c:\program files\thq\darkcrusade\darkcrusade.exe: DarkCrusade
"TCP Query User{42AD69CB-FC3E-4983-A4AE-768BAACAA4FE}c:\\program files\\electronic arts\\eadm\\core.exe "= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FEDC03D9-2C40-4B53-9A4A-74CA5A12EC6A}c:\\program files\\electronic arts\\eadm\\core.exe "= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{DC946A67-C0F2-42ED-A4EF-A2E8DDBB4F31}c:\\program files\\thq\\dawn of war\\w40kwa.exe "= UDP:c:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"UDP Query User{348B7397-C66A-4F1E-B10A-018F68D1CC79}c:\\program files\\thq\\dawn of war\\w40kwa.exe "= TCP:c:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"{3BB42F42-3D9E-4023-9B9F-BC7DD400E972} "= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{F68E385C-B530-4EF5-955C-67DEF27F6444} "= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{BBF71E83-AD34-4A29-AF84-6FEEB083CAB3} "= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{8405ED3E-E16C-4A6F-A22D-3D9A1D40BDFF} "= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{114F8E8D-8B08-4079-BC28-0478307E692B}c:\\program files\\secondlife\\slvoice.exe "= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{670662D9-DFA8-4287-AB7C-B5EB7D54983B}c:\\program files\\secondlife\\slvoice.exe "= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{93DCA17D-387E-4603-BF43-81F49B797209}c:\\program files\\gametap\\bin\\release\\gametap.exe "= UDP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"UDP Query User{1E92A0FD-90BB-492A-937A-02ED5A0DE014}c:\\program files\\gametap\\bin\\release\\gametap.exe "= TCP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"TCP Query User{25F723D1-E857-4112-8ECD-10D559116B69}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe "= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{CE79D1F0-9B08-4326-A33D-477547ECED11}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe "= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{775F9567-4AA2-4F8F-8D35-0C32A09270AC}c:\\program files\\vuze\\azureus.exe "= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{7DEB55B8-7380-441A-A407-79FE803D289B}c:\\program files\\vuze\\azureus.exe "= TCP:c:\program files\vuze\azureus.exe:Azureus
"{A2DC7259-589B-40BE-BEFF-6C4C6AEC4043} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7511C144-D716-4C69-886E-21A912EC83E0} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9FC792ED-19CF-4A13-94E6-265C94EC6E81}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\localserver.exe "= UDP:c:\program files\palestar\darkspace\.cache\darkspace\localserver.exe:LocalServer
"UDP Query User{5711BE07-FBBF-45B5-AD94-94CF81DF2F4B}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\localserver.exe "= TCP:c:\program files\palestar\darkspace\.cache\darkspace\localserver.exe:LocalServer
"TCP Query User{883ECF8B-81E8-4CE4-B58A-26F69CE52548}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\client.exe "= UDP:c:\program files\palestar\darkspace\.cache\darkspace\client.exe:Client
"UDP Query User{AE232AF4-3114-4319-8493-B1F74FF4A7EE}c:\\program files\\palestar\\darkspace\\.cache\\darkspace\\client.exe "= TCP:c:\program files\palestar\darkspace\.cache\darkspace\client.exe:Client
"TCP Query User{07D2E06B-A60F-4489-85AA-5BD354B889BF}c:\\program files\\call of duty game of the year edition\\codmp.exe "= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{65F55CFF-513B-4A54-A26B-55C18EE74F6B}c:\\program files\\call of duty game of the year edition\\codmp.exe "= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"{7FF5DB0B-B029-4B6E-B0CF-8E6F9A7E3708} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CB6E2A6A-2755-4A37-BF72-E3C78FA6E485}c:\\program files\\sony\\station\\launchpad\\launchpad.exe "= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{5FAF0762-A196-435A-89B9-5DAEDE287276}c:\\program files\\sony\\station\\launchpad\\launchpad.exe "= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{09E258B6-471D-4D5D-B471-1A5264C6EB7E} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C742FEFF-9C70-4762-B135-F6FD512C993E} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CBD1B2C1-AEA1-49BF-A87C-F8C7B58F025A} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{2B8A692D-E308-45D4-8521-982E9D1EDF7E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E739DB3-C544-4F43-8398-4FAF025D67F4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E079B26D-4657-47CF-BA5D-49601F3B4B06} "= TCP:67: DHCP Discovery Service
"{85443917-13B0-4910-ABAC-C97F4DE10DCF} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F25E089-306D-4438-8D36-E8E4EF576F0E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{01928202-B9F0-4CDB-9146-19BE8BF3C60D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{627EF0FD-06A2-4EFA-8657-51C49A90D470} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D22A8A25-A65F-447C-9AF9-D9E44EB70F10} "= UDP:d:\program files\Curse\CurseClient.exe:Curse Client
"{A4D88677-3AC6-4037-8D65-372BF1D97AF6} "= TCP:d:\program files\Curse\CurseClient.exe:Curse Client
"{49E49F19-783E-418F-98DA-9B823C42DBA3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{18DFE816-928F-46BE-AECC-2B92457E9471} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{622B242E-B2DB-4898-BFE9-FACDA86D9357} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C2FBA2AA-B204-4859-B6BF-A04395AAB0F2} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{75A7D2DC-CA70-4062-8C13-F9B240604BED} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{30AAC4F8-DEEE-4C0C-90D8-3E65850FBE98} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{907ACDA4-5282-452E-A63E-C45B4020F371} "= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D8772891-649B-48C3-BEBF-8B657C679B5D} "= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FC5D4D9F-11C0-43AD-A2AC-D2285BE58CB8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4012735C-3B7B-43F0-B2E7-732D57604029}d:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert(tm) ii\\ra2\\game.exe "= UDP:d:\program files\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{622DCDB4-279F-42E6-991B-20B81F897663}d:\\program files\\ea games\\command & conquer the first decade\\command & conquer red alert(tm) ii\\ra2\\game.exe "= TCP:d:\program files\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe:Main executable for Red Alert 2
"{58B97D7C-4463-41DF-B083-4EC1BA819042} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1A2A4FF2-58E4-4906-BE54-29E670C320AA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{205A8AE2-F4D2-43C4-933F-0D0E7D366059} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3512625F-9638-4501-A49A-45179782BF41} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{0E3F8D66-F440-458D-A90F-B8686314299E}c:\\program files\\xfire\\xfire.exe "= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{6E3093DE-AF77-4951-A4BF-1A1FA68A734E}c:\\program files\\xfire\\xfire.exe "= TCP:c:\program files\xfire\xfire.exe:Xfire
"{EE91329A-0127-44EF-AF7D-1DE0C13BD829} "= UDP:c:\program files\DNA\btdna.exe: DNA (TCP-In)
"{5D46CD4E-48B0-446E-8990-99FDCE06FF19} "= TCP:c:\program files\DNA\btdna.exe: DNA (UDP-In)
"TCP Query User{8ACFC701-4271-4CF9-8CC8-4EDEF1EC896E}c:\\program files\\ccp\\eve\\bin\\exefile.exe "= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{07951FAC-715A-4341-8F44-10EA390C2962}c:\\program files\\ccp\\eve\\bin\\exefile.exe "= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{E67B9408-5583-4B65-B403-C90F172A9C41} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{68B691BE-A1BB-4DA7-9DDD-063DC063FDE4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{234735BD-3242-4421-B45A-9E0FC6E04668}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe "= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{F7E41912-87A1-415B-BBAC-651DAD75EEF8}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe "= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"{22D1DEF8-B39A-43ED-8461-D65D56073DDD} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{82C035D0-097F-48F5-B881-C19706C03A1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A35FBF56-EE1C-43E8-B964-6142E881DDA2} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{514B5476-D733-48AB-9ABB-6DE7F6D8BC89} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"TCP Query User{182FE0F3-2D2F-4BD4-835D-BF792362045B}c:\\program files\\internet explorer\\iexplore.exe "= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{652739FD-C367-481A-A14D-4473BD37E4EF}c:\\program files\\internet explorer\\iexplore.exe "= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2C20CBA5-9687-430C-AD4F-A48443A333CC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3EC51405-68F9-463A-883F-41588FAE914D} "= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{35031093-5968-4A15-93E6-02E961361411} "= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"TCP Query User{93F45042-ECC3-4F9F-A902-A295823750EA}x:\\games\\freespace\\fs.exe "= UDP:x:\games\freespace\fs.exe:fs.exe
"UDP Query User{A0BB1388-3F5B-42D1-AE9F-2EA87E1BB23C}x:\\games\\freespace\\fs.exe "= TCP:x:\games\freespace\fs.exe:fs.exe
"TCP Query User{8F285CE5-EF8A-461E-A170-737736545195}c:\\program files\\taikodom\\taikodom-game.exe "= UDP:c:\program files\taikodom\taikodom-game.exe:taikodom-game
"UDP Query User{E40E2284-D2BE-4149-9B35-75C2BD9CBD47}c:\\program files\\taikodom\\taikodom-game.exe "= TCP:c:\program files\taikodom\taikodom-game.exe:taikodom-game
"TCP Query User{5747A468-9915-4B83-82D1-C5FA203D9CF7}d:\\program files\\steam\\steamapps\\quicknuts\\counter-strike\\hl.exe "= UDP:d:\program files\steam\steamapps\quicknuts\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{FDD24B2F-DA53-4C5B-A44E-5B054BAD284B}d:\\program files\\steam\\steamapps\\quicknuts\\counter-strike\\hl.exe "= TCP:d:\program files\steam\steamapps\quicknuts\counter-strike\hl.exe:Half-Life Launcher
"{0B013C14-12A3-47D1-9FC0-FAAC5790738B} "= UDP:d:\thq\Company Of Heros\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{D11E0755-C4E0-4E25-8CEF-198C01A6321E} "= TCP:d:\thq\Company Of Heros\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{910713F3-EC98-4120-807E-924180AC3352}c:\\program files\\microsoft games\\freelancer\\exe\\freelancer.exe "= UDP:c:\program files\microsoft games\freelancer\exe\freelancer.exe:Freelancer
"UDP Query User{BBFB6D04-9B43-4167-BD64-03D4FFA1A66E}c:\\program files\\microsoft games\\freelancer\\exe\\freelancer.exe "= TCP:c:\program files\microsoft games\freelancer\exe\freelancer.exe:Freelancer
"{E3AC5F95-2A10-49A0-ABE7-826F54883023} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{74F4023A-651B-4D74-ABC8-BE7D46E51293}c:\\program files\\postal2stp\\system\\postal2.exe "= UDP:c:\program files\postal2stp\system\postal2.exeostal2
"UDP Query User{A7A7E7D6-3D03-4428-BA4B-21810F22AE8D}c:\\program files\\postal2stp\\system\\postal2.exe "= TCP:c:\program files\postal2stp\system\postal2.exeostal2
"TCP Query User{FAF659B3-0946-49D4-8E0A-1E216FAC8D7F}d:\\thq\\dawn of war ii\\dow2.exe "= UDP:d:\thq\dawn of war ii\dow2.exe: DOW2
"UDP Query User{46A652E8-76C2-4980-965C-13B8A294F9F5}d:\\thq\\dawn of war ii\\dow2.exe "= TCP:d:\thq\dawn of war ii\dow2.exe: DOW2
"{56CD7619-FA1B-4831-ABED-12BD2DFC42D9} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{375EE8CC-DF60-4152-B0F2-573E1191B511} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{EBE70FC7-63A7-4445-85F7-64EB05F9BE7F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAE99734-BD86-4DC3-9483-F6F86ECABB1A} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{01BDAEF8-4550-4DA1-BF5A-B6627D16FB3B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C1626D31-6755-4451-B267-50CB20BE861E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C50DBEC3-2D25-4174-BCC4-00B09E04FB1D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F84C4BD9-A93A-4E46-A6FC-15DEAEF91A4D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8B6A01E0-AE63-463E-AAFC-D1C9E344B5F5} "= UDP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{A74A3AD3-4FB9-4033-85C3-562BF622BBBA} "= TCP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{504035CE-62CC-4A0A-8EBC-92520E28C19C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0B32E99-3C4C-48E7-9FD1-53EC31ADE70C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6D04B9B3-0995-4ACF-BB74-6887E2619442} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B9EBEDB7-99F9-4F30-8D62-AEBA88942CFA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9486A3F2-7B52-4D27-9A1C-3CC8AA87D4C0} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{253CFDB6-4694-49FB-9E19-D867A1C47702} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{67B365A9-EF7D-412F-A893-80F84ADC5F55} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F55A6536-09AF-4EC8-9EA3-62DCEF6B4176} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D76A6CAF-B085-4CE6-A4E9-E1948402F348} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{529A3C66-EFBB-459E-885D-A80419C4DA07} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B32AFF21-80C9-4593-B15D-919FFCC65CC6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{69FF18F9-F19D-4BF8-AC69-5FCF72753FAD} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8AA4FED3-50C9-48E7-A08F-E2DB07FCB9FE} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{B0EE6FC0-9D8C-4375-8522-4CDF18AA811B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A93CE84F-459F-4C55-8D93-AB89AC25543D} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{508E7CF1-49FF-40CE-9E70-15CCF1E8AF91} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{C83F7A5F-D8C7-426F-9A11-F93F1F2F8E36} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{315B2511-87D2-4308-9FD8-651B984EBC76} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7E33117A-C5E2-43F3-B0BA-53ADBD28C527} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{41A4C4E0-1FA0-4D4B-98EE-2FDFC8D96AAF} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F7A65427-78B1-4AEA-9600-8978E54079D3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{701FA8E4-429F-45AD-8862-C666AF75FBD8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C5608C8-C8B2-4867-B3CD-A4120A7A4654} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{833BFE12-9C16-4DD3-AA24-E34B435A1823} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD1FCD9D-CD09-4B92-AB76-DAB6813F96B6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6AB733CB-89B2-4D46-8DB9-3C0F5FE6FC7B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{820FE82C-B2FF-4CEE-8E70-1765486189BB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EAF355C-8696-4754-958E-563CA7095B25} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4795608B-1BA9-4C5E-AEFF-D3609DA7B03F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F44281F2-D63B-464B-924D-4AD04F02F869} "= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{04311750-FF0F-4722-AAF9-1416704F3D80} "= UDP:d:\program files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe:Codename Panzers Cold War
"{0E61DFA2-03DA-47BD-B070-369285B2968E} "= TCP:d:\program files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe:Codename Panzers Cold War
"{53655FA8-3331-45A9-830D-E2C2BB2039FC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{38522A17-94C8-4860-8848-97C635041E14} "= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{AF5890AB-A188-466E-BD1F-19CB1E965754}c:\\program files\\java\\jre6\\bin\\java.exe "= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{11807467-ACC4-4103-B157-51C10B9A9C95}c:\\program files\\java\\jre6\\bin\\java.exe "= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{CEE76EA8-498C-4A6B-887D-657F20DFE0C3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6EC4FEB5-8F03-4DF8-BE84-C2B853140225} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FF753F50-A908-44A2-A459-985660C8DE8B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{F5BC461A-337E-4F53-A58D-2FFB759DC7B9} "= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{3D21BA47-D596-4C3B-A896-108162295931} "= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{7D2CA610-8DFC-4816-8E57-2655F3BE51AE} "= UDP:d:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{A94A4395-0D30-479C-8337-577BCF44F899} "= TCP:d:\program files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{16BB7460-5A5F-410F-AB8E-39FAC3B402EC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5453CAE-2785-4F2F-A481-A1A8ACD700B1} "= UDP:d:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{70B979A5-AD4F-4BAD-8601-ADF8D7DD0856} "= TCP:d:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{39A550E0-E307-4E7C-B468-923B366EB177} "= UDP:d:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{0A4F6FCC-22F6-4367-A4D1-CEB656092C6F} "= TCP:d:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{39CA23B2-7C6C-4D4C-949B-346A8181CBDC} "= UDP:d:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F33D985F-A582-4A30-B4C6-A073D2D3FA1D} "= TCP:d:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{9FE8B067-03FB-4E9A-8C34-06E5142FBA0C} "= UDP:d:\program files\Stardock Games\Demigod\bin\Demigod.exe: Demigod
"{88D5B530-D881-439C-BB52-AD8ACF13E5CA} "= TCP:d:\program files\Stardock Games\Demigod\bin\Demigod.exe: Demigod
"{15A44C9D-EBFE-457D-BF47-9DCC1303141C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FA0FC05-CD36-438F-A110-26E2FA576705} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D53A9CC-676A-4ABB-8F34-D6AA8D6A18B8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0DA13143-5B55-4BE8-A771-65B48EE17CA7} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\3dsmax.exe:Autodesk 3ds Max Design 2010 32-bit
"{E815431A-029B-49BD-A516-32A459DD26E3} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\3dsmax.exe:Autodesk 3ds Max Design 2010 32-bit
"{52B8FB23-6E05-48FF-9C2D-0EBB028D5BE1} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max Design 2010 32-bit
"{C0160464-DE3E-4836-B66F-D58F70170375} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max Design 2010 32-bit
"{32F215A7-3426-46E7-9094-542A54F33516} "= UDP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max Design 2010 32-bit
"{3552A89C-DCAF-4E7A-A233-474008702933} "= TCP:d:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max Design 2010 32-bit
"{4E46422D-0EBA-4B91-8FA7-F81534452ECD} "= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{8F977E22-CBEC-4C12-B034-6AA677E737E3} "= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{2B420EAF-A1D8-4CA5-BBEC-A0083FDEA675} "= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4D894119-FAE9-4048-A220-5DF4D3027AB4} "= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{800AED53-ABA8-4058-84AE-8F00ED0F31A9} "= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{E6773BE2-6CFD-4363-9DE3-BB4FABF032EF} "= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{4A85E04A-A4DD-41A0-B53B-45F2B80DBC8A}d:\\program files\\autodesk\\maya2009\\bin\\maya.exe "= UDP:d:\program files\autodesk\maya2009\bin\maya.exe:Maya
"UDP Query User{5808219A-0950-4E83-AD61-6B9EAA746726}d:\\program files\\autodesk\\maya2009\\bin\\maya.exe "= TCP:d:\program files\autodesk\maya2009\bin\maya.exe:Maya
"{4CF8DCD4-B8C4-4FCA-8EDF-D0371FAAD797} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9AEB53EB-35FD-4A9F-922F-C8FA86C9632B} "= UDP:d:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404
"{3867E346-A3A1-49EB-8823-7BAA1412B1C5} "= TCP:d:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404
"{3C661D8B-D60A-44DA-B976-6C9AFE250748} "= UDP:d:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web
"{5D38E6BA-EBBB-4A88-8D97-3EB49BDD8DAA} "= TCP:d:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web
"{1A2F2FA1-673C-45AC-904B-489BA1100902} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FAD7F84E-FF23-42C6-8366-833DB4542EE6} "= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{43EC4D63-51FB-4A81-9165-5FD55C9205B7} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{961D7E9B-E361-4A8B-9CC1-F73A5398740C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0616BE61-BB13-4F9F-8CBF-3345575A0547} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A4463D29-CE4A-4A8E-9881-2A9E2C5C0A6B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{80F56225-ABCE-4C77-9F06-14B9CAADA587} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC3F4B8D-7F45-4092-845B-0FA0A6B62486} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4989BCEA-B5D2-4DBB-B5DA-3FEE2256D932} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:Blizzard Downloader
"{9A1D6F7B-A196-43B0-B483-D032CAE83D12} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{D2EF1224-698C-4282-A0EC-00DEA0E5EAE6}d:\\users\\public\\games\\world of warcraft\\launcher.exe "= UDP:d:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{38F663F0-FB2D-4F73-8488-C56802833497}d:\\users\\public\\games\\world of warcraft\\launcher.exe "= TCP:d:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{47BF255B-115E-4C76-8291-4A74378BDD27} "= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader
"{1D404175-F0D4-40B8-9B88-EEB35D01ACE0} "= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader
"{50451DEE-F430-44CA-B73D-55066995B91F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6383D635-03C4-4BB7-84C4-EB4E5359B2C3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{73706CDD-2C49-411D-9564-E2E8F52EB7AE} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E43DF1EE-538B-4B88-8D91-12A3942DF717} "= UDP:c:\program files\DVD or CD Sharing\ODSAgent.exe: DVD or CD Sharing
"{34465FE5-2434-4303-81E2-F8F252FBC6DC} "= TCP:c:\program files\DVD or CD Sharing\ODSAgent.exe: DVD or CD Sharing
"{DD875490-DB93-4628-885F-80D0165B801C} "= UDP:c:\program files\DVD or CD Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{4101D8E4-F2B3-4CC3-974D-2EA3E20C2470} "= TCP:c:\program files\DVD or CD Sharing\RemoteInstallMacOSX.exe:Remote Install Assistant
"{01A9C9A4-648D-4226-A53A-DCF1FE8150E8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCDA23E5-0F3E-463F-91AB-4D9EA9716700} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D5E5F34F-BD7A-4CDF-91F1-3E3352F5D8DA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD15AA3E-D928-471D-9294-D842B13ED535} "= UDP:d:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{D393DFE7-A013-478C-B4A8-2D989DE206BF} "= TCP:d:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{05C167EA-FA77-47DA-BAE5-A1FEF236EDB8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{137410BC-9F8D-48C6-B49E-78CEB7290585} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E7C863D5-DE47-449F-AAEB-93855E652BD2} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{18204C5D-0C29-4A52-856F-225B5547BFD3} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1A7A748E-731B-437C-AE8C-72A4548E576F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{792DD84B-9D71-47F5-BE59-4FBD4C5B5362} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{A08809AC-BD73-4C7A-9FDB-524A08AA8F9F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{40D2905E-1E1E-4794-BF4B-03CCE92F79D6} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4B250DA1-30E5-4B46-A355-84C4574EE68C} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1E8BFC47-1DBD-4CE5-B638-4162B30CBA52} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{37DB2B5A-D130-4FC6-8930-8E7A89C1DD02} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7293955A-1128-436F-88BD-8556332089E0} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1C9086D9-0519-4301-A466-58FC26C2359F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1706978D-F6D3-4549-BE67-D085957AE8D4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8CCBC1D3-E8B6-4D94-A0DD-C14BDAD445EA} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{C206FEDB-EB5D-4A12-93CC-06DD678C9F97} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{AD8AC025-E3D6-4C41-A900-D5ABD10BD1B9} "= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{F53B00FE-ACA6-49EB-8364-1885E25F872B} "= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{4ABBA406-0D10-4CFC-941F-B0DE3C95B5ED} "= c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{E283E561-DA89-44F0-8794-7E85C394FB70} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CDA1540-D815-4408-85F2-3E4FE30869EB} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBB08572-4469-47CD-BCF9-BF742B96CFF5} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3F3DE73F-49E8-4FFB-BC15-478A00F1804B} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B313917F-2211-460D-995A-CCF73222D343} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{16A80B66-F55E-4C3C-8370-E5DC0AA161C4} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1202B4E6-10C1-4CB3-94AF-81574F0BAE1F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{13A2E39A-C942-484D-9911-69E4C13A66DA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{5C643959-2537-4845-A2A3-1A3E3AC92D51} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{35F32DD3-A37E-4B33-B04C-4E3F07E9595E} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{04D188B1-5188-4E16-A123-E48DA6C0E1CA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{55F15F8C-3319-427B-9F8B-025F3A696A91} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{47631B7A-C95A-4FFB-9707-7FB64899F53F} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{7859529B-A8BE-4BD2-BC93-8D37E81B13A8} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{4BE4F46B-762C-4313-B033-D9881B46098B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD15E66-730F-4B57-9EC6-32CE59D618BC} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{E4D5AAE5-8C21-4B04-AF87-4956408E3FB1} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{8D29B9F9-9C1D-4C06-9026-D7CAE2D19DB7} "= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B8C73D21-C69F-4157-BCBD-1AB02D9A77EA} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0D2846E0-8A95-487E-8347-AFE569E84FD7} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{D8127C7D-1DF7-410F-ACAE-BB0294EEFB5B} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{67048BF6-E925-4C49-8788-6F1DFD211233} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{6D6F74DD-2A49-4714-A207-D35B37F616B9} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{1B329A0C-19FE-41D4-9337-06D0DFFC0281} "= c:\program files\Skype\Phone\Skype.exe:Skype
"{0ADAEDD0-6B5E-48FB-9CF5-624951F5AAE1} "= UDP:c:\program files\AirPort\APAgent.exe:AirMac
"{8E1435BE-934F-41FF-8152-0D3FB2C2CC85} "= TCP:c:\program files\AirPort\APAgent.exe:AirMac
"{6BC7823A-52A5-486F-B63D-8C68123EFBC6} "= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe "= c:\program files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"c:\\Nexon\\Combat Arms\\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [4/29/2009 2:07 AM 172032]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/29/2008 6:52 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/29/2008 6:52 PM 234888]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [7/5/2006 6:40 AM 976768]
R3 wsvad_driver;WS Audio Device;c:\windows\System32\drivers\VirtualAudio.sys [12/20/2008 7:19 PM 16896]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe --> c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [?]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;d:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [3/25/2009 9:07 PM 2831232]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\System32\drivers\lmvac.sys [10/17/2008 10:42 PM 18912]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VMHybrid;VMHybrid service;c:\windows\System32\drivers\VMHybrid.sys [4/29/2009 8:28 AM 1060224]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\System32\drivers\xPADFL02.sys [5/16/2009 8:19 PM 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\NeroLiveEpgUpdate-Tyler-PC_Administrator.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 20:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: gametap.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1j5cbt3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chaosmachine420 · 2009/10/06

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-HijackThis - c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQCS3KSM\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 15:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,ed,40,8b,9f,f3,89,42,bf,04,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,e6,e8,77,5f,bd,73,4f,a8,4a,bf,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,ed,40,8b,9f,f3,89,42,bf,04,e1,\

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aif "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aifc "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.aiff "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.avi "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Paint.Picture "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.cda "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.cdda "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.HTM "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.HTM "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipa "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipg "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.ipsw "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\Alcohol.exe "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itb "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itdb "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itl "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itms "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.itpc "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "jpegfile "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m3u "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m3u8 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4a "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4b "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4p "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4r "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.m4v "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\Alcohol.exe "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.MHT "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.MHT "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.mp2 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.mp3 "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.pcast "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.pls "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "IE.AssocFile.URL "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.wav "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "iTunes.wave "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WAX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMD "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMS "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMV "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMZ "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WPL "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WVX "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:9e,4f,06,fa,60,a9,a8,5a,41,4a,94,7a,90,d5,16,e7,39,f6,6b,a2,28,d9,a4,
f8,62,6b,3d,99,5f,5f,d0,e2,da,b4,bf,f6,bf,cd,92,c0,17,49,a2,89,b1,81,fd,a6,\
"?? "=hex:88,f0,3d,74,67,f9,77,11,f5,60,4b,b2,f7,e8,4a,39

[HKEY_USERS\S-1-5-21-3822069708-126914075-1968375109-500\Software\SecuROM\License information*]
"datasecu "=hex:24,a5,8b,da,c2,91,41,c7,e5,ab,4b,bc,15,4c,6b,20,17,65,fe,3b,76,
f9,39,6c,30,74,d0,80,98,a8,36,94,e0,b4,6d,59,e9,81,55,b7,ad,f9,b3,2d,12,53,\
"rkeysecu "=hex:22,f9,52,9c,ee,d2,4d,5a,e2,af,d0,c4,0f,27,a7,c3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4612)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\SolidWorks\swScheduler\swBOEngine.exe
c:\program files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\inetsrv\w3wp.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-10-06 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 21:58
ComboFix2.txt 2009-10-06 11:01

Pre-Run: 20,954,169,344 bytes free
Post-Run: 21,749,338,112 bytes free

Current=2 Default=2 Failed=5 LastKnownGood=3 Sets=1,2,3,4,5
868 --- E O F --- 2009-10-06 07:57

Chaosmachine420 · 2009/10/06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:39 PM, on 10/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AirPort\APAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Curse\CurseClient.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AirMac Base Station Agent] "C:\Program Files\AirPort\APAgent.exe "
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CurseClient] D:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: ASUS
O4 - Global Startup: BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://www.gametap.com
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ASO3DiskOptimizer - Unknown owner - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe (file missing)
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16118 bytes

Log in or Sign up

Solved Virus Or Malware cant find or remove.

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Virus Or Malware cant find or remove.

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Chaosmachine420 Well-Known Member Thread Starter

Share This Page

Useful Searches