Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Help with infected computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 04-21-2009, 03:55 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 8
OS: vista 32bit home basic


Help with infected computer
Every few minutes it would open a random website in Internet Explorer, mainly a search engine or asking me to download something. Sometimes it would start a fake scan.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Alec at 15:57:02.47 on Tue 04/21/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3070.2062 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alec\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070821
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {b4acaaf3-b759-4b89-9472-7a6b3cd2b85e} - c:\windows\system32\begutomu.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [PlayNC Launcher]
uRun: [<NO NAME>]
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [zejusinomu] Rundll32.exe "c:\windows\system32\mozokake.dll",s
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [CPMabbbf36b] Rundll32.exe "c:\windows\system32\biheseya.dll",a
mRun: [a888c0f7] rundll32.exe "c:\windows\system32\jegugose.dll",b
mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wegame.lnk - c:\program files\wegame\wegame.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: avgwlntf - avgwlntf.dll
AppInit_DLLs: c:\windows\system32\hamirodu.dll c:\windows\system32\mabofozu.dll c:\windows\system32\biheseya.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\biheseya.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\biheseya.dll
LSA: Notification Packages = scecli c:\windows\system32\mabofozu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alec\appdata\roaming\mozilla\firefox\profiles\208c2st1.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\alec\appdata\roaming\mozilla\firefox\profiles\208c2st1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\users\alec\appdata\roaming\mozilla\firefox\profiles\208c2st1.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-21 64160]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2008-2-5 53768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-8-21 129832]

=============== Created Last 30 ================

2009-04-21 07:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-21 07:07 1,408,534 ---sh--- c:\windows\system32\esogugej.ini
2009-04-20 17:00 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 17:00 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 07:06 1,409,571 ---sh--- c:\windows\system32\oteleday.ini
2009-04-19 15:59 1,409,558 ---sh--- c:\windows\system32\irehogog.ini
2009-04-19 13:54 <DIR> --d----- c:\windows\uninstall
2009-04-19 13:20 <DIR> --d----- c:\program files\GCFScape
2009-04-19 10:35 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-18 14:44 <DIR> --d----- c:\program files\PokerStars
2009-04-18 14:25 <DIR> --d----- c:\program files\PokerStars.NET
2009-04-17 22:19 <DIR> --d----- c:\program files\EA GAMES
2009-04-16 02:56 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-16 02:56 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-16 02:56 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-14 13:17 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-12 21:50 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-12 21:50 1,409 a------- c:\windows\QTFont.for
2009-04-05 17:20 <DIR> --d----- c:\windows\system32\AGEIA
2009-04-05 17:20 801,312 a------- c:\windows\system32\nvcplui.exe
2009-04-05 17:20 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-05 17:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-04-05 17:16 <DIR> --d----- C:\NVIDIA

==================== Find3M ====================

2009-04-21 07:07 46,592 a--sh--- c:\windows\system32\dijuzihi.exe
2009-04-21 07:07 88,576 a--sh--- c:\windows\system32\biheseya.dll
2009-04-21 07:07 80,896 a--sh--- c:\windows\system32\jegugose.dll
2009-04-20 19:06 47,104 a--sh--- c:\windows\system32\kijafigo.exe
2009-04-20 07:07 50,688 a--sh--- c:\windows\system32\bewivupi.dll
2009-04-20 07:06 47,104 a--sh--- c:\windows\system32\fizefate.exe
2009-04-19 15:58 47,104 a--sh--- c:\windows\system32\hibopiro.exe
2009-04-05 17:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-05 17:20 51,200 a------- c:\windows\inf\infpub.dat
2009-04-05 17:20 86,016 a------- c:\windows\inf\infstor.dat
2009-03-21 19:12 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-12 20:01 138,696 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 20:01 201,816 a------- c:\windows\system32\PnkBstrB.exe
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 21:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-15 18:59 349 a------- c:\program files\INSTALL.LOG
2009-02-14 21:46 622 a---h--- C:\os604495.bin
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-11 22:30 22,328 a------- c:\users\alec\appdata\roaming\PnkBstrK.sys
2009-02-11 22:30 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-02-11 22:30 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-02-08 22:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-31 11:05 9,410 a------- c:\windows\system32\ealregsnapshot1.reg
2008-09-02 18:55 760 a------- c:\users\alec\appdata\roaming\wklnhst.dat
2008-07-30 14:06 96 a------- c:\users\alec\appdata\roaming\ce5b612b.dat
2008-06-11 03:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-25 16:34 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-12-18 12:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 08:46 10,960 a------- c:\program files\EULA.txt
2009-01-20 07:07 50,688 a--sh--- c:\windows\system32\begutomu.dll
2009-01-20 07:07 50,688 a--sh--- c:\windows\system32\mabofozu.dll
2009-01-20 07:07 50,688 a--sh--- c:\windows\system32\mozokake.dll

============= FINISH: 15:57:34.37 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 1 views)
al3c is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-22-2009, 11:47 AM   #2 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,273
OS: Windows 7 Premium x64

My System

Re: Help with infected computer
Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you thoughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
If we have helped you then please consider donating

Proud Member of ASAP & UNITE Since 2007
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-22-2009, 05:48 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 8
OS: vista 32bit home basic


Re: Help with infected computer
I ran Combofix and I have attached the log.

ComboFix 09-04-23.02 - Alec 04/22/2009 17:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3070.2072 [GMT -5:00]
Running from: c:\users\Alec\Downloads\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\system32\amejoyav.ini
c:\windows\system32\arepahaf.ini
c:\windows\system32\avizejuh.ini
c:\windows\system32\begutomu.dll
c:\windows\system32\bewivupi.dll
c:\windows\system32\biheseya.dll
c:\windows\system32\esogugej.ini
c:\windows\system32\fahapera.dll
c:\windows\system32\finegefo.dll
c:\windows\system32\hiwumeku.dll
c:\windows\system32\hujeziva.dll
c:\windows\system32\ibedeyom.ini
c:\windows\system32\irehogog.ini
c:\windows\system32\jegugose.dll
c:\windows\system32\jitodiyo.dll
c:\windows\system32\jureviji.dll
c:\windows\system32\liyobinu.dll
c:\windows\system32\mabofozu.dll
c:\windows\system32\makatizi.dll
c:\windows\system32\miyagame.dll
c:\windows\system32\moyedebi.dll
c:\windows\system32\mozokake.dll
c:\windows\system32\oteleday.ini
c:\windows\system32\oyidotij.ini
c:\windows\system32\satulosu.dll
c:\windows\system32\tisuleto.dll
c:\windows\system32\ukemuwih.ini
c:\windows\system32\unukiley.ini
c:\windows\system32\vayojema.dll
c:\windows\system32\yelikunu.dll
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 12:39 . 2009-04-21 12:39 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-21 00:22 . 2009-04-21 12:39 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-20 22:00 . 2009-04-20 22:00 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 22:00 . 2009-04-20 22:00 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-19 18:54 . 2009-04-19 18:56 -------- d-----w c:\windows\uninstall\Awakening of the Rebellion - Return of the Gameplay
2009-04-19 18:54 . 2009-04-19 18:54 -------- d-----w c:\windows\uninstall
2009-04-18 19:44 . 2009-04-18 19:45 -------- d-----w c:\users\Alec\AppData\Local\PokerStars
2009-04-16 07:56 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 07:56 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 07:56 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-13 02:50 . 2009-04-13 02:50 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-13 02:50 . 2009-04-13 02:50 1409 ----a-w c:\windows\QTFont.for
2009-04-05 22:20 . 2009-04-05 22:20 -------- d-----w c:\windows\system32\AGEIA
2009-04-05 22:20 . 2009-03-27 15:03 801312 ----a-w c:\windows\system32\nvcplui.exe
2009-04-05 22:20 . 2009-03-27 15:03 420384 ----a-w c:\windows\system32\nvcpl.cpl
2009-04-05 22:17 . 2009-03-27 13:14 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-05 22:16 . 2009-04-05 22:16 -------- d-----w C:\NVIDIA
2009-04-05 21:18 . 2009-04-21 00:27 1100 ----a-w c:\users\Alec\AppData\Local\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 22:55 . 2009-02-15 03:20 -------- d-----w c:\users\Alec\AppData\Roaming\DNA
2009-04-22 22:55 . 2009-02-15 03:20 -------- d-----w c:\program files\DNA
2009-04-22 22:21 . 2008-07-09 18:24 -------- d-----w c:\programdata\Google Updater
2009-04-22 15:02 . 2009-01-22 15:02 46592 --sha-w c:\windows\System32\kokudive.exe
2009-04-22 13:57 . 2009-01-22 13:57 46592 --sha-w c:\windows\System32\wetudave.exe
2009-04-22 13:34 . 2009-01-22 13:34 46592 --sha-w c:\windows\System32\zelewehe.exe
2009-04-22 13:12 . 2009-01-22 13:12 46592 --sha-w c:\windows\System32\kudavori.exe
2009-04-22 12:49 . 2009-01-22 12:49 46592 --sha-w c:\windows\System32\vupesasu.exe
2009-04-22 12:27 . 2009-01-22 12:27 46592 --sha-w c:\windows\System32\pipeyisi.exe
2009-04-22 00:07 . 2009-01-22 00:07 47616 --sha-w c:\windows\System32\sohafafe.exe
2009-04-21 21:54 . 2008-01-01 05:19 -------- d-----w c:\users\Alec\AppData\Roaming\Xfire
2009-04-21 20:27 . 2008-12-20 18:53 -------- d-----w c:\users\Alec\AppData\Roaming\uTorrent
2009-04-21 12:51 . 2007-10-02 09:36 -------- d-----w c:\users\Alec\AppData\Roaming\AVG7
2009-04-21 12:07 . 2009-01-21 12:07 46592 --sha-w c:\windows\System32\dijuzihi.exe
2009-04-21 00:33 . 2007-09-01 08:54 -------- d-----w c:\program files\Steam
2009-04-21 00:06 . 2009-01-21 00:06 47104 --sha-w c:\windows\System32\kijafigo.exe
2009-04-20 22:00 . 2008-03-13 07:20 -------- d-----w c:\program files\Lavasoft
2009-04-20 12:06 . 2009-01-20 12:06 47104 --sha-w c:\windows\System32\fizefate.exe
2009-04-19 22:47 . 2007-09-02 07:30 -------- d-----w c:\program files\Common Files\Steam
2009-04-19 20:58 . 2009-01-19 20:58 47104 --sha-w c:\windows\System32\hibopiro.exe
2009-04-19 20:22 . 2007-08-21 13:38 -------- d-----w c:\program files\Google
2009-04-19 18:41 . 2009-04-19 18:20 -------- d-----w c:\program files\GCFScape
2009-04-19 15:35 . 2008-06-16 03:36 -------- d-----w c:\program files\DivX
2009-04-19 15:35 . 2009-04-19 15:35 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-18 20:25 . 2008-09-07 06:27 -------- d-----w c:\programdata\Electronic Arts
2009-04-18 20:24 . 2008-04-01 23:44 -------- d-----w c:\program files\Electronic Arts
2009-04-18 19:45 . 2009-04-18 19:25 -------- d-----w c:\program files\PokerStars.NET
2009-04-18 19:44 . 2009-04-18 19:44 -------- d-----w c:\program files\PokerStars
2009-04-18 03:19 . 2009-04-18 03:19 -------- d-----w c:\program files\EA GAMES
2009-04-18 03:19 . 2007-08-21 13:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 04:50 . 2008-01-01 05:18 -------- d-----w c:\programdata\Xfire
2009-04-16 21:48 . 2008-01-01 05:18 -------- d-s---w c:\program files\Xfire
2009-04-16 08:16 . 2009-02-25 23:03 -------- d-----w c:\program files\WeGame
2009-04-13 19:00 . 2008-07-02 18:59 268 ---ha-w C:\sqmdata17.sqm
2009-04-13 19:00 . 2008-07-02 18:58 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-12 15:02 . 2008-07-02 16:41 268 ---ha-w C:\sqmdata16.sqm
2009-04-12 15:02 . 2008-07-02 16:41 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-09 14:45 . 2008-02-05 22:00 -------- d-----w c:\users\Alec\AppData\Roaming\gtk-2.0
2009-04-07 03:11 . 2008-04-06 22:08 -------- d--h--w c:\program files\InstallJammer Registry
2009-04-05 22:30 . 2007-09-02 09:32 -------- d-----w c:\programdata\NVIDIA
2009-04-05 22:23 . 2007-09-02 23:09 -------- d-----w c:\users\Alec\AppData\Roaming\Ventrilo
2009-04-05 22:23 . 2007-10-02 09:35 -------- d-----w c:\programdata\avg7
2009-04-05 22:21 . 2007-11-18 17:30 -------- d-----w c:\program files\AGEIA Technologies
2009-04-05 22:20 . 2007-09-02 23:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-05 22:20 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-05 22:20 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-05 22:20 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-05 22:18 . 2007-09-27 04:48 8944 ----a-w c:\users\Alec\AppData\Local\d3d9caps.dat
2009-03-28 00:25 . 2008-06-17 21:05 268 ---ha-w C:\sqmdata15.sqm
2009-03-28 00:25 . 2008-06-17 21:05 244 ---ha-w C:\sqmnoopt15.sqm
2009-03-22 00:48 . 2009-03-22 00:13 -------- d-----w c:\users\Alec\AppData\Roaming\Hamachi
2009-03-22 00:34 . 2008-02-11 22:30 -------- d-----w c:\program files\Stardock
2009-03-22 00:13 . 2009-03-22 00:12 -------- d-----w c:\program files\Hamachi
2009-03-22 00:12 . 2009-03-22 00:12 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-22 00:08 . 2009-03-22 00:07 -------- dc-h--w c:\programdata\{3324F7A6-7151-481D-8C80-99FEE7AFB967}
2009-03-18 20:14 . 2009-03-18 20:14 -------- d-----w c:\program files\Microsoft LifeChat
2009-03-17 03:38 . 2009-04-16 07:55 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 07:55 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 07:55 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-13 01:01 . 2008-01-01 07:07 138696 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-13 01:01 . 2008-01-01 07:07 201816 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-08 16:35 . 2009-03-08 16:35 -------- d-----w c:\users\Alec\AppData\Roaming\Blender Foundation
2009-03-08 16:35 . 2009-03-08 16:35 -------- d-----w c:\programdata\Blender Foundation
2009-03-08 16:27 . 2009-03-08 16:27 -------- d-----w c:\program files\Blender Foundation
2009-03-03 04:46 . 2009-04-16 07:55 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 07:55 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 07:55 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 07:55 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 07:55 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 07:55 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 07:55 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 07:55 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 07:55 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 07:55 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 07:55 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 07:55 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 07:55 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-22 01:35 . 2007-09-02 09:19 -------- d-----w c:\programdata\Media Center Programs
2009-02-15 19:58 . 2007-09-02 04:25 99944 ----a-w c:\users\Alec\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-15 02:46 . 2009-02-12 22:40 622 ---ha-w C:\os604495.bin
2009-02-13 08:49 . 2009-04-16 07:55 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 07:55 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-12 03:30 . 2008-06-25 01:52 22328 ----a-w c:\users\Alec\AppData\Roaming\PnkBstrK.sys
2009-02-12 03:30 . 2008-06-25 01:52 2246144 ----a-w c:\windows\System32\pbsvc.exe
2009-02-12 03:30 . 2008-01-01 07:07 66872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-09 03:10 . 2009-03-11 08:05 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-31 16:05 . 2008-09-07 06:27 9410 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-09-02 23:55 . 2007-09-02 19:14 760 ----a-w c:\users\Alec\AppData\Roaming\wklnhst.dat
2008-07-30 19:06 . 2008-07-30 19:06 96 ----a-w c:\users\Alec\AppData\Roaming\ce5b612b.dat
2008-06-25 05:23 . 2008-06-25 05:23 92 ----a-w c:\users\Alec\AppData\Local\fusioncache.dat
2008-05-25 21:34 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2003-12-18 17:33 . 2009-02-15 23:59 20102 ----a-w c:\program files\Readme.txt
2003-09-03 13:46 . 2009-02-15 23:59 10960 ----a-w c:\program files\EULA.txt
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-19 20:52 . 2009-01-19 20:52 49664 --sha-w c:\windows\System32\metibahe.dll.tmp
2009-01-19 20:52 . 2009-01-19 20:52 49664 --sha-w c:\windows\System32\tefifohi.dll.tmp
2009-01-19 20:52 . 2009-01-19 20:52 49664 --sha-w c:\windows\System32\zijaputa.dll.tmp
2007-08-21 21:02 . 2007-08-21 21:01 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-15 342848]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-21 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-05 219136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2009-2-25 4316160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-02-05 05:09 9216 ----a-w c:\windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alec^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Alec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C29573B0-385D-432D-B7B9-8472626D743A}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{20AE6173-3728-461B-8EEC-086BEF0415C4}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{F324D86D-56F3-4769-B997-DE5B076CDD07}"= UDP:c:\program files\THQ\Company of Heroes - Opposing Fronts MP Beta\RelicCOH.exe:Company of Heroes - Opposing Fronts Beta
"{EB8F3C1F-E94E-4FDB-8AC6-C8DE3344216D}"= TCP:c:\program files\THQ\Company of Heroes - Opposing Fronts MP Beta\RelicCOH.exe:Company of Heroes - Opposing Fronts Beta
"TCP Query User{4CB17462-AB6E-42EE-AE81-D436E2DA1DD5}c:\\program files\\steam\\steamapps\\beebran22@hotmail.com\\half-life 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@hotmail.com\half-life 2\hl2.exe:hl2
"UDP Query User{2DE63F2F-2B2C-40F6-8AC3-90DE34183C2E}c:\\program files\\steam\\steamapps\\beebran22@hotmail.com\\half-life 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@hotmail.com\half-life 2\hl2.exe:hl2
"TCP Query User{97CA384C-8BAD-4ECB-AF10-EB3D4D4B9EDD}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{B59614F7-B8E6-44E2-990D-0A4A036195E3}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life\hl.exe:Half-Life Launcher
"{9EF7339A-E117-471D-97F0-4C2E41DB9CB6}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5943715E-0F8E-4F08-910C-2E0B302D75F1}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{37C63933-E751-4E15-9F68-0298D530C70B}c:\\program files\\pando networks\\pando\\pando.exe"= UDP:c:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{C44FE826-0C2E-4A20-81C4-DE9ADDC2B121}c:\\program files\\pando networks\\pando\\pando.exe"= TCP:c:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{78E840EA-1F95-4B62-8A5E-03D57F60C6C3}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{7582747B-4E49-47BE-9654-312C1AD96DA4}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{BAADD6EC-CCEC-4ED7-9679-24F7EF60CAAB}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{1C21AE27-A623-48B5-9441-7A62CD51E5DD}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{3A04A5A1-5C20-4D45-827F-47DB42D64D5D}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{1B1F7062-BB3E-4D9C-9780-3DF064E398F9}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{844A54B3-AE43-4FDD-89DB-0C6CFFFDD84A}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{0DEB997B-59CA-4051-ADAF-1524FADE1779}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{0B999AED-851E-45D2-BD33-CEECAFFFF7DA}c:\\program files\\ea games\\ultima online kingdom reborn\\abyss.exe"= UDP:c:\program files\ea games\ultima online kingdom reborn\abyss.exe:ABYSS
"UDP Query User{69F47A3C-8F6D-4E18-B824-69CDEC1C6243}c:\\program files\\ea games\\ultima online kingdom reborn\\abyss.exe"= TCP:c:\program files\ea games\ultima online kingdom reborn\abyss.exe:ABYSS
"TCP Query User{9603ECD4-063C-4953-AA66-1504C2E7245F}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C4B79351-0DAD-4837-9D59-94C009C32C12}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{DE57E2E5-F14E-40DD-A476-8184AC9538C7}c:\\program files\\ea games\\ultima online mondain's legacy\\client.exe"= UDP:c:\program files\ea games\ultima online mondain's legacy\client.exe:Ultima Online Client
"UDP Query User{A09FC21F-BD23-4472-848F-A3DCEABDF2DD}c:\\program files\\ea games\\ultima online mondain's legacy\\client.exe"= TCP:c:\program files\ea games\ultima online mondain's legacy\client.exe:Ultima Online Client
"TCP Query User{6D09B79F-C580-4EF6-B528-F69791073968}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\source dedicated server\srcds.exe:srcds
"UDP Query User{32EEB5ED-76F3-48D0-B55E-EE14148C5A80}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\source dedicated server\srcds.exe:srcds
"TCP Query User{79E7D05E-7E81-40DA-812C-2E414E1B2AC0}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{8C5A6879-05AD-4EEA-A7BF-7DCECD37A32E}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"{49DD4EA0-8A1C-457D-81C6-FC8A831047B6}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{7C3D794B-1659-40DE-9795-8D839B19B27E}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{8A3FE58D-6DDE-4BF0-85CA-945FD33D713A}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"UDP Query User{9054A88B-9B41-4CB8-87E8-21A7DCC7CB8F}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"TCP Query User{078F87A2-0F59-47D9-AFEB-6F99A380C0E1}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DA65E370-B7D4-4FF8-B258-17A8C4490BDD}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{BC94A3CA-6136-4DE9-8714-4AD5AE822642}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{72F9B791-9410-4E76-8DC3-55AF44847A4A}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{FE5D0FA8-389F-4FC3-B845-A874F9135A8E}c:\\program files\\sierra\\homeworld2 demo\\bin\\release\\homeworld2.exe"= UDP:c:\program files\sierra\homeworld2 demo\bin\release\homeworld2.exe:Homeworld2
"UDP Query User{F2CDE1F9-E043-428D-BE85-DA9519BE669C}c:\\program files\\sierra\\homeworld2 demo\\bin\\release\\homeworld2.exe"= TCP:c:\program files\sierra\homeworld2 demo\bin\release\homeworld2.exe:Homeworld2
"{2FB52B9E-00F3-425D-BA97-F56E083C34FB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{AEA4B46F-10EA-4EBC-A340-88BE356B411D}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{946FFB83-FA1D-453C-AF48-F5C9CDA8F15E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{B8A2836C-2F5A-4285-BCBA-64E6FD411B1C}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{59399306-5069-474B-8139-FC6461AE5629}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{CD072C9C-59E6-4658-91B6-56865555A574}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= UDP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"UDP Query User{47E75FE5-0478-4BFF-B769-EDA02409D23D}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= TCP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"TCP Query User{AACD7762-4016-4F85-960F-2F8D657FCC9C}c:\\games\\btrl\\demo\\fs2_open_3_6_9.exe"= UDP:c:\games\btrl\demo\fs2_open_3_6_9.exe:FreeSpace
"UDP Query User{7733E446-B159-4083-BB2A-9A17F08FBA6A}c:\\games\\btrl\\demo\\fs2_open_3_6_9.exe"= TCP:c:\games\btrl\demo\fs2_open_3_6_9.exe:FreeSpace
"TCP Query User{1F269CDC-8D6E-4A26-911B-6C898C24EC71}c:\\program files\\palestar\\darkspace\\localserver.exe"= UDP:c:\program files\palestar\darkspace\localserver.exe:LocalServer
"UDP Query User{71055BFA-DB40-425E-91CC-F882E7A5AA2A}c:\\program files\\palestar\\darkspace\\localserver.exe"= TCP:c:\program files\palestar\darkspace\localserver.exe:LocalServer
"TCP Query User{3C8ED003-979D-4767-83F2-6D906CFE18F3}c:\\program files\\palestar\\darkspace\\editor.exe"= UDP:c:\program files\palestar\darkspace\editor.exe:Editor
"UDP Query User{BB5A31D1-0BF9-44B7-A7C0-4860EEE71491}c:\\program files\\palestar\\darkspace\\editor.exe"= TCP:c:\program files\palestar\darkspace\editor.exe:Editor
"TCP Query User{1CDCF6FA-B1FD-4422-BC56-5791B0B4D342}c:\\program files\\sierra online\\battlestar galactica\\bsg.exe"= UDP:c:\program files\sierra online\battlestar galactica\bsg.exe:Battlestar Galactica
"UDP Query User{954CFB5C-D623-492C-8C97-64054ADE07A4}c:\\program files\\sierra online\\battlestar galactica\\bsg.exe"= TCP:c:\program files\sierra online\battlestar galactica\bsg.exe:Battlestar Galactica
"TCP Query User{93994602-C4CB-4890-96DC-D0DAB285653C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B861ABC4-9395-46A9-B5A6-25E1E2FDD6F6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{99C5D920-EEA8-4B3B-8EC0-064CFE3A1E0F}c:\\program files\\spring\\tasclient.exe"= UDP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"UDP Query User{A6B77E20-CEAB-4810-AEF2-5F69579E84A6}c:\\program files\\spring\\tasclient.exe"= TCP:c:\program files\spring\tasclient.exe:TA Spring lobby client
"TCP Query User{B6A6E8F5-8381-4A63-9B52-6148F01A4FBE}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{BB6B9DA2-227B-4448-A991-9CF1C835869B}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{6A7A3214-C3D9-46C4-8583-5810CDD92A7B}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\day of defeat source\hl2.exe:hl2
"UDP Query User{3E6825D2-018F-40F8-8294-C0D3B7245C49}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\day of defeat source\hl2.exe:hl2
"TCP Query User{14EA9450-28B5-4D13-B1F3-7E9D1D80E888}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{DA6C7533-F423-4659-8099-C9C5ADBD8BFC}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{66532597-B133-4B71-AB1F-9D00EC523955}c:\\users\\alec\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v60664c46\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:c:\users\alec\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"UDP Query User{722BCB80-CE63-4BA9-8C61-37A85339067B}c:\\users\\alec\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v60664c46\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:c:\users\alec\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
"{1B91665B-8D73-493D-8A40-7116576D7270}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{85B4E606-151C-4BE1-82EE-A158AAC0DFD6}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{7BB89D9A-2C31-4575-AD24-4C424FAEEC55}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{1BD0CE78-3CEF-403D-B341-23AA418A41BA}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{0CB403F3-1E85-4425-BC6F-D7E05ACE086C}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{3F2E24A6-9A18-4ABB-8EDF-E4F579BE78B0}"= UDP:c:\program files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{8EF2F765-4436-41F9-A395-4ED4B999BA92}"= TCP:c:\program files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{CCF15168-7564-408E-B71B-BC6AC45013C7}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{69B33C67-2F31-4D6C-B50E-ED0FB9DECEF9}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{C66EF532-E215-4453-84D7-3640C36C1360}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{B342379C-1A45-4025-8640-7CE3E9C93D0A}"= UDP:c:\program files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:Age of Empires III - The WarChiefs Trial
"{1A6923D1-5CF7-4C18-B00D-5243A01DD50A}"= TCP:c:\program files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:Age of Empires III - The WarChiefs Trial
"{8786BAAD-BC8D-48F5-A001-781A01BC1A26}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9111C262-ED2D-49C3-8C70-A6A023B8F581}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8E78330F-A9D6-4C05-A314-7D412CB6E4AF}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{25598C9F-F0B6-4502-8929-2488CD0986D0}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{44066A1F-2A39-4F1E-8263-09BDEC6F8986}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{78AD6F84-4AE6-402E-B7AC-31743E3E8E28}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{EBD7D187-2E90-4A95-A8EF-B2A58664DC7E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9D34D6C8-7EC3-4609-A405-41B457294BCD}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{0211A2D6-88BB-47C0-8C9D-DBB83C8DC1C4}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{5D3865A4-E6EC-4E17-A506-0DF625098A87}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{F7170004-8F6F-4712-AD5B-17BBA399AA6D}c:\\users\\alec\\desktop\\sandbox2.1\\bin\\sandbox.exe"= UDP:c:\users\alec\desktop\sandbox2.1\bin\sandbox.exe:sandbox.exe
"UDP Query User{3E878D2D-E8B1-4399-81F1-25CD14063C08}c:\\users\\alec\\desktop\\sandbox2.1\\bin\\sandbox.exe"= TCP:c:\users\alec\desktop\sandbox2.1\bin\sandbox.exe:sandbox.exe
"{96D3CF01-1388-452A-90EA-19D46525B139}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{8016D913-1F44-4E1B-B0F0-ADC75C151EC6}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{027B48A1-79F5-4100-9622-66A32D2AD857}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{54CCE2A1-7410-4D0D-9B5B-FD777AA6B621}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{71CA0763-8784-475A-8AB5-82A870A25189}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{3EF7AC9B-3C10-48C0-90BB-E83D41028C32}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{15E68316-1FF8-40BC-8E90-9B5942B53746}c:\\program files\\steam\\steamapps\\common\\battlestations midway multiplayer demo\\battlestationsmidway.exe"= UDP:c:\program files\steam\steamapps\common\battlestations midway multiplayer demo\battlestationsmidway.exe:Battlestationsmidway
"UDP Query User{9885FDAB-2884-4766-9BA8-66FB468B8154}c:\\program files\\steam\\steamapps\\common\\battlestations midway multiplayer demo\\battlestationsmidway.exe"= TCP:c:\program files\steam\steamapps\common\battlestations midway multiplayer demo\battlestationsmidway.exe:Battlestationsmidway
"TCP Query User{6C014839-80DA-43FE-AFE0-255A9EC2BD75}c:\\users\\alec\\desktop\\ci.exe"= UDP:c:\users\alec\desktop\ci.exe:ci.exe
"UDP Query User{41D255C2-5789-4A52-8018-E849B0D8D08A}c:\\users\\alec\\desktop\\ci.exe"= TCP:c:\users\alec\desktop\ci.exe:ci.exe
"TCP Query User{7813E020-6732-4B6E-972C-81BD6952B7B8}c:\\program files\\thq\\company of heroes\\archive.exe"= UDP:c:\program files\thq\company of heroes\archive.exe:Archive
"UDP Query User{A4D120C6-0C83-4F81-AD46-D7937C41E37F}c:\\program files\\thq\\company of heroes\\archive.exe"= TCP:c:\program files\thq\company of heroes\archive.exe:Archive
"TCP Query User{7FE21068-AA00-489D-9F4E-D42D39C0F6B4}c:\\program files\\vega strike\\vegastrike-0.5.0\\bin\\vegaserver.exe"= UDP:c:\program files\vega strike\vegastrike-0.5.0\bin\vegaserver.exe:Vega Strike standalone server
"UDP Query User{7CB39F12-6490-4114-8F79-809C5BB1270C}c:\\program files\\vega strike\\vegastrike-0.5.0\\bin\\vegaserver.exe"= TCP:c:\program files\vega strike\vegastrike-0.5.0\bin\vegaserver.exe:Vega Strike standalone server
"TCP Query User{2D627983-16C4-4771-A557-BAAF5AC74292}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{B48079E8-49FA-4013-8549-A90330AFD585}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{0E38A3DE-E733-442B-9A49-A31759A3CA6F}c:\\users\\alec\\downloads\\svencoop30full.exe"= UDP:c:\users\alec\downloads\svencoop30full.exe:svencoop30full.exe
"UDP Query User{03075E4F-4AD6-4180-8149-7942222072B9}c:\\users\\alec\\downloads\\svencoop30full.exe"= TCP:c:\users\alec\downloads\svencoop30full.exe:svencoop30full.exe
"TCP Query User{C64C3B52-A786-4745-B32B-E70FEE8EA113}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\opposing force\\hl.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{AC5C8335-39A5-4223-A035-C6C31AAC82D0}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\opposing force\\hl.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\opposing force\hl.exe:Half-Life Launcher
"TCP Query User{5B14F864-9DCD-40B6-B2FA-B04FB9C46535}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{F1AE9550-7874-432C-B78D-7896F0AD3C11}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\dedicated server\hlds.exe:HLDS Launcher
"{EF66B292-27C3-431C-8BF5-2BB85A401F91}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F89DEB0A-2CEF-48FC-A5A3-F06A492FA952}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{62A4A13D-A007-4F54-9E4F-6EC278F30357}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{852A2717-259D-4967-B331-3FAD16A0846C}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{792E30D9-DAAA-4BC1-BBBF-5145DD85D217}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{83E355EC-F411-4CA9-A53C-FC732460BB62}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{A72C4E91-E877-42B2-BEBD-A4A1DC2453F1}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\synergy\hl2.exe:hl2
"UDP Query User{67F85CB5-A8F5-4BBD-871E-C55640FA991F}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\synergy\hl2.exe:hl2
"TCP Query User{A1EB5DD4-2260-4249-8340-20201CB1EBAD}c:\\program files\\d-day normandy\\egl.exe"= UDP:c:\program files\d-day normandy\egl.exe:egl
"UDP Query User{820D174C-B4EA-4D4A-8EC6-73E74C859534}c:\\program files\\d-day normandy\\egl.exe"= TCP:c:\program files\d-day normandy\egl.exe:egl
"TCP Query User{552BCC99-8EBC-4E1F-B9AF-628B423DD3A7}c:\\program files\\d-day normandy\\quake2.exe"= UDP:c:\program files\d-day normandy\quake2.exe:quake2
"UDP Query User{51134D48-905E-4D7C-AA84-393C49244666}c:\\program files\\d-day normandy\\quake2.exe"= TCP:c:\program files\d-day normandy\quake2.exe:quake2
"TCP Query User{FF1B55FA-4414-484C-B5CD-C2062C114B4A}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{C12C2E00-4BD5-4F57-B096-9C9BAEF765BF}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{EB9D1C8D-3D8B-428A-B2AB-78EDC8F3A3AE}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\age of chivalry\hl2.exe:hl2
"UDP Query User{9E6B09C1-3365-4DF4-BD36-29943AF3D9A0}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\age of chivalry\hl2.exe:hl2
"TCP Query User{28B9B161-1FC1-4129-AB99-561D6AE61333}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5185BA1C-5BB2-4ED0-AAB1-36913196E7BB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2AE67A71-6A9A-414B-B4BD-E21DA94EFCCF}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{11F1B6DC-733C-4AA8-AF84-19B95FEC8F83}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"TCP Query User{1FF42F28-0ABE-411C-89C7-1EBAC875E5C4}c:\\program files\\pure\\spring.exe"= UDP:c:\program files\pure\spring.exe:spring
"UDP Query User{94AC28A1-7C24-4235-A6EC-7ED796AADADA}c:\\program files\\pure\\spring.exe"= TCP:c:\program files\pure\spring.exe:spring
"{1DAFF1D3-69CD-4591-9C7E-214EBD618863}"= UDP:c:\program files\CrosuS\CrosuSApp.exe:Crosus
"{6CF4928D-BADA-499C-B92B-F76F7FE6EED8}"= TCP:c:\program files\CrosuS\CrosuSApp.exe:Crosus
"{DC3A189F-E058-4712-A0D5-C3D25432C7ED}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{25FA4AE1-7E9E-43E8-8D15-87376006CA23}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{582F1926-493D-44E3-A1AF-9A783CDC9FE9}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{1B053361-05B4-493A-A65D-B1E9CD0DBEC5}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{FECD3811-C79A-4832-9B4C-75A741BD919E}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\counter-strike source\hl2.exe:hl2
"UDP Query User{B83BC5FD-098D-4C57-9D82-65EC3E8B80C7}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\counter-strike source\hl2.exe:hl2
"TCP Query User{7E173DFB-712A-4601-91ED-A3035177DE5E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{5B209EA6-DA5D-48BD-9E67-5C7E5998BF5C}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{10EE71EA-819C-4C1C-952A-A560FBE31C8E}"= UDP:20727:BitComet 20727 TCP
"{B0EADB27-708D-45A3-B8EC-5DC4A0E20D91}"= TCP:20727:BitComet 20727 UDP
"TCP Query User{27325482-4E6B-4317-9DED-2EF314C10655}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A0A19F47-21CC-4238-BBA5-95CFADAFC9A0}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{42998021-5602-4179-89E5-0DA56EFA805B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{DFAB3CB6-0E19-46EC-BE17-CFB5DE6C88CB}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{0C3A5F7A-E06C-4B9A-B38D-A8A1B219D996}c:\\program files\\lucasarts\\star wars galactic battlegrounds trial\\game\\battlegrounds_trial.exe"= UDP:c:\program files\lucasarts\star wars galactic battlegrounds trial\game\battlegrounds_trial.exe:Star Wars Galactic Battlegrounds
"UDP Query User{14CB4DDC-8C83-4933-B1B5-E6143314DCAD}c:\\program files\\lucasarts\\star wars galactic battlegrounds trial\\game\\battlegrounds_trial.exe"= TCP:c:\program files\lucasarts\star wars galactic battlegrounds trial\game\battlegrounds_trial.exe:Star Wars Galactic Battlegrounds
"{273F6914-212A-4E5A-9244-68CB507BE2E5}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{E610FD75-DF5B-4B62-9975-CEFD26BBD66E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{72D9588B-C59F-45DD-9368-076324107701}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{CEBB5F00-53B8-4E8D-AD3A-FC19ACEECBD2}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9AF61012-EC3F-4A0A-90AA-E8DF50E03B49}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{08A2D3E3-827C-4BCF-8D0A-8E56BFC24D8C}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"TCP Query User{AE75D6CB-D26E-4B37-9E26-21FAEF8EA6D1}c:\\program files\\sega\\medieval ii total war\\medieval2.exe"= UDP:c:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War
"UDP Query User{FA9AAD51-D047-44D9-9F59-EB3CA03E2BBD}c:\\program files\\sega\\medieval ii total war\\medieval2.exe"= TCP:c:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War
"TCP Query User{882444B4-2E96-40A4-9DA9-4585F2D0352B}c:\\program files\\sega\\medieval ii total war\\kingdoms.exe"= UDP:c:\program files\sega\medieval ii total war\kingdoms.exe:Medieval 2 Total War: Kingdoms
"UDP Query User{0D493B88-BD44-4E86-9686-01EA1B345102}c:\\program files\\sega\\medieval ii total war\\kingdoms.exe"= TCP:c:\program files\sega\medieval ii total war\kingdoms.exe:Medieval 2 Total War: Kingdoms
"TCP Query User{5252FF6A-215B-4280-A486-B20F6472C5F6}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\source sdk base 2007\hl2.exe:hl2
"UDP Query User{89448274-030D-4339-98C0-11A4B2DE63AF}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\source sdk base 2007\hl2.exe:hl2
"TCP Query User{A4B57CB0-4B31-4769-94B1-601801081EF3}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{6B742301-EC49-4F23-ACE2-FB806D42DB28}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{E6B3DD0E-0C6B-4486-A67B-C99BFA8C4966}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{9616AC83-C921-48FE-95C1-AA97C78BD1D9}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\half-life\hl.exe:Half-Life Launcher
"TCP Query User{8AE92A52-838A-4919-9DEE-CE9B6006D129}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C0428A2E-9DFF-4C2B-925C-0EF2665E51E4}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{2BB7DF74-05CE-458A-AD08-CD8F58CAC02A}c:\\program files\\ubisoft\\far cry 2\\bin\\fc2editor.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\fc2editor.exe:Far Cry 2 Map Editor
"UDP Query User{50A3FB05-87B2-40B2-AB0A-4B709B51F186}c:\\program files\\ubisoft\\far cry 2\\bin\\fc2editor.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\fc2editor.exe:Far Cry 2 Map Editor
"TCP Query User{847966BB-AEA4-4DD3-80DF-0AB704A9CA1A}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{BEC98ABB-3F38-4DCF-BCFD-C80FA0041D9B}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"TCP Query User{5B3E661C-147D-4541-A997-8C744D1F5C76}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2ED0ADB0-95F3-47DB-9124-34492A6AF3D1}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{82CDFE50-5C99-4800-96DF-CD1F75BA269F}c:\\program files\\the babylon project\\fs2_open_3_6_9.exe"= UDP:c:\program files\the babylon project\fs2_open_3_6_9.exe:FreeSpace
"UDP Query User{E89B2110-14A4-41A9-9303-33187DDD207E}c:\\program files\\the babylon project\\fs2_open_3_6_9.exe"= TCP:c:\program files\the babylon project\fs2_open_3_6_9.exe:FreeSpace
"{3B0C4A24-DD49-420F-9C4A-74FE51A7955B}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{BCFD9760-776A-4596-91D3-544093F52A66}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"TCP Query User{25C10610-7ECC-4C32-9EE1-2FAAC9F9F74D}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\source sdk base 2007\hl2.exe:hl2
"UDP Query User{393E2D8A-20C2-41D7-AAF6-1F64E5EA4A2B}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\source sdk base 2007\hl2.exe:hl2
"TCP Query User{7B45C459-8CB9-49A9-BA58-764F8C7DBAEB}c:\\program files\\spring\\spring.exe"= UDP:c:\program files\spring\spring.exe:spring
"UDP Query User{7B64C11F-62B0-4DB2-B629-71234C1DC7BF}c:\\program files\\spring\\spring.exe"= TCP:c:\program files\spring\spring.exe:spring
"TCP Query User{E98CA304-23F7-4B60-AA4A-CE611CC98BA1}c:\\program files\\spring\\springdownloader.exe"= UDP:c:\program files\spring\springdownloader.exe:SpringDownloader
"UDP Query User{6E9A30C4-45E5-4593-80A0-6A872F593523}c:\\program files\\spring\\springdownloader.exe"= TCP:c:\program files\spring\springdownloader.exe:SpringDownloader
"TCP Query User{C1E2D838-E621-4767-BDA4-2D678001D53E}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= UDP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"UDP Query User{97BF8894-AD3C-423F-81BD-E95B72D26FD7}c:\\program files\\steam\\steamapps\\common\\warhammer 40,000 dawn of war ii - beta\\dow2.exe"= TCP:c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe:DOW2
"{283B4691-4660-46A6-8F07-447E1DF2EF90}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{20C4DF86-35C5-4D11-8E49-9576F396F836}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{45A4E07C-E371-4EFD-986A-92E92C609A9A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{5E1C1B75-4888-4049-9D15-2CE20D80824A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BAB282DB-C4D5-4A65-8BA8-1A2BBC09224E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{ABD217B1-94DA-4350-8F0A-C3E1EF6D56F1}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{FDFB5824-E5B5-43A3-9D11-3B0FE7C7C1F0}c:\\program files\\warcraft iii demo\\war3demo.exe"= UDP:c:\program files\warcraft iii demo\war3demo.exe:Warcraft III Demo
"UDP Query User{A2E60F82-0A2A-4E38-90E8-B9AAA0510363}c:\\program files\\warcraft iii demo\\war3demo.exe"= TCP:c:\program files\warcraft iii demo\war3demo.exe:Warcraft III Demo
"{AE406FB8-EB55-450A-BAAA-9C0D6E5CA6F2}"= UDP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"{AC59AC46-AE37-4E19-AC62-F9921DB76C3F}"= TCP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"TCP Query User{DB2582E9-817C-426E-A7F5-6F3FC28E5FAA}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{1C0AD30F-BA1D-4F2B-AD19-14F89F238C55}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{4E4597E2-46F0-4923-80D9-7A75EBFC6038}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\dystopia\hl2.exe:hl2
"UDP Query User{9593EFE4-1D3D-4501-BD92-D546C4CE0ABA}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\dystopia\hl2.exe:hl2
"{09915BB0-29D3-4FFD-8FED-7BE0245D5C7E}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{4E13A518-3C9A-4F24-A61B-189C4F6BA717}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{FF3C221F-6D9F-4430-A11B-57A50F506D66}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\ROEd.exe:RedOrchestra SDK Beta
"{172037AB-7E79-4F4F-AD8C-3938182ACAE2}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\ROEd.exe:RedOrchestra SDK Beta
"{477ADE02-658E-4C57-A2F3-563CB1975234}"= UDP:c:\program files\Stardock\TotalGaming\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{1911AF8A-4B1D-4D48-BE55-357B66A9E934}"= TCP:c:\program files\Stardock\TotalGaming\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{A214EAB8-E658-4956-9C35-664254A11AE5}c:\\program files\\stardock\\totalgaming\\sins of a solar empire\\sins of a solar empire.exe"= UDP:c:\program files\stardock\totalgaming\sins of a solar empire\sins of a solar empire.exe:Sins of a Solar Empire
"UDP Query User{C31DA831-F6B4-47F2-8A35-703DF1872B29}c:\\program files\\stardock\\totalgaming\\sins of a solar empire\\sins of a solar empire.exe"= TCP:c:\program files\stardock\totalgaming\sins of a solar empire\sins of a solar empire.exe:Sins of a Solar Empire
"TCP Query User{6091C438-DBF2-45E9-ACE7-BD2931059D04}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\garrysmod\hl2.exe:hl2
"UDP Query User{C3658CB6-4FE1-4FDA-927C-DC0CE24A9E29}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\garrysmod\hl2.exe:hl2
"TCP Query User{1F846A22-9ADF-4F7F-B1E5-E68F69848B15}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{865B7FA5-5C2C-4D5A-AE8A-8039992EDC62}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{69C3A553-ADB8-47E3-BC7A-2B7165DED2B0}c:\\program files\\sega\\medieval ii total war\\medieval2.exe"= UDP:c:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War
"UDP Query User{88102CA8-8985-4CBD-AB37-E3818FB31BD8}c:\\program files\\sega\\medieval ii total war\\medieval2.exe"= TCP:c:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War
"TCP Query User{CAA81C53-0653-4FC5-B738-E1AEC091CAEB}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\team fortress 2\hl2.exe:hl2
"UDP Query User{C7A2BB6D-256F-42AE-8D89-E7CD6808F3A7}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\team fortress 2\hl2.exe:hl2
"TCP Query User{7733C23D-1F06-4B19-8EA9-A435F47421FF}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\zombie panic! source\hl2.exe:hl2
"UDP Query User{64904549-1A18-4459-8759-FDA76175524E}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\zombie panic! source\hl2.exe:hl2
"TCP Query User{5F5683B9-3744-4ADE-9D3A-9D4A4F0DAA19}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\beebran22@playcs.com\dystopia\hl2.exe:hl2
"UDP Query User{527B2245-06DD-4E1A-A681-809485696970}c:\\program files\\steam\\steamapps\\beebran22@playcs.com\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\beebran22@playcs.com\dystopia\hl2.exe:hl2
"{47A8E065-537F-4046-8212-21D0FB31AE5F}"= TCP:1234:Petroglyph
"TCP Query User{961B008A-6C5D-47DA-9C37-9CEFE716DA97}c:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= UDP:c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra
"UDP Query User{92E82D0A-FA49-438A-B2D3-D7D512691348}c:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= TCP:c:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra
"TCP Query User{79D06194-85BF-4969-85F4-A2A21D415A49}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6F102296-137D-4FC5-9C17-1C9FE872D318}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{D1FB3B84-7244-4F56-9FCC-B7EA99C21773}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{FA1CA281-4500-48C6-8589-878AFDE90AB3}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B6793E23-82C8-477A-8806-5A93E6EDF6E6}"= UDP:c:\windows\explorer.exe:Explorer
"{BA856318-F588-4E5E-9934-59646B227741}"= TCP:c:\windows\explorer.exe:Explorer
"{67E7529F-D8EC-4A4D-AEA5-383E2CAC34AA}"= UDP:c:\windows\System32\wininit.exe:wininit
"{14F13773-136B-49F6-A09A-A7F621009BC6}"= TCP:c:\windows\System32\wininit.exe:wininit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-21 953168]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-21 64160]
S3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\Drivers\avgwfp.sys [2008-03-13 53768]


--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8b6894-4fe7-11dc-b6e1-806e6f6e6963}]
\shell\AutoRun\command - E:\LaunchEAW.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:39]

2009-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 03:51]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b4acaaf3-b759-4b89-9472-7a6b3cd2b85e} - c:\windows\system32\begutomu.dll
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\208c2st1.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\208c2st1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\208c2st1.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 17:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgrssvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\progra~1\Grisoft\AVG7\avgrssvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\VSSVC.exe
.
**************************************************************************
.
Completion time: 2009-04-22 18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 23:00

Pre-Run: 12,707,885,056 bytes free
Post-Run: 12,448,645,120 bytes free

531 --- E O F --- 2009-04-19 08:00
Attached Files
File Type: txt log.txt (58.2 KB, 3 views)
Last edited by tetonbob; 04-22-2009 at 08:14 PM. Reason: posted log for easier viewing
al3c is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-23-2009, 01:27 PM   #4 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,273
OS: Windows 7 Premium x64

My System

Re: Help with infected computer
Hi there

Combofix found and deleted a few items, however there is still some work left to do yet...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
c:\windows\System32\kokudive.exe
c:\windows\System32\wetudave.exe
c:\windows\System32\zelewehe.exe
c:\windows\System32\kudavori.exe
c:\windows\System32\vupesasu.exe
c:\windows\System32\pipeyisi.exe
c:\windows\System32\sohafafe.exe
c:\windows\System32\dijuzihi.exe
c:\windows\System32\kijafigo.exe
c:\windows\System32\fizefate.exe
c:\windows\System32\hibopiro.exe
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========================================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==========================================

I want you to run an online scan at kaspersky. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click IE/Firefox icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


Post back in your next reply with:
The combofix log
The log from Kasperksy
__________________
If we have helped you then please consider donating

Proud Member of ASAP & UNITE Since 2007
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-30-2009, 02:52 AM   #5 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 8
OS: vista 32bit home basic


Re: Help with infected computer
I've attached the Combofix and Kapersky logs.
Attached Files
File Type: txt ComboFix.txt (60.2 KB, 2 views)
File Type: txt Kaspersky.txt (2.2 KB, 2 views)
al3c is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-30-2009, 04:51 PM   #6 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 2,273
OS: Windows 7 Premium x64

My System

Re: Help with infected computer
Hi there

I notice that you have the UAC disabled on your machine, one of the reasons your Vista system got infected is likely due to the fact that the UAC has been disabled.

For more information on why you should have it enabled read here - Vista UAC does protect

Before you go any further, protect this system and re-enable that feature. Click Start>Control Panel>User Accounts and turn it back on.

===================================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\Windows\System32\metibahe.dll.tmp
C:\Windows\System32\tefifohi.dll.tmp
C:\Windows\System32\zijaputa.dll.tmp

Dirlook::
c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please copy & past the reply directly into your post rather than as an attachemnt - thanks

Update me on how things are running now
__________________
If we have helped you then please consider donating

Proud Member of ASAP & UNITE Since 2007
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:45 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85