Yep, I have a virus...

xstation14 · 04-22-2009, 02:05 PM

When I got home from work yesterday, my AVG 8 Free was inactive and it couldn't find a license number:

http://img15.imageshack.us/img15/3111/licensenumber.jpg

I tried to re-download it, but a few seconds after it hit 100% it would always delete itself from my desktop. When I got home from school today, it stayed on my desktop, but now it wouldn't install:

http://img15.imageshack.us/img15/1893/instfailed.jpg

The error says:

Local machine: installation failed
Installation:
Error: Action failed for file miniavi.avg: creating file....
Error 0xe001042c
Warning: Action failed for file searchshield.jar: creating backup....
Error 0x80070020 %DESTINATION% = "C:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar.install_backup", %SOURCE% = "C:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar"
Error 0x80004004
Warning: Action failed for file miniavi.avg: creating backup....
Error 0x80070020 %DESTINATION% = "C:\Windows\System32\Drivers\Avg\miniavi.avg.install_backup", %SOURCE% = "C:\Windows\System32\Drivers\Avg\miniavi.avg"
Error 0x80004004
Rollback:
Error: Action failed for file avgcfg.log: restoring from backup....
Error 0x800700b7 %DESTINATION% = "C:\ProgramData\avg8\Log\avgcfg.log", %SOURCE% = "C:\ProgramData\avg8\Log\avgcfg.log.install_backup"
Error: Action failed for file searchshield.jar: removing file....
Error 0x80070020 %PATH% = "C:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar"
Error: Action failed for file miniavi.avg: removing file....
Error 0x80070020 %PATH% = "C:\Windows\System32\Drivers\Avg\miniavi.avg"

Last night I did a full scan on Spyware Doctor, Malwarebyte's Anti-Malware, and Windows Malicious Software Removal Tool and all 3 of them didn't find a single thing, but there's no doubt I have a virus on my computer. When I downloaded GMER today, it tried to delete itself this time also, but I managed to drag the .exe from the zip file before it got deleted. Whatever it is I hope it's not that confickr virus...

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ari at 14:50:49.95 on Wed 04/22/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2424 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ari\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] c:\program files\daemon tools lite\daemon.exe -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes Anti-Malware Reboot] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\ari\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206060585718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206060735345
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.14.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {3A51C9E1-ECB9-4E0F-AD95-3075864F3DB1} = 71.250.0.12,68.237.161.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: gebxvww - gebxvww.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL,avgrsstx.dll,
SEH: {43CBE820-B564-4B5A-BD5E-F365C19E445C} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\ari\appdata\roaming\mozilla\firefox\profiles\61ys9jsj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\ari\appdata\roaming\mozilla\firefox\profiles\61ys9jsj.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\ari\appdata\roaming\mozilla\firefox\profiles\61ys9jsj.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-26 130936]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-14 107272]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-26 348752]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-14 325128]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-14 298264]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2006-11-2 7168]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-20 16:10 <DIR> --d----- c:\program files\Counter-Strike 2D
2009-04-20 14:53 77,492 a------- c:\windows\War3Unin.dat
2009-04-20 14:53 139,264 a------- c:\windows\War3Unin.exe
2009-04-20 14:53 2,829 a------- c:\windows\War3Unin.pif
2009-04-19 17:43 <DIR> --d----- c:\program files\Codemasters
2009-04-16 23:57 <DIR> --d----- c:\program files\Teamspeak2_RC2
2009-04-14 14:17 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-10 22:30 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-10 22:30 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-10 22:30 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-10 22:30 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-10 22:30 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-10 22:30 11,264 a------- c:\windows\system32\icardres.dll
2009-04-10 22:30 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-10 22:30 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-10 21:57 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-10 21:57 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-10 21:57 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-10 21:56 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-10 21:56 83,968 a------- c:\windows\system32\mscories.dll
2009-04-10 21:51 <DIR> --d----- c:\users\ari\appdata\roaming\DAEMON Tools Pro
2009-04-10 15:16 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-04-10 15:16 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-04-10 15:15 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-10 15:15 <DIR> --d----- c:\users\ari\appdata\roaming\DAEMON Tools Lite
2009-04-10 15:13 <DIR> --d----- c:\users\ari\KoToRsaves
2009-04-10 13:25 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2009-04-10 13:25 3,184 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-04-09 18:33 <DIR> --d----- c:\program files\Amazon
2009-04-09 18:03 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-04-09 18:03 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2009-04-09 18:03 238,088 a------- c:\windows\system32\xactengine3_2.dll
2009-04-09 18:03 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2009-04-09 18:03 467,984 a------- c:\windows\system32\d3dx10_39.dll
2009-04-09 17:54 <DIR> --d----- c:\windows\A3194B3EEEC444EE85199DEB0AAC904B.TMP
2009-04-09 17:46 <DIR> --d----- c:\program files\1C
2009-04-09 15:27 <DIR> --d----- c:\programdata\id Software
2009-04-09 15:27 <DIR> --d----- c:\progra~2\id Software
2009-04-08 21:06 1,649,152 a------- c:\users\ari\n_v14.exe
2009-04-05 12:52 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:31 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2009-04-05 01:31 3,625 a------- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-04-05 01:31 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.bmp
2009-04-05 01:31 3,328 a------- c:\windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat
2009-04-05 01:28 <DIR> --d----- c:\users\ari\appdata\roaming\AccurateRip
2009-04-05 01:28 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-04-05 01:28 14,373 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-04-05 01:19 <DIR> --d----- c:\users\ari\R4 STUFF
2009-04-04 22:28 <DIR> --d----- c:\program files\Hogs of War
2009-04-04 21:58 <DIR> --d----- c:\program files\DNA
2009-04-04 21:58 <DIR> --d----- c:\program files\AskBarDis
2009-04-04 16:43 <DIR> --d----- c:\windows\pss
2009-04-03 13:43 <DIR> --d----- c:\users\ari\health project
2009-04-03 13:22 <DIR> --d----- c:\users\ari\appdata\roaming\Aventurine
2009-04-02 23:24 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-04-02 23:24 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-04-02 23:24 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-04-02 23:24 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-04-02 23:24 <DIR> --d----- c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-03-29 22:14 <DIR> --d----- c:\users\ari\{84b504f0-5188-4e1a-9b41-084ebf93488e}
2009-03-29 22:14 <DIR> --d----- c:\program files\Realtek AC97
2009-03-27 20:29 <DIR> --d----- c:\program files\Mount&Blade
2009-03-26 20:18 14,352 a------- c:\windows\system32\drivers\AtiPcie.sys
2009-03-26 20:18 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-03-26 17:56 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-26 17:56 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-26 17:56 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-26 17:55 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-26 17:55 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-26 17:55 <DIR> --d----- c:\users\ari\appdata\roaming\PC Tools
2009-03-26 17:55 <DIR> --d----- c:\programdata\PC Tools
2009-03-26 17:55 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-26 17:55 <DIR> --d----- c:\progra~2\PC Tools

==================== Find3M ====================

2009-04-17 14:48 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-04-17 14:48 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-04-10 15:21 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-04-10 13:25 404,656 a------- c:\windows\system32\SpoonUninstall.exe
2009-04-09 15:27 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 15:27 22,328 a------- c:\users\ari\appdata\roaming\PnkBstrK.sys
2009-04-09 15:27 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-04-09 15:27 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-04-09 15:27 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-29 22:21 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-29 22:21 86,016 a------- c:\windows\inf\infstor.dat
2009-03-29 22:21 51,200 a------- c:\windows\inf\infpub.dat
2009-03-29 22:07 319,488 a------- c:\windows\HideWin.exe
2009-03-28 18:57 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-10 14:02 223,776 a------- c:\windows\alcrmv.exe
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 22:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-25 18:59 4,385,792 a------- c:\windows\system32\drivers\atikmdag.sys
2009-02-25 17:36 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-25 17:34 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-02-25 17:34 348,160 a------- c:\windows\system32\atipdlxx.dll
2009-02-25 17:34 274,432 a------- c:\windows\system32\Oemdspif.dll
2009-02-25 17:34 12,288 a------- c:\windows\system32\atimuixx.dll
2009-02-25 17:34 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-25 17:34 278,528 a------- c:\windows\system32\Ati2evxx.dll
2009-02-25 17:32 733,184 a------- c:\windows\system32\Ati2evxx.exe
2009-02-25 17:24 2,396,160 a------- c:\windows\system32\atidxx32.dll
2009-02-25 17:18 3,839,488 a------- c:\windows\system32\atiumdag.dll
2009-02-25 17:04 11,513,856 a------- c:\windows\system32\atioglxx.dll
2009-02-25 16:56 4,944,896 a------- c:\windows\system32\atiumdva.dll
2009-02-25 16:42 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-02-25 16:42 135,168 a------- c:\windows\system32\atiadlxx.dll
2009-02-25 16:38 53,248 a------- c:\windows\system32\aticalrt.dll
2009-02-25 16:37 53,248 a------- c:\windows\system32\aticalcl.dll
2009-02-25 16:36 3,235,840 a------- c:\windows\system32\aticaldd.dll
2009-02-25 16:29 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-14 16:59 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 20:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-11-09 17:40 122,880 a------- c:\users\ari\runescape.exe
2008-07-23 03:41 174 a--sh--- c:\program files\desktop.ini
2008-07-23 03:29 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-27 12:14 64,025 a------- c:\users\ari\cshadowrunserverfiles.zip
2007-11-24 15:18 40,746,439 a------- c:\users\ari\iwbtgALPHA.exe
2007-11-19 22:04 5,066,352 a------- c:\users\ari\PowerDVDSE_Vista.exe
2007-11-03 21:56 7,911,261 a------- c:\users\ari\mxo_setup.exe
2007-02-25 15:39 4,322,304 a------- c:\users\ari\aawsepersonal.exe
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2004-03-28 21:51 48,355 a------- c:\users\ari\bitrate Calculator_v1.3.zip
2002-06-28 12:19 723,456 a------- c:\users\ari\HLSS 3.00.exe
2008-06-24 17:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-24 17:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-24 17:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 14:51:41.92 ===============

I apologize for the double post but I couldn't find an edit button. Do you think it's safe to continue buying games on Steam, or is my personal information at risk?

xstation14 · 04-26-2009, 01:21 PM

BUMP, please

Ried · 04-27-2009, 09:08 PM

Hello xstation14,

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

xstation14 · 04-28-2009, 09:44 AM

Yeah it deleted from my desktop a few seconds after it hit 100%. I managed to click on it before it disappeared. At first it asked for network privileges or something like that and asked for a username and password, which I didn't know. It wouldn't let me Print Screen that, but afterwords this message came up: http://img207.imageshack.us/img207/2781/combofix.jpg

EDIT: Ok, I tried again from a different link and it managed to work

ComboFix 09-04-27.04 - Ari 04/28/2009 11:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2156 [GMT -4:00]
Running from: c:\users\Ari\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patchw32.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-27 01:48 . 2009-04-27 01:48 -------- d-----w c:\users\Ari\save
2009-04-26 19:37 . 2009-04-26 19:41 -------- d-----w c:\users\Ari\AppData\Local\WarRockDF
2009-04-22 21:15 . 2009-04-22 21:15 -------- d-----w c:\program files\GamersFirst
2009-04-20 20:10 . 2009-04-20 20:10 -------- d-----w c:\program files\Counter-Strike 2D
2009-04-20 18:53 . 2009-04-20 19:06 77492 ----a-w c:\windows\War3Unin.dat
2009-04-20 18:53 . 2009-04-20 19:02 2829 ----a-w c:\windows\War3Unin.pif
2009-04-20 18:53 . 2009-04-20 19:02 139264 ----a-w c:\windows\War3Unin.exe
2009-04-20 18:49 . 2009-04-20 19:11 -------- d-----w c:\program files\Warcraft III
2009-04-19 21:43 . 2009-04-19 21:43 -------- d-----w c:\program files\Codemasters
2009-04-17 04:26 . 2009-04-17 19:57 -------- d-----w c:\users\Ari\AppData\Local\ArmA
2009-04-17 03:57 . 2009-04-17 03:58 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-11 02:30 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-11 02:30 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-11 02:30 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-11 02:30 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-11 02:30 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-11 02:30 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-11 02:30 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-11 01:57 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-11 01:57 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-11 01:57 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-11 01:56 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-11 01:56 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-11 01:51 . 2009-04-11 01:51 -------- d-----w c:\users\Ari\AppData\Roaming\DAEMON Tools Pro
2009-04-10 19:16 . 2009-04-10 19:16 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-10 19:16 . 2009-04-10 19:16 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-10 19:15 . 2009-04-10 19:15 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-10 19:15 . 2009-04-11 01:51 -------- d-----w c:\users\Ari\AppData\Roaming\DAEMON Tools Lite
2009-04-10 19:13 . 2009-04-10 19:13 -------- d-----w c:\users\Ari\KoToRsaves
2009-04-10 17:25 . 2009-04-10 17:25 3184 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-04-09 22:33 . 2009-04-09 22:35 -------- d-----w c:\users\Ari\AppData\Roaming\Amazon
2009-04-09 22:33 . 2009-04-09 22:35 -------- d-----w c:\program files\Amazon
2009-04-09 22:03 . 2008-07-31 14:41 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll
2009-04-09 22:03 . 2008-07-31 14:40 509448 ----a-w c:\windows\system32\XAudio2_2.dll
2009-04-09 22:03 . 2008-07-31 14:41 238088 ----a-w c:\windows\system32\xactengine3_2.dll
2009-04-09 22:03 . 2008-07-12 12:18 1493528 ----a-w c:\windows\system32\D3DCompiler_39.dll
2009-04-09 22:03 . 2008-07-12 12:18 467984 ----a-w c:\windows\system32\d3dx10_39.dll
2009-04-09 21:54 . 2009-04-09 21:54 -------- d-----w c:\windows\A3194B3EEEC444EE85199DEB0AAC904B.TMP
2009-04-09 21:46 . 2009-04-09 21:46 -------- d-----w c:\program files\1C
2009-04-09 19:27 . 2009-04-09 19:27 -------- d-----w c:\programdata\id Software
2009-04-09 19:27 . 2009-04-09 19:27 -------- d-----w c:\users\All Users\id Software
2009-04-09 01:06 . 2005-05-17 17:01 1649152 ----a-w c:\users\Ari\n_v14.exe
2009-04-05 16:52 . 2009-04-05 16:52 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 05:31 . 2009-04-05 05:31 3625 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-04-05 05:31 . 2009-04-05 05:31 3328 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat
2009-04-05 05:28 . 2009-04-05 05:28 -------- d-----w c:\users\Ari\AppData\Roaming\AccurateRip
2009-04-05 05:28 . 2009-04-05 05:28 14373 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-04-05 05:19 . 2009-04-05 05:19 -------- d-----w c:\users\Ari\R4 STUFF
2009-04-05 02:28 . 2009-04-05 02:31 -------- d-----w c:\program files\Hogs of War
2009-04-05 01:58 . 2009-04-05 01:58 -------- d-----w c:\program files\DNA
2009-04-05 01:58 . 2009-04-05 01:58 -------- d-----w c:\program files\AskBarDis
2009-04-05 00:04 . 2009-04-05 00:04 -------- d-----w c:\users\Ari\AppData\Roaming\InstallShield
2009-04-03 17:43 . 2009-04-03 17:43 -------- d-----w c:\users\Ari\health project
2009-04-03 17:22 . 2009-04-03 17:22 -------- d-----w c:\users\Ari\AppData\Roaming\Aventurine
2009-04-03 03:24 . 2008-10-10 08:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-03 03:24 . 2008-10-10 08:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-03 03:24 . 2008-10-10 08:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-03 03:24 . 2008-10-27 14:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-03 03:24 . 2009-04-03 03:24 -------- d-----w c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-03-30 02:14 . 2009-03-30 02:14 -------- d-----w c:\users\Ari\{84b504f0-5188-4e1a-9b41-084ebf93488e}
2009-03-30 02:14 . 2009-03-30 02:14 -------- d-----w c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 07:53 . 2009-03-26 21:55 -------- d-----w c:\program files\Spyware Doctor
2009-04-28 01:51 . 2007-02-25 00:40 -------- d-----w c:\program files\Steam
2009-04-26 21:06 . 2007-02-25 01:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 20:58 . 2007-07-31 19:28 -------- d-----w c:\program files\Sierra
2009-04-23 01:05 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-23 01:05 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-23 01:05 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-23 01:05 . 2008-12-24 18:49 -------- d-----w c:\program files\Microsoft
2009-04-21 00:44 . 2009-02-25 22:51 -------- d-----w c:\program files\Darkfall
2009-04-20 05:56 . 2009-03-26 21:56 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-18 03:38 . 2007-08-08 17:15 -------- d-----w c:\program files\Common Files\Steam
2009-04-18 03:34 . 2007-07-14 18:27 -------- d-----w c:\program files\EA GAMES
2009-04-17 18:48 . 2007-11-29 02:18 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-17 18:48 . 2007-11-29 02:18 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-16 17:02 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-04-16 16:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 00:53 . 2009-01-25 01:22 -------- d-----w c:\program files\Xfire
2009-04-10 19:21 . 2008-11-29 22:24 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-10 17:25 . 2007-02-25 21:25 404656 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-04-09 21:54 . 2007-03-07 02:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-09 19:27 . 2007-10-04 19:23 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 19:27 . 2007-10-04 19:23 22328 ----a-w c:\users\Ari\AppData\Roaming\PnkBstrK.sys
2009-04-09 19:27 . 2007-10-04 19:23 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-09 19:27 . 2007-11-15 01:52 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 19:27 . 2007-10-04 19:23 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 05:17 . 2008-10-18 02:21 -------- d-----w c:\program files\Dyyno
2009-04-03 21:15 . 2007-07-22 18:59 15316 ----a-w c:\users\Ari\AppData\Local\d3d9caps.dat
2009-03-30 02:07 . 2008-07-09 18:56 319488 ----a-w c:\windows\HideWin.exe
2009-03-28 22:57 . 2007-11-29 02:58 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-28 21:35 . 2007-11-15 01:32 -------- d-----w c:\program files\Electronic Arts
2009-03-28 00:29 . 2009-03-28 00:29 -------- d-----w c:\program files\Mount&Blade
2009-03-27 00:19 . 2007-08-27 03:23 -------- d-----w c:\program files\ATI Technologies
2009-03-27 00:18 . 2009-03-27 00:18 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-26 21:57 . 2009-03-26 21:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-21 21:54 . 2008-11-13 04:00 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-21 21:09 . 2009-03-21 21:09 -------- d-----w c:\program files\Bethesda Softworks
2009-03-20 21:53 . 2008-06-06 23:20 -------- d-----w c:\program files\GameSpy Arcade
2009-03-17 03:38 . 2009-04-16 16:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 16:10 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:10 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-06 21:31 . 2008-01-12 01:24 -------- d-----w c:\program files\Zune
2009-03-06 01:59 . 2009-03-06 01:56 -------- d-----w c:\program files\MediaCoder
2009-03-04 20:24 . 2007-10-06 16:02 -------- d-----w c:\program files\AGEIA Technologies
2009-03-03 04:46 . 2009-04-16 16:10 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:10 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 16:10 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 16:10 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:10 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:10 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 16:10 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:10 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:10 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:10 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:10 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 16:10 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 04:51 . 2009-03-02 04:22 -------- d-----w c:\program files\Age of Empires
2009-03-02 03:38 . 2009-03-02 03:38 -------- d-----w c:\program files\Free WMA to MP3 Converter
2009-03-02 03:33 . 2009-03-02 03:33 -------- d-----w c:\program files\Cucusoft
2009-02-28 21:17 . 2008-03-20 01:59 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:59 . 2009-02-25 22:59 4385792 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-02-25 21:36 . 2009-02-25 21:36 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:34 . 2006-11-02 10:25 159744 ----a-w c:\windows\system32\atitmmxx.dll
2009-02-25 21:34 . 2007-07-28 03:26 348160 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:34 . 2009-02-25 21:34 274432 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:34 . 2009-02-25 21:34 12288 ----a-w c:\windows\system32\atimuixx.dll
2009-02-25 21:34 . 2009-02-25 21:34 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:34 . 2009-02-25 21:34 278528 ----a-w c:\windows\system32\Ati2evxx.dll
2009-02-25 21:32 . 2009-02-25 21:32 733184 ----a-w c:\windows\system32\Ati2evxx.exe
2009-02-25 21:24 . 2009-02-25 21:24 2396160 ----a-w c:\windows\system32\atidxx32.dll
2009-02-25 21:18 . 2009-02-25 21:18 3839488 ----a-w c:\windows\system32\atiumdag.dll
2009-02-25 21:04 . 2009-02-25 21:04 11513856 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 20:56 . 2009-02-25 20:56 4944896 ----a-w c:\windows\system32\atiumdva.dll
2009-02-25 20:42 . 2009-02-25 20:42 51712 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:42 . 2009-02-25 20:42 135168 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 53248 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:36 . 2009-02-25 20:36 3235840 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 20:29 . 2009-02-25 20:29 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-14 20:59 . 2009-02-14 20:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-14 20:59 . 2009-02-14 20:59 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-14 20:59 . 2009-02-14 20:59 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-13 08:49 . 2009-04-16 16:10 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 16:10 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 03:01 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:03 . 2009-02-07 00:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 23:52 . 2009-02-06 23:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-07-23 07:41 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-14 1601304]
"Malwarebytes Anti-Malware Reboot"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 1183352]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-14 3111248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{593F94A5-39C8-4980-A218-E1859D2214EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{09C13DC2-4D2C-4580-81F1-16B124A094DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"UDP Query User{3F336042-74FE-486C-9162-073DD252A5F1}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"TCP Query User{0BC54297-8E53-4D75-879F-7650B98D9570}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"{8BDC75D0-7190-4271-BA85-2CDAC962EA1C}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"UDP Query User{B9214748-C692-4D65-B4BC-B240E420A073}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"TCP Query User{6593D91E-73B0-40AA-B7CF-9F0F39EB9062}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"UDP Query User{A5DC14CB-47CE-4C47-BA2C-2D8F6659FDA3}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{70230F11-D9C9-4CA5-B2C2-559EBCF9C0DD}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{8EBFADF0-FDFB-45D8-B8BF-A3B99D414CC9}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{234664D7-FA00-48B9-BEBA-3F079522B08F}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{38B74328-EBEE-4E3B-9155-44C5751CFAC9}c:\\program files\\steam\\steamapps\\scabiez\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\source sdk base\hl2.exe:hl2
"TCP Query User{378B9878-FDB5-4792-BBF3-C9472ED2F9F3}c:\\program files\\steam\\steamapps\\scabiez\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\source sdk base\hl2.exe:hl2
"UDP Query User{E4C1AC3E-6B02-4720-8FF0-51F58AF4D0F6}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{40C98582-AF53-44E0-87C5-4D69F32C1B3C}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{241A1805-A610-4DA6-AB42-B4C0E40F6F40}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"TCP Query User{D55023D6-591A-495A-A0B6-2D748D6E5E6E}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"UDP Query User{E03EBB8B-E9B0-4F1E-8F5B-7AFBCEDECB6B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{41EBF7ED-5F1A-4459-935B-9F72F894DA9D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{65D932D6-5529-4138-8FEF-02332C632995}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E71A4238-0629-42B6-8ED7-220467A8C204}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"UDP Query User{08B2EF77-D000-47CD-B62E-5B365F3AE60D}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B54D2400-95D4-4DC0-B7CA-9710AD42EBEB}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{ABD6E38C-AD3A-44B8-8401-06DA25B857B0}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EDD1D949-9C74-487D-ACF1-22DAAAFDE250}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"{FB2BC4EB-9B69-4826-8C9D-965681844220}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{104B7FCA-406B-4D8C-B4CB-154638572983}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{7E74EDD4-C5EE-4A7D-AE80-89C61CBD1298}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{BAC67A74-4DFE-4C19-8880-B200213BCD76}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"UDP Query User{C69E4071-F912-420F-8AD3-B483FAE02C4D}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"TCP Query User{7F344D5C-766F-4732-8D85-88115E029EEB}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{6AE785E1-E440-4A75-B7F7-772C5580D5AF}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{9B683A8D-037F-4D02-A259-9F40F31266D9}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"{511C3018-0D5F-42C5-BA50-F828AFC2FDD1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9342A03B-37DB-447E-95F9-EE7C74880743}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{F9B43DDD-38D4-495A-9D44-CE9E8D680064}c:\\users\\ari\\desktop\\utorrent.exe"= UDP:c:\users\ari\desktop\utorrent.exe:utorrent.exe
"UDP Query User{11BB7A45-D71C-4D56-AA07-6005867BD8A4}c:\\users\\ari\\desktop\\utorrent.exe"= TCP:c:\users\ari\desktop\utorrent.exe:utorrent.exe
"TCP Query User{F4714470-1804-46DF-8893-0D236D71686D}c:\\users\\ari\\utorrent.exe"= UDP:c:\users\ari\utorrent.exe:utorrent.exe
"UDP Query User{E83BA2B3-3B21-4EFC-AF5A-A72F5109C38B}c:\\users\\ari\\utorrent.exe"= TCP:c:\users\ari\utorrent.exe:utorrent.exe
"TCP Query User{E63ADD52-A809-4A92-8132-C33122AB44EE}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C686EC16-7907-4650-ADA6-67E9A6631D0F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{94882F0C-A367-4B8A-9DA9-BE783DF8E63B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A793E83C-EE01-4C1C-B46E-0FE77AB7B207}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{31C80C77-5598-4236-801A-9EDC6B0A47D5}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{47A36836-A377-4F02-9D95-762DA84DD348}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{B067F65B-ED4C-44AB-9CA9-3853AA341B9D}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{F14446CE-BAAD-465D-910B-92540CADEDFE}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{3081AEE6-B1BA-4840-8FAB-28CB11150F33}c:\\program files\\steam\\steamapps\\scabiez\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{5D2AD3BE-CF31-452B-AEE3-F3D04225BA0C}c:\\program files\\steam\\steamapps\\scabiez\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\team fortress classic\hl.exe:Half-Life Launcher
"{48B13944-3033-4C44-BC2B-EECBEAA3C061}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{30F3BD91-EA8E-4809-BFFD-3F6E579E619F}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{1A063F14-3024-453B-B88D-1C36AC87FAE8}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"UDP Query User{AF9F56C4-340E-4E6C-8499-DBE8CB5F2D82}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"TCP Query User{771980F4-757B-4F3F-A805-A97074DCEA07}c:\\program files\\lucasarts\\jedi knight\\jk.exe"= UDP:c:\program files\lucasarts\jedi knight\jk.exe:Jedi Knight Main Executable
"UDP Query User{49C9027C-8214-43AB-87F9-CAD9F9BC2A5E}c:\\program files\\lucasarts\\jedi knight\\jk.exe"= TCP:c:\program files\lucasarts\jedi knight\jk.exe:Jedi Knight Main Executable
"TCP Query User{DF1D14AE-8358-43ED-90C3-BBD748DFEF03}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{0C59AA35-4A3F-473C-B8D0-4B60FC7765B1}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{C2C4B06B-54B8-4FCE-A66E-874C5380983D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{099B759D-B43B-444E-BADF-42F2D36DED73}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5FE7B589-6749-460C-8BC0-106AE3835029}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{54A027FD-F8A6-46DC-9A4C-E80ACB11CCCE}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{701FB696-844B-4FFF-A145-8EBFF3674157}c:\\westwood\\nox\\game.exe"= UDP:c:\westwood\nox\game.exe:Game
"UDP Query User{863D6E83-A8CE-4EC5-AD56-37F4109527E2}c:\\westwood\\nox\\game.exe"= TCP:c:\westwood\nox\game.exe:Game
"TCP Query User{08ABEDA8-BB50-4FC6-AE2F-7F9841A639FA}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{6D8B5EDA-7951-426A-86F7-4FB1598D1470}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{4020358F-7947-4797-847B-258C4A660A3D}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{85166D01-EBED-4D8D-9514-2A5DCFD626AE}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{5E7B6149-E674-440B-836A-A9CFBFD6F238}c:\\program files\\steam\\steamapps\\scabiez\\the ship\\ship.exe"= UDP:c:\program files\steam\steamapps\scabiez\the ship\ship.exe:ship
"UDP Query User{CF5C328B-DF8E-439A-B72B-93CE6C9E4A9E}c:\\program files\\steam\\steamapps\\scabiez\\the ship\\ship.exe"= TCP:c:\program files\steam\steamapps\scabiez\the ship\ship.exe:ship
"TCP Query User{99F1CA40-C891-4107-A53F-2365F9A3D4CB}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{51839135-19A9-4480-BD43-5D1064269279}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{9A4CD9EE-7403-43BE-88DA-2E2A6AF0304F}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{737AA20F-0C0A-4C06-9524-B3EF5CD7FB49}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{F2D800FA-E512-4BFA-9C43-41444E8F3B3F}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{77FC1B6E-E5E2-494B-BEF1-B47A685802E4}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"TCP Query User{E58296AF-742B-44D3-BACD-40799DF41FA2}c:\\program files\\ubisoft\\blazing angels squadrons of wwii\\bin\\mainr.exe"= UDP:c:\program files\ubisoft\blazing angels squadrons of wwii\bin\mainr.exe:Blazing Angels
"UDP Query User{2506F346-2813-40B2-BB94-C5F50B61CD5A}c:\\program files\\ubisoft\\blazing angels squadrons of wwii\\bin\\mainr.exe"= TCP:c:\program files\ubisoft\blazing angels squadrons of wwii\bin\mainr.exe:Blazing Angels
"TCP Query User{89529CE3-0495-40C0-BBB0-6525F701F8AB}c:\\program files\\steam\\steamapps\\scabiez\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\team fortress 2\hl2.exe:hl2
"UDP Query User{D3FF2794-5BCE-40DB-B522-E7A3644DDCBF}c:\\program files\\steam\\steamapps\\scabiez\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\team fortress 2\hl2.exe:hl2
"TCP Query User{E020D995-DCAE-478E-92AE-FCAD0CE10580}c:\\program files\\dobermann\\halo zero\\halozero.exe"= UDP:c:\program files\dobermann\halo zero\halozero.exe:Halo Zero
"UDP Query User{46A9CC1B-61FE-4BDB-9E9D-BAEFDA8F2B30}c:\\program files\\dobermann\\halo zero\\halozero.exe"= TCP:c:\program files\dobermann\halo zero\halozero.exe:Halo Zero
"{80660933-72CF-4D1C-9C6F-9C6DFDA98B00}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{956A1DC1-2543-4A84-A533-C5BA30702BF0}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{682979E9-29C6-4806-874F-ED5DD71683CF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B44B30EB-591E-4151-8B45-D2712D7ACD70}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0FA5E593-E79E-4D6F-B258-4FADC6B3BB5A}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A12F501-9A0E-41A2-8237-80F29A707A2C}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"TCP Query User{79198D80-84B6-44BF-AB9F-3F2097615B92}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam
"UDP Query User{B96FA4B7-B206-41B0-8E08-6E89C316422C}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam
"TCP Query User{E011CDFB-632D-4D17-82A7-17F1E3125651}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{E64B231E-F41B-4944-8747-67FC8D4A195F}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{80BF5A2B-F663-4241-B95B-4BB4C13A08DF}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{5A602E85-2575-4528-9791-1B96D24D616F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{1C17F1DC-E51A-49FD-B97A-42312F02FF43}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{70A4FF1B-D49F-43BD-84F2-58509E0A0E6D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{B9BBE8CB-F478-49DA-B077-8941205E28DE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3C21645D-68AC-46CF-9645-B2490AF61DF4}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0EB3621C-5660-4957-83C7-FC75F8B9CCFD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{ABF76488-D506-4415-97CC-753AF9885DCF}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{195C159C-1410-473C-AE51-18E036B55B27}c:\\program files\\steam\\steamapps\\scabiez\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{D9C0115A-E3F6-42DD-A5C7-062506BA65CE}c:\\program files\\steam\\steamapps\\scabiez\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{FC1AB5B6-E546-4ECE-96D5-C60790DAA7AC}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FCBEAEB6-6DED-4C8F-8159-23504B8387F8}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{37FA1D8C-0E14-4332-A5C6-77F0A0EF76BA}c:\\program files\\steam\\steamapps\\scabiez\\rag doll kung fu\\rag_doll_kung_fu_steam.exe"= UDP:c:\program files\steam\steamapps\scabiez\rag doll kung fu\rag_doll_kung_fu_steam.exe:Rag_Doll_Kung_Fu_Steam
"UDP Query User{1B8E9A44-544B-4752-A694-9F2BE7A11101}c:\\program files\\steam\\steamapps\\scabiez\\rag doll kung fu\\rag_doll_kung_fu_steam.exe"= TCP:c:\program files\steam\steamapps\scabiez\rag doll kung fu\rag_doll_kung_fu_steam.exe:Rag_Doll_Kung_Fu_Steam
"TCP Query User{C8B94722-F8BB-40A8-80AB-46436C69C18F}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{EB83BBAE-254A-4D52-90B9-D7D7CE841475}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{8A01051F-0F17-43FA-8538-C6E6F42FE2EE}"= UDP:c:\program files\Fury\Binaries\Fury.exe:Fury
"{7E1E36E9-6771-4D52-B76C-6B82FBE0489B}"= TCP:c:\program files\Fury\Binaries\Fury.exe:Fury
"{D227BAA3-99F6-4E26-914C-0DD9B52BD2CD}"= UDP:c:\program files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"{BFEBA8EB-600F-435C-876C-604B8206730F}"= TCP:c:\program files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"TCP Query User{02EF8991-9E91-4CBC-8115-3EEBAC160CAB}c:\\program files\\zdaemon\\zlauncher.exe"= UDP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{BDDE6D98-ADE9-4438-BA36-8670221616F6}c:\\program files\\zdaemon\\zlauncher.exe"= TCP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{6484EBC9-46FF-4E9B-9D8D-5646A1A2EC5D}c:\\program files\\zdaemon\\zdaemon.exe"= UDP:c:\program files\zdaemon\zdaemon.exe:ZDaemon
"UDP Query User{20483E9D-21E7-4E0D-B8DF-F50DF0F8D603}c:\\program files\\zdaemon\\zdaemon.exe"= TCP:c:\program files\zdaemon\zdaemon.exe:ZDaemon
"TCP Query User{786FA42D-EF07-43A9-9230-4232DBA34F56}c:\\runehov\\system\\rune.exe"= UDP:c:\runehov\system\rune.exe:Rune
"UDP Query User{4C2AA890-7DA2-4BB4-9F81-B6CC444FAFF9}c:\\runehov\\system\\rune.exe"= TCP:c:\runehov\system\rune.exe:Rune
"TCP Query User{4C6E4787-9961-437D-BEB0-0FC081B834B3}c:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:c:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{B207D0CD-2C73-4198-93B9-E2446907AD12}c:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:c:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{9CEF8E67-98D6-4CE5-82CF-EB7CB771BC1E}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{D1BD75B0-4606-4A4C-BE86-D071640B78A2}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{1FECF425-5CD4-47E0-B44B-31A27C5AAA5E}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{76ACC8DB-F614-4AF0-97A9-2157E3E6DCFB}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"TCP Query User{422BBEAE-8A65-4B8D-B42D-12C72537EF27}c:\\program files\\steam\\steamapps\\common\\the club\\theclub.exe"= UDP:c:\program files\steam\steamapps\common\the club\theclub.exe:The Club
"UDP Query User{8AE7E067-BE23-44DC-A40C-2801FBC97EFB}c:\\program files\\steam\\steamapps\\common\\the club\\theclub.exe"= TCP:c:\program files\steam\steamapps\common\the club\theclub.exe:The Club
"TCP Query User{686376A5-E089-456A-9222-9DC984D02AF0}c:\\users\\ari\\appdata\\local\\temp\\rar$ex32.218\\samp-server.exe"= UDP:c:\users\ari\appdata\local\temp\rar$ex32.218\samp-server.exe:samp-server.exe
"UDP Query User{E7384033-7CA2-448B-BFDB-BD447BF3BC23}c:\\users\\ari\\appdata\\local\\temp\\rar$ex32.218\\samp-server.exe"= TCP:c:\users\ari\appdata\local\temp\rar$ex32.218\samp-server.exe:samp-server.exe
"TCP Query User{D60F3B56-3DAC-4183-9368-2BF0880E3C33}c:\\users\\ari\\appdata\\local\\temp\\rar$ex34.968\\samp-server.exe"= UDP:c:\users\ari\appdata\local\temp\rar$ex34.968\samp-server.exe:samp-server.exe
"UDP Query User{76770936-C8CB-48A1-BBB9-B674CCC187D2}c:\\users\\ari\\appdata\\local\\temp\\rar$ex34.968\\samp-server.exe"= TCP:c:\users\ari\appdata\local\temp\rar$ex34.968\samp-server.exe:samp-server.exe
"TCP Query User{36AAAB6C-A05F-4FCF-AE7C-0A1C6E3C6003}c:\\program files\\rockstar games\\gta san andreas\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp-server.exe:samp-server
"UDP Query User{A887EA43-396D-4353-941B-917C52EA00BA}c:\\program files\\rockstar games\\gta san andreas\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp-server.exe:samp-server
"TCP Query User{AE9C5DB2-1200-488E-B74A-377E4C01986D}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jampded.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jampded.exe:Jedi Academy MP Dedicated Server
"UDP Query User{2F34776F-0263-4CB8-BC65-C8197EFDA349}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jampded.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jampded.exe:Jedi Academy MP Dedicated Server
"{BF69C652-46B5-42F2-8205-EC1DB838417C}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{1AF1F6FA-4224-4907-9D9A-3B76C0738EC6}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{CB96C084-73BB-4257-9496-E53E579FF491}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B2F031C5-3593-451C-AE56-A45C328D070D}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AF2FD04F-DABD-4EDE-8F1E-08FF951BF6A8}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{362EA14A-53DF-41C0-86E2-F9255AA5BF1E}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{7597E9BE-3132-4587-B9E8-F7E11F82253E}c:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{73670725-F87A-4357-A3D0-21EAD370FD29}c:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"{3827EE17-E808-4C84-AFD3-B302C95B3671}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B0725D22-B39B-4751-8F6D-01214B908DD2}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{2E594EEF-F94F-460D-AF2F-745508E72AEE}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life 2\hl2.exe:hl2
"UDP Query User{C83DFF14-02E5-4ACB-ABD4-5B093484E38D}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life 2\hl2.exe:hl2
"{A5B8A5E5-BCE1-4D34-B46E-22247B80650E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E94F9BAA-C5E7-4B29-BB78-94CCE4FCE1D4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{07461DF6-DA5C-4B1B-9D4B-5BB9C7AAABC0}c:\\users\\ari\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\ari\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{D27682BD-42AF-434A-A13C-CBBD2A315AE6}c:\\users\\ari\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\ari\program files\utorrent\utorrent.exe:utorrent.exe
"{68E93548-99B2-4C3F-BE1B-932A1341E025}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{4836BB6A-E6E9-4F7A-9AC4-F0C582CB93A4}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{115A762C-E710-4DFA-BA63-10771E687BA7}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{9AA3C15F-6B0E-483A-8CCD-C33F0AC56018}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{271A29C9-E06D-45C4-BBB0-53594539369D}c:\\dynamix\\tribes\\tribes.exe"= UDP:c:\dynamix\tribes\tribes.exe:Tribes
"UDP Query User{722C1EA9-0B79-4D9B-9199-9E58C4441C72}c:\\dynamix\\tribes\\tribes.exe"= TCP:c:\dynamix\tribes\tribes.exe:Tribes
"TCP Query User{A7EA7602-370E-4F24-B5D3-EC0C5DFC3124}c:\\program files\\gamespy arcade\\aphex.exe"= UDP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"UDP Query User{B860BDFB-BCBB-48D4-B261-144A10885647}c:\\program files\\gamespy arcade\\aphex.exe"= TCP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"{468AA411-8D81-4AB8-8471-42B7C16EC8A3}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{97DDCEB7-CE00-4B59-A001-6C13B7AC2A4F}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"176baa83-0507-45da-a8e2-cac40236e15c"= %ProgramFiles%\IGZones\IGZones.exe:IGZones
"{AB068A95-9026-4DF8-B975-614486A5BDE5}"= UDP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{9AA19C76-3F52-4FE2-95A1-D7FDFCB28FF7}"= TCP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"TCP Query User{3C7765B0-CE57-423E-B49F-AC6403FFEB27}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{AD84576C-2B91-4D39-A7ED-D17568EDCB97}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"TCP Query User{11AD55A4-D377-4F2C-AB5F-640B498DD02B}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{ABE1A9BC-317E-44B6-AE54-E5DCF5016FE9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{E7703ACA-6C5F-4422-85A6-7AB18CD78447}c:\\program files\\steam\\steamapps\\scabiez\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{4761C5AF-72B6-4DB1-885B-CC6C9CD407FC}c:\\program files\\steam\\steamapps\\scabiez\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{6179FC0E-6B3D-4FEE-B072-FDBF409873FD}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{6EE20952-99CF-4B8F-88F3-9E561724E26C}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{D120B114-CD0D-42FE-A95F-A19BFC20C400}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{72C39C5D-9F86-4721-87D1-30B78DD6B0B8}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{590ABD20-6DDC-4F59-BA09-CFFDCB033208}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= UDP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis
"UDP Query User{9239A72F-386F-46EF-825A-2B2935A6529E}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= TCP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis
"TCP Query User{B182F18B-4D2D-4A5F-AB64-EA46EA2C08A0}c:\\users\\ari\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\ari\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{39A5F3C3-9717-46B8-B60B-FF96E1F743BD}c:\\users\\ari\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\ari\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{40231066-03DC-45D2-9C5F-21AC61429862}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A33D2FD3-C5DB-4F12-9784-DEF4F0811BD5}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{D026144B-8EE5-4E85-BFD0-73BB3C616538}c:\\program files\\steam\\steamapps\\scabiez\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\diprip warm up\hl2.exe:hl2
"UDP Query User{CAF230A6-C98D-4342-B5D2-0831DCC20529}c:\\program files\\steam\\steamapps\\scabiez\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\diprip warm up\hl2.exe:hl2
"TCP Query User{D59E0331-22AF-44C4-8975-223F09F80B1E}c:\\program files\\steam\\steamapps\\scabiez\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\age of chivalry\hl2.exe:hl2
"UDP Query User{43E4087D-DC27-4CB9-996F-07069157EB2A}c:\\program files\\steam\\steamapps\\scabiez\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\age of chivalry\hl2.exe:hl2
"TCP Query User{93885717-6A7E-44F7-A942-DCC99F49356B}c:\\program files\\steam\\steamapps\\scabiez\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\scabiez\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{7B34C48E-65DE-40C5-9E73-3D42584527A6}c:\\program files\\steam\\steamapps\\scabiez\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\scabiez\dedicated server\hlds.exe:HLDS Launcher
"{71608032-9372-4A06-BE11-CD7EB6FE1374}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{572F84C4-4A74-43A1-BE9A-39BA15D3190B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{725E52CE-05D9-4779-A609-D43820C446FB}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{14EF038E-0B87-4DD1-9F04-23B647481A21}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{6961A76B-5F58-4D8C-98A5-9EE7D194A060}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{EED587F1-6C7A-4C4C-A467-79550102D046}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{02C784BA-522D-4C40-917C-278A8C245F24}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9696E838-E61C-46C1-832B-75AE26CE082C}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{F1880216-D111-4A00-B2F8-6185369733C9}c:\\program files\\electronic arts\\battlefield 2142 deluxe edition\\firststrike.exe"= UDP:c:\program files\electronic arts\battlefield 2142 deluxe edition\firststrike.exe:FirstStrike
"UDP Query User{F3BA2DDD-7791-4F8D-A58D-E90CD9AFC50D}c:\\program files\\electronic arts\\battlefield 2142 deluxe edition\\firststrike.exe"= TCP:c:\program files\electronic arts\battlefield 2142 deluxe edition\firststrike.exe:FirstStrike
"TCP Query User{8D87A3DB-A270-4265-8884-2F14E2B2E5A0}c:\\soldat\\soldat.exe"= UDP:c:\soldat\soldat.exe:Soldat
"UDP Query User{C232774B-3E31-4BB1-BE50-480D0C4C4D30}c:\\soldat\\soldat.exe"= TCP:c:\soldat\soldat.exe:Soldat
"{14B5D685-B2E6-4559-9D1E-E75FB1C4D611}"= UDP:6112:Blizzard Downloader: 6112
"33f9e889-b660-43fb-9a99-50af8a99eeb5"= UDP:6881|LPort=6882|LPort=6883|LPort=6884|LPort=6885|LPort=6886|LPort=6887|LPort=6888|LPort=6889|LPort=6890|LPort=6891|LPort=6892|LPort=6893|LPort=6894|LPort=6895|LPort=6896|LPort=6897|LPort=6898|LPort=6899|LPort=6900|LPort=6901|LPort=6902|LPort=6903|LPort=6904|LPort=6905|LPort=6906|LPort=6907|LPort=6908|LPort=6909|LPort=6910|LPort=6911|LPort=6912|LPort=6913|LPort=6914|LPort=6915|LPort=6916|LPort=6917|LPort=6918|LPort=6919|LPort=6920|LPort=6921|LPort=6922|LPort=6923|LPort=6924|LPort=6925|LPort=6926|LPort=6927|LPort=6928|LPort=6929|LPort=6930|LPort=6931|LPort=6932|LPort=6933|LPort=6934|LPort=6935|LPort=6936|LPort=6937|LPort=6938|LPort=6939|LPort=6940|LPort=6941|LPort=6942|LPort=6943|LPort=6944|LPort=6945|LPort=6946|LPort=6947|LPort=6948|LPort=6949|LPort=6950|LPort=6951|LPort=6952|LPort=6953|LPort=6954|LPort=6955|LPort=6956|LPort=6957|LPort=6958|LPort=6959|LPort=6960|LPort=6961|LPort=6962|LPort=6963|LPort=6964|LPort=6965|LPort=6966|LPort=6967|LPort=6968|LPort=6969|LPort=6970|LPort=6971|LPort=6972|LPort=6973|LPort=6974|LPort=6975|LPort=6976|LPort=6977|LPort=6978|LPort=6979|LPort=6980|LPort=6981|LPort=6982|LPort=6983|LPort=6984|LPort=6985|LPort=6986|LPort=6987|LPort=6988|LPort=6989|LPort=6990|LPort=6991|LPort=6992|LPort=6993|LPort=6994|LPort=6995|LPort=6996|LPort=6997|LPort=6998|LPort=6999:Blizzard Downloader: 6881-6999
"TCP Query User{422057EB-3266-414D-A1CB-260A465A9BD5}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 52169ed0\\launcher.exe"= UDP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 52169ed0\launcher.exe:launcher.exe
"UDP Query User{445D4B75-2694-4F97-A4D2-195885F7D4B6}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 52169ed0\\launcher.exe"= TCP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 52169ed0\launcher.exe:launcher.exe
"{A42B2316-F6A5-4363-8BAD-208A43CDDBCF}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV
"{86222767-AC1A-4879-AE5F-A77D237AFE8A}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV
"{2AD484B2-6A85-4EE4-9912-450AC42BDDC5}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords
"{83923844-F594-4670-9E39-B8A87BBDC0C9}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords
"{A4917EBB-F396-4ADF-8D47-ADF4E5449A37}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords
"{71E376DF-65ED-42B9-948B-A0D315E7C3FE}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords
"{BE237F3D-76FF-49C7-8350-C1F49D6B4B22}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{4C0AC28F-9D22-4862-91B7-BE558667216C}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{14128FC7-1083-4C8E-81F9-73AD1F3AB4F3}l:\\techwizard.exe"= UDP:L:\techwizard.exe:FiOS Video Tech Wizard
"UDP Query User{294BBE7E-0316-4A08-9C4B-BF61E1DD9938}l:\\techwizard.exe"= TCP:L:\techwizard.exe:FiOS Video Tech Wizard
"TCP Query User{4BFDD0AB-58E9-4BD1-9017-A86A1BB00093}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 243b7848\\launcher.exe"= UDP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 243b7848\launcher.exe:launcher.exe
"UDP Query User{C9E60BE9-1BCC-4E9B-B134-5FBAF35B14EF}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 243b7848\\launcher.exe"= TCP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 243b7848\launcher.exe:launcher.exe
"{033E5307-DCB4-4EDD-AAFE-197CDFD171CC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{E1B53981-AEBB-4DB0-B419-901EC7578EE6}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{9E5A5B53-0208-4E5F-A2D2-58F2DB032CE2}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{5354BC5B-1710-4697-8D3D-87865E4CEF00}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{AB091D87-10EB-4507-A7B7-A656A70F4114}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{41D90F4A-0F30-432E-8A4D-6D1B2985A84D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FA81C908-D27E-47B6-89DE-FC04DE070B8F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{6A169CF9-95AD-4108-A775-578FEE71E37E}c:\\program files\\darkfall\\lobby.exe"= UDP:c:\program files\darkfall\lobby.exe:Lobby
"UDP Query User{5B2D7683-ADEC-4049-B565-65AC5812223E}c:\\program files\\darkfall\\lobby.exe"= TCP:c:\program files\darkfall\lobby.exe:Lobby
"TCP Query User{36003EA0-C00F-4314-9823-6E94C885A9F0}c:\\program files\\darkfall\\jre\\bin\\tnameserv.exe"= UDP:c:\program files\darkfall\jre\bin\tnameserv.exe:Java(TM) Platform SE binary
"UDP Query User{81352B79-0A86-44A1-9042-481A6476895F}c:\\program files\\darkfall\\jre\\bin\\tnameserv.exe"= TCP:c:\program files\darkfall\jre\bin\tnameserv.exe:Java(TM) Platform SE binary
"TCP Query User{C47E44CB-03AE-4E4A-AEDD-D33E09B5A50C}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{514831F6-8517-4CC0-BEDC-C9D994F615EF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{782C868C-3892-43B2-BA48-15FB03C86DBB}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9B0C3BCE-2443-4BD6-B7C4-B53CDC00061F}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8B54910B-8B60-4DDA-92A9-3EDBD85F9150}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{1BC4DE9D-AF06-45A0-899B-D76EF5BB2D6E}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"{6B6522A1-A1C4-42B1-A83E-398AE35E47B0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2D1F3934-D3AE-480A-B318-A5DFE2FC385B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{794D79A9-CFC5-4B1B-A2A6-99BADC8B9C6D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{28097EF7-D517-4528-8312-0EC6769A3FC2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{05F07A48-FCB9-4A91-A445-4D2ED1D062FC}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EE549C06-9EC5-468C-AAFC-9EAB5B8BF838}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A1F1DB93-21E4-45D6-82BE-D7FE809E45A3}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{1C5A73BD-045D-402C-B85F-E435636EEA35}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{C06CC4B1-D142-4860-9D47-02B5D2C1BAC7}c:\\users\\ari\\desktop\\age of empires\\empires.exe"= UDP:c:\users\ari\desktop\age of empires\empires.exe:empires.exe
"UDP Query User{2BB53D35-0B29-4373-A51D-24C8FCDA7C45}c:\\users\\ari\\desktop\\age of empires\\empires.exe"= TCP:c:\users\ari\desktop\age of empires\empires.exe:empires.exe
"TCP Query User{B80F2341-66B4-47E0-9924-F937E93B23EA}c:\\users\\ari\\desktop\\age of empires\\empiresx.exe"= UDP:c:\users\ari\desktop\age of empires\empiresx.exe:empiresx.exe
"UDP Query User{98B74674-E073-4A65-9AAD-C2E2D784CC5B}c:\\users\\ari\\desktop\\age of empires\\empiresx.exe"= TCP:c:\users\ari\desktop\age of empires\empiresx.exe:empiresx.exe
"TCP Query User{87DEFC74-EBC3-40AC-8491-2FCC4559E0BA}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{68ED65BA-BDA7-44B4-9180-61CC27C7EA4A}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{C61B7D6F-0924-43EA-9481-388B95970610}c:\\program files\\age of empires\\empiresx.exe"= UDP:c:\program files\age of empires\empiresx.exe:Age of Empires, the Rise of Rome
"UDP Query User{931BC194-B182-468F-9B5F-F5FEC228743A}c:\\program files\\age of empires\\empiresx.exe"= TCP:c:\program files\age of empires\empiresx.exe:Age of Empires, the Rise of Rome
"TCP Query User{EB01F78A-5C72-46A6-8413-3F1C978453BD}c:\\program files\\age of empires\\empires.exe"= UDP:c:\program files\age of empires\empires.exe:Age of Empires
"UDP Query User{3BAE38C4-DFF4-4825-B255-3056DD7C1DD1}c:\\program files\\age of empires\\empires.exe"= TCP:c:\program files\age of empires\empires.exe:Age of Empires
"TCP Query User{4E595D04-8630-48EC-9819-E56D6FE93CBF}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"UDP Query User{9CD66308-F2E3-46F7-A535-DFF6F496E348}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"TCP Query User{23788DE8-B848-4D5E-9D23-26F5B7397840}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"UDP Query User{4410BB42-5AA9-4D0D-BB97-023228643E3F}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"TCP Query User{6C3FCC59-5040-4BF8-8892-053680F14621}c:\\program files\\darkfall\\lobby.exe"= UDP:c:\program files\darkfall\lobby.exe:Lobby
"UDP Query User{346F0869-CA9A-477C-A74D-F2BFDEAF02F1}c:\\program files\\darkfall\\lobby.exe"= TCP:c:\program files\darkfall\lobby.exe:Lobby
"TCP Query User{75DB2E71-5AEF-4879-B10C-1674A0A021ED}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{881F17AF-5548-4D31-AC6C-A3BC08636854}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"TCP Query User{072314D1-21B8-44E3-BBEA-BDC1469C2BE0}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{1AFDD677-A0EA-4B9B-8CB9-BF4FED716E41}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{F9D024D6-6D72-4802-8FD0-C675B636D6CD}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{EA8D24BE-B4FB-4969-BEB5-810534C2EC75}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"{78D7AA89-5D8A-4C00-94DB-5C3160F327C7}"= UDP:c:\program files\Steam\steamapps\common\wanted - weapons of fate\Wanted.exe:Wanted: Weapons of Fate
"{137992F3-656B-4367-8E03-714A636CE75F}"= TCP:c:\program files\Steam\steamapps\common\wanted - weapons of fate\Wanted.exe:Wanted: Weapons of Fate
"{A8B955D1-C8EB-44F7-AC2A-7D67AD76CFB9}"= UDP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{237FB32A-78D5-4BAE-B85A-FFB8A32C5AAE}"= TCP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{9F7FDE0E-E01E-4A11-A350-732EC5998295}"= UDP:c:\users\Ari\Desktop\utorrent.exe:µTorrent (TCP-In)
"{2E4CFCB6-C1C6-457A-B485-72B58D1FA121}"= TCP:c:\users\Ari\Desktop\utorrent.exe:µTorrent (UDP-In)
"{ED37B5BB-99BC-4FCA-AD11-F4612E72AC34}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{9FB27238-930F-4075-8622-3BBC92517BFE}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{9E2AA1EF-425C-49EF-BFD0-59DE5A33B8E7}c:\\program files\\hogs of war\\warhogs.exe"= UDP:c:\program files\hogs of war\warhogs.exe:warhogs
"UDP Query User{783902A7-1DC5-4034-B7C9-FAA2AF93CAF7}c:\\program files\\hogs of war\\warhogs.exe"= TCP:c:\program files\hogs of war\warhogs.exe:warhogs
"{738CAA0B-04FE-41BE-961C-E8F9034F0078}"= UDP:c:\users\Ari\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{A50CC3DE-DCF3-4812-AB6E-66A2D0F90C54}"= TCP:c:\users\Ari\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"TCP Query User{34DE80EE-BED2-4A4D-998D-856783F0745B}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"UDP Query User{70657D8C-8A97-4F18-B0FA-69D206F9B43D}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"{EDFA91F4-9649-4F22-AA3E-275B6FB82C79}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{FA12966C-A2C3-4F9F-B864-22C96FEC122C}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{AF19147C-FD48-4616-8D13-140F7EA4FCA0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{58EE6E85-49A1-463F-B5A7-064ADCB8B43D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{1F4BC3D6-5F76-49EF-BE86-3AAD3BFC1A7A}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{34C7DBDE-2DA7-4938-9D9F-4CFBF007C50E}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E4228362-46C8-4B8C-9D69-A2D6EC98D52C}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{77D976EF-063A-4543-947A-727BD42FB5C9}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{131D5EFA-D12B-43DA-9331-EC6B42FAE693}c:\\program files\\steam\\steamapps\\common\\arma armed assault\\beta\\arma.exe"= UDP:c:\program files\steam\steamapps\common\arma armed assault\beta\arma.exe:ArmA
"UDP Query User{458FFC84-256F-4F19-91EE-68F184383E21}c:\\program files\\steam\\steamapps\\common\\arma armed assault\\beta\\arma.exe"= TCP:c:\program files\steam\steamapps\common\arma armed assault\beta\arma.exe:ArmA
"{12B9AEBC-C344-4BB4-97E4-229F3467F35A}"= UDP:c:\program files\Steam\steamapps\common\arma armed assault\arma.exe:ArmA: Armed Assault
"{69BF6E07-2A98-456C-AF45-05EB145475FA}"= TCP:c:\program files\Steam\steamapps\common\arma armed assault\arma.exe:ArmA: Armed Assault
"{83D885A7-2851-4A19-A3DB-82E2B16766F6}"= UDP:c:\program files\Steam\steamapps\common\arma armed assault\arma_server.exe:ArmA: Armed Assault
"{1EFE2FE8-86D1-47A6-B3D6-1DA648CD5CD0}"= TCP:c:\program files\Steam\steamapps\common\arma armed assault\arma_server.exe:ArmA: Armed Assault
"TCP Query User{DA9A4C30-458E-4AEC-85B4-54890D53C6C9}c:\\program files\\codemasters\\overlord\\overlord.exe"= UDP:c:\program files\codemasters\overlord\overlord.exe:Overlord
"UDP Query User{1CB4D30A-4F60-48FD-9359-3D0F376F7881}c:\\program files\\codemasters\\overlord\\overlord.exe"= TCP:c:\program files\codemasters\overlord\overlord.exe:Overlord
"TCP Query User{8FB4A697-2C30-4919-82B9-74F7D5B37B4E}c:\\dynamix\\tribes\\tribes.exe"= UDP:c:\dynamix\tribes\tribes.exe:Tribes
"UDP Query User{C4971F03-5EB3-4A44-9CC8-8D4820001E3E}c:\\dynamix\\tribes\\tribes.exe"= TCP:c:\dynamix\tribes\tribes.exe:Tribes
"{18D1DCF8-8097-44DC-8BF8-CFC222E026ED}"= UDP:c:\program files\Steam\steamapps\common\wolfenstein 3d\Wolf3d.bat:Wolfenstein 3D
"{BC004A19-8D25-4EAF-BFE3-E8540A286B70}"= TCP:c:\program files\Steam\steamapps\common\wolfenstein 3d\Wolf3d.bat:Wolfenstein 3D
"{17F6DFFE-1D08-48F0-85DF-E50A171EB6F1}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{8926BA5C-EEEC-4C4A-A7F5-9FE5A09970CE}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\Ari\\AppData\\Local\\Temp\\win27E5.tmp.exe"= c:\users\Ari\AppData\Local\Temp\win27E5.tmp.exe:*:Enabled:win27E5.tmp

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-14 325128]
R3 oflpydin;oflpydin; [x]
R3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2006-11-02 7168]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-20 130936]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-14 107272]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db25653f-2625-11de-8ce8-0013d4ca3f81}]
\shell\AutoRun\command - G:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\User_Feed_Synchronization-{4E4D0663-F650-472E-9B95-E3C95019F53E}.job
- c:\windows\system32\msfeedssync.exe [2008-07-20 07:33]
.
- - - - ORPHANS REMOVED - - - -

Notify-gebxvww - gebxvww.dll

.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3A51C9E1-ECB9-4E0F-AD95-3075864F3DB1} = 71.250.0.12,68.237.161.12
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.14.0.cab
FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 11:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-215139384-1497984128-1827781979-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,f2,b3,a7,32,7b,34,27,51,9b,5c,94,18,ee,63,69,48,a2,c1,df,aa,fe,15,
13,44,42,97,d7,27,a1,9d,22,a6,16,92,e2,fb,3d,9d,20,c7,5c,e3,56,46,1a,86,b9,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-215139384-1497984128-1827781979-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,66,33,5f,dd,66,c9,9a,ba,a3,a2,2c,68,43,ae,65,ac,f8,ec,39,92,
42,b7,14,af,40,7b,b3,60,42,13,fa,93,53,0f,29,65,18,c2,30,03,41,41,9c,64,fe,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-04-28 11:55
ComboFix-quarantined-files.txt 2009-04-28 15:55

Pre-Run: 57,788,784,640 bytes free
Post-Run: 57,867,964,416 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
598 --- E O F --- 2009-04-23 01:05

Ried · 04-28-2009, 09:09 PM

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{C69E4071-F912-420F-8AD3-B483FAE02C4D}c:\\stubinstaller.exe"=-
"TCP Query User{7F344D5C-766F-4732-8D85-88115E029EEB}c:\\stubinstaller.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\Ari\\AppData\\Local\\Temp\\win27E5.tmp.exe"=-

Driver::
oflpydin

FixCSet::

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Post the contents of the log along with an update on system behavior.

xstation14 · 04-29-2009, 09:48 AM

There were some weird processes running after the computer restarted after running ComboFix. I managed to get a pic of some of them, but since I can only PrintScreen 1 image at a time I didn't manage to get an image of every process.

http://img524.imageshack.us/img524/3937/hmmw.jpg

Also, ComboFix said to not run any programs after it restarted, but I have startup programs that I couldn't stop from opening in time, so I hope it didn't effect the scan in any way.

ComboFix 09-04-28.07 - Ari 04/29/2009 11:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2475 [GMT -4:00]
Running from: c:\users\Ari\Desktop\ComboFix.exe
Command switches used :: c:\users\Ari\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-27 01:48 . 2009-04-27 01:48 -------- d-----w c:\users\Ari\save
2009-04-26 19:37 . 2009-04-26 19:41 -------- d-----w c:\users\Ari\AppData\Local\WarRockDF
2009-04-22 21:15 . 2009-04-22 21:15 -------- d-----w c:\program files\GamersFirst
2009-04-20 20:10 . 2009-04-20 20:10 -------- d-----w c:\program files\Counter-Strike 2D
2009-04-20 18:53 . 2009-04-20 19:06 77492 ----a-w c:\windows\War3Unin.dat
2009-04-20 18:53 . 2009-04-20 19:02 2829 ----a-w c:\windows\War3Unin.pif
2009-04-20 18:53 . 2009-04-20 19:02 139264 ----a-w c:\windows\War3Unin.exe
2009-04-20 18:49 . 2009-04-20 19:11 -------- d-----w c:\program files\Warcraft III
2009-04-19 21:43 . 2009-04-19 21:43 -------- d-----w c:\program files\Codemasters
2009-04-17 04:26 . 2009-04-17 19:57 -------- d-----w c:\users\Ari\AppData\Local\ArmA
2009-04-17 03:57 . 2009-04-17 03:58 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-11 02:30 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-11 02:30 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-11 02:30 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-11 02:30 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-11 02:30 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-11 02:30 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-11 02:30 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-11 01:57 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-11 01:57 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-11 01:57 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-11 01:56 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-11 01:56 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-11 01:51 . 2009-04-11 01:51 -------- d-----w c:\users\Ari\AppData\Roaming\DAEMON Tools Pro
2009-04-10 19:16 . 2009-04-10 19:16 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-10 19:16 . 2009-04-10 19:16 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-10 19:15 . 2009-04-10 19:15 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-10 19:15 . 2009-04-11 01:51 -------- d-----w c:\users\Ari\AppData\Roaming\DAEMON Tools Lite
2009-04-10 19:13 . 2009-04-10 19:13 -------- d-----w c:\users\Ari\KoToRsaves
2009-04-10 17:25 . 2009-04-10 17:25 3184 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-04-09 22:33 . 2009-04-09 22:35 -------- d-----w c:\users\Ari\AppData\Roaming\Amazon
2009-04-09 22:33 . 2009-04-09 22:35 -------- d-----w c:\program files\Amazon
2009-04-09 22:03 . 2008-07-31 14:41 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll
2009-04-09 22:03 . 2008-07-31 14:40 509448 ----a-w c:\windows\system32\XAudio2_2.dll
2009-04-09 22:03 . 2008-07-31 14:41 238088 ----a-w c:\windows\system32\xactengine3_2.dll
2009-04-09 22:03 . 2008-07-12 12:18 1493528 ----a-w c:\windows\system32\D3DCompiler_39.dll
2009-04-09 22:03 . 2008-07-12 12:18 467984 ----a-w c:\windows\system32\d3dx10_39.dll
2009-04-09 21:54 . 2009-04-09 21:54 -------- d-----w c:\windows\A3194B3EEEC444EE85199DEB0AAC904B.TMP
2009-04-09 21:46 . 2009-04-09 21:46 -------- d-----w c:\program files\1C
2009-04-09 19:27 . 2009-04-09 19:27 -------- d-----w c:\programdata\id Software
2009-04-09 19:27 . 2009-04-09 19:27 -------- d-----w c:\users\All Users\id Software
2009-04-09 01:06 . 2005-05-17 17:01 1649152 ----a-w c:\users\Ari\n_v14.exe
2009-04-05 16:52 . 2009-04-05 16:52 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 05:31 . 2009-04-05 05:31 3625 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-04-05 05:31 . 2009-04-05 05:31 3328 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp AAC Encoder.dat
2009-04-05 05:28 . 2009-04-05 05:28 -------- d-----w c:\users\Ari\AppData\Roaming\AccurateRip
2009-04-05 05:28 . 2009-04-05 05:28 14373 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-04-05 05:19 . 2009-04-05 05:19 -------- d-----w c:\users\Ari\R4 STUFF
2009-04-05 02:28 . 2009-04-05 02:31 -------- d-----w c:\program files\Hogs of War
2009-04-05 01:58 . 2009-04-05 01:58 -------- d-----w c:\program files\DNA
2009-04-05 01:58 . 2009-04-05 01:58 -------- d-----w c:\program files\AskBarDis
2009-04-05 00:04 . 2009-04-05 00:04 -------- d-----w c:\users\Ari\AppData\Roaming\InstallShield
2009-04-03 17:43 . 2009-04-03 17:43 -------- d-----w c:\users\Ari\health project
2009-04-03 17:22 . 2009-04-03 17:22 -------- d-----w c:\users\Ari\AppData\Roaming\Aventurine
2009-04-03 03:24 . 2008-10-10 08:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-03 03:24 . 2008-10-10 08:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-03 03:24 . 2008-10-10 08:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-03 03:24 . 2008-10-27 14:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-03 03:24 . 2009-04-03 03:24 -------- d-----w c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 15:35 . 2007-02-25 00:40 -------- d-----w c:\program files\Steam
2009-04-29 15:20 . 2009-03-26 21:55 -------- d-----w c:\program files\Spyware Doctor
2009-04-26 21:06 . 2007-02-25 01:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 20:58 . 2007-07-31 19:28 -------- d-----w c:\program files\Sierra
2009-04-23 01:05 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-23 01:05 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-23 01:05 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-23 01:05 . 2008-12-24 18:49 -------- d-----w c:\program files\Microsoft
2009-04-21 00:44 . 2009-02-25 22:51 -------- d-----w c:\program files\Darkfall
2009-04-20 05:56 . 2009-03-26 21:56 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-18 03:38 . 2007-08-08 17:15 -------- d-----w c:\program files\Common Files\Steam
2009-04-18 03:34 . 2007-07-14 18:27 -------- d-----w c:\program files\EA GAMES
2009-04-17 18:48 . 2007-11-29 02:18 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-17 18:48 . 2007-11-29 02:18 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-16 17:02 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-04-16 16:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 00:53 . 2009-01-25 01:22 -------- d-----w c:\program files\Xfire
2009-04-10 19:21 . 2008-11-29 22:24 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-10 17:25 . 2007-02-25 21:25 404656 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-04-09 21:54 . 2007-03-07 02:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-09 19:27 . 2007-10-04 19:23 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 19:27 . 2007-10-04 19:23 22328 ----a-w c:\users\Ari\AppData\Roaming\PnkBstrK.sys
2009-04-09 19:27 . 2007-10-04 19:23 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-09 19:27 . 2007-11-15 01:52 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 19:27 . 2007-10-04 19:23 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 05:17 . 2008-10-18 02:21 -------- d-----w c:\program files\Dyyno
2009-04-03 21:15 . 2007-07-22 18:59 15316 ----a-w c:\users\Ari\AppData\Local\d3d9caps.dat
2009-03-30 02:14 . 2009-03-30 02:14 -------- d-----w c:\program files\Realtek AC97
2009-03-30 02:07 . 2008-07-09 18:56 319488 ----a-w c:\windows\HideWin.exe
2009-03-28 22:57 . 2007-11-29 02:58 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-28 21:35 . 2007-11-15 01:32 -------- d-----w c:\program files\Electronic Arts
2009-03-28 00:29 . 2009-03-28 00:29 -------- d-----w c:\program files\Mount&Blade
2009-03-27 00:19 . 2007-08-27 03:23 -------- d-----w c:\program files\ATI Technologies
2009-03-27 00:18 . 2009-03-27 00:18 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-26 21:57 . 2009-03-26 21:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-21 21:54 . 2008-11-13 04:00 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-21 21:09 . 2009-03-21 21:09 -------- d-----w c:\program files\Bethesda Softworks
2009-03-20 21:53 . 2008-06-06 23:20 -------- d-----w c:\program files\GameSpy Arcade
2009-03-17 03:38 . 2009-04-16 16:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 16:10 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:10 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-06 21:31 . 2008-01-12 01:24 -------- d-----w c:\program files\Zune
2009-03-06 01:59 . 2009-03-06 01:56 -------- d-----w c:\program files\MediaCoder
2009-03-04 20:24 . 2007-10-06 16:02 -------- d-----w c:\program files\AGEIA Technologies
2009-03-03 04:46 . 2009-04-16 16:10 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:10 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 16:10 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 16:10 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:10 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:10 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 16:10 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:10 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:10 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:10 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:10 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 16:10 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 04:51 . 2009-03-02 04:22 -------- d-----w c:\program files\Age of Empires
2009-03-02 03:38 . 2009-03-02 03:38 -------- d-----w c:\program files\Free WMA to MP3 Converter
2009-03-02 03:33 . 2009-03-02 03:33 -------- d-----w c:\program files\Cucusoft
2009-02-28 21:17 . 2008-03-20 01:59 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:59 . 2009-02-25 22:59 4385792 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-02-25 21:36 . 2009-02-25 21:36 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:34 . 2006-11-02 10:25 159744 ----a-w c:\windows\system32\atitmmxx.dll
2009-02-25 21:34 . 2007-07-28 03:26 348160 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:34 . 2009-02-25 21:34 274432 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:34 . 2009-02-25 21:34 12288 ----a-w c:\windows\system32\atimuixx.dll
2009-02-25 21:34 . 2009-02-25 21:34 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:34 . 2009-02-25 21:34 278528 ----a-w c:\windows\system32\Ati2evxx.dll
2009-02-25 21:32 . 2009-02-25 21:32 733184 ----a-w c:\windows\system32\Ati2evxx.exe
2009-02-25 21:24 . 2009-02-25 21:24 2396160 ----a-w c:\windows\system32\atidxx32.dll
2009-02-25 21:18 . 2009-02-25 21:18 3839488 ----a-w c:\windows\system32\atiumdag.dll
2009-02-25 21:04 . 2009-02-25 21:04 11513856 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 20:56 . 2009-02-25 20:56 4944896 ----a-w c:\windows\system32\atiumdva.dll
2009-02-25 20:42 . 2009-02-25 20:42 51712 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:42 . 2009-02-25 20:42 135168 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 53248 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:36 . 2009-02-25 20:36 3235840 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 20:29 . 2009-02-25 20:29 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-14 20:59 . 2009-02-14 20:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-14 20:59 . 2009-02-14 20:59 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-14 20:59 . 2009-02-14 20:59 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-13 08:49 . 2009-04-16 16:10 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 16:10 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 03:01 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:03 . 2009-02-07 00:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 23:52 . 2009-02-06 23:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-07-23 07:41 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-14 1601304]
"Malwarebytes Anti-Malware Reboot"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 1183352]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-14 3111248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{593F94A5-39C8-4980-A218-E1859D2214EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{09C13DC2-4D2C-4580-81F1-16B124A094DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"UDP Query User{3F336042-74FE-486C-9162-073DD252A5F1}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"TCP Query User{0BC54297-8E53-4D75-879F-7650B98D9570}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"{8BDC75D0-7190-4271-BA85-2CDAC962EA1C}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"UDP Query User{B9214748-C692-4D65-B4BC-B240E420A073}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"TCP Query User{6593D91E-73B0-40AA-B7CF-9F0F39EB9062}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"UDP Query User{A5DC14CB-47CE-4C47-BA2C-2D8F6659FDA3}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{70230F11-D9C9-4CA5-B2C2-559EBCF9C0DD}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{8EBFADF0-FDFB-45D8-B8BF-A3B99D414CC9}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{234664D7-FA00-48B9-BEBA-3F079522B08F}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{38B74328-EBEE-4E3B-9155-44C5751CFAC9}c:\\program files\\steam\\steamapps\\scabiez\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\source sdk base\hl2.exe:hl2
"TCP Query User{378B9878-FDB5-4792-BBF3-C9472ED2F9F3}c:\\program files\\steam\\steamapps\\scabiez\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\source sdk base\hl2.exe:hl2
"UDP Query User{E4C1AC3E-6B02-4720-8FF0-51F58AF4D0F6}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{40C98582-AF53-44E0-87C5-4D69F32C1B3C}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{241A1805-A610-4DA6-AB42-B4C0E40F6F40}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"TCP Query User{D55023D6-591A-495A-A0B6-2D748D6E5E6E}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"UDP Query User{E03EBB8B-E9B0-4F1E-8F5B-7AFBCEDECB6B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{41EBF7ED-5F1A-4459-935B-9F72F894DA9D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{65D932D6-5529-4138-8FEF-02332C632995}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E71A4238-0629-42B6-8ED7-220467A8C204}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"UDP Query User{08B2EF77-D000-47CD-B62E-5B365F3AE60D}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B54D2400-95D4-4DC0-B7CA-9710AD42EBEB}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{ABD6E38C-AD3A-44B8-8401-06DA25B857B0}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EDD1D949-9C74-487D-ACF1-22DAAAFDE250}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"{FB2BC4EB-9B69-4826-8C9D-965681844220}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{104B7FCA-406B-4D8C-B4CB-154638572983}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{7E74EDD4-C5EE-4A7D-AE80-89C61CBD1298}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{BAC67A74-4DFE-4C19-8880-B200213BCD76}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"UDP Query User{6AE785E1-E440-4A75-B7F7-772C5580D5AF}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{9B683A8D-037F-4D02-A259-9F40F31266D9}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"{511C3018-0D5F-42C5-BA50-F828AFC2FDD1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9342A03B-37DB-447E-95F9-EE7C74880743}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{F9B43DDD-38D4-495A-9D44-CE9E8D680064}c:\\users\\ari\\desktop\\utorrent.exe"= UDP:c:\users\ari\desktop\utorrent.exe:utorrent.exe
"UDP Query User{11BB7A45-D71C-4D56-AA07-6005867BD8A4}c:\\users\\ari\\desktop\\utorrent.exe"= TCP:c:\users\ari\desktop\utorrent.exe:utorrent.exe
"TCP Query User{F4714470-1804-46DF-8893-0D236D71686D}c:\\users\\ari\\utorrent.exe"= UDP:c:\users\ari\utorrent.exe:utorrent.exe
"UDP Query User{E83BA2B3-3B21-4EFC-AF5A-A72F5109C38B}c:\\users\\ari\\utorrent.exe"= TCP:c:\users\ari\utorrent.exe:utorrent.exe
"TCP Query User{E63ADD52-A809-4A92-8132-C33122AB44EE}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C686EC16-7907-4650-ADA6-67E9A6631D0F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{94882F0C-A367-4B8A-9DA9-BE783DF8E63B}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A793E83C-EE01-4C1C-B46E-0FE77AB7B207}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{31C80C77-5598-4236-801A-9EDC6B0A47D5}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{47A36836-A377-4F02-9D95-762DA84DD348}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{B067F65B-ED4C-44AB-9CA9-3853AA341B9D}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{F14446CE-BAAD-465D-910B-92540CADEDFE}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{3081AEE6-B1BA-4840-8FAB-28CB11150F33}c:\\program files\\steam\\steamapps\\scabiez\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{5D2AD3BE-CF31-452B-AEE3-F3D04225BA0C}c:\\program files\\steam\\steamapps\\scabiez\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\team fortress classic\hl.exe:Half-Life Launcher
"{48B13944-3033-4C44-BC2B-EECBEAA3C061}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{30F3BD91-EA8E-4809-BFFD-3F6E579E619F}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{1A063F14-3024-453B-B88D-1C36AC87FAE8}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"UDP Query User{AF9F56C4-340E-4E6C-8499-DBE8CB5F2D82}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"TCP Query User{771980F4-757B-4F3F-A805-A97074DCEA07}c:\\program files\\lucasarts\\jedi knight\\jk.exe"= UDP:c:\program files\lucasarts\jedi knight\jk.exe:Jedi Knight Main Executable
"UDP Query User{49C9027C-8214-43AB-87F9-CAD9F9BC2A5E}c:\\program files\\lucasarts\\jedi knight\\jk.exe"= TCP:c:\program files\lucasarts\jedi knight\jk.exe:Jedi Knight Main Executable
"TCP Query User{DF1D14AE-8358-43ED-90C3-BBD748DFEF03}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{0C59AA35-4A3F-473C-B8D0-4B60FC7765B1}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{C2C4B06B-54B8-4FCE-A66E-874C5380983D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{099B759D-B43B-444E-BADF-42F2D36DED73}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5FE7B589-6749-460C-8BC0-106AE3835029}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{54A027FD-F8A6-46DC-9A4C-E80ACB11CCCE}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{701FB696-844B-4FFF-A145-8EBFF3674157}c:\\westwood\\nox\\game.exe"= UDP:c:\westwood\nox\game.exe:Game
"UDP Query User{863D6E83-A8CE-4EC5-AD56-37F4109527E2}c:\\westwood\\nox\\game.exe"= TCP:c:\westwood\nox\game.exe:Game
"TCP Query User{08ABEDA8-BB50-4FC6-AE2F-7F9841A639FA}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{6D8B5EDA-7951-426A-86F7-4FB1598D1470}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{4020358F-7947-4797-847B-258C4A660A3D}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{85166D01-EBED-4D8D-9514-2A5DCFD626AE}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{5E7B6149-E674-440B-836A-A9CFBFD6F238}c:\\program files\\steam\\steamapps\\scabiez\\the ship\\ship.exe"= UDP:c:\program files\steam\steamapps\scabiez\the ship\ship.exe:ship
"UDP Query User{CF5C328B-DF8E-439A-B72B-93CE6C9E4A9E}c:\\program files\\steam\\steamapps\\scabiez\\the ship\\ship.exe"= TCP:c:\program files\steam\steamapps\scabiez\the ship\ship.exe:ship
"TCP Query User{99F1CA40-C891-4107-A53F-2365F9A3D4CB}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{51839135-19A9-4480-BD43-5D1064269279}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{9A4CD9EE-7403-43BE-88DA-2E2A6AF0304F}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{737AA20F-0C0A-4C06-9524-B3EF5CD7FB49}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{F2D800FA-E512-4BFA-9C43-41444E8F3B3F}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{77FC1B6E-E5E2-494B-BEF1-B47A685802E4}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"TCP Query User{E58296AF-742B-44D3-BACD-40799DF41FA2}c:\\program files\\ubisoft\\blazing angels squadrons of wwii\\bin\\mainr.exe"= UDP:c:\program files\ubisoft\blazing angels squadrons of wwii\bin\mainr.exe:Blazing Angels
"UDP Query User{2506F346-2813-40B2-BB94-C5F50B61CD5A}c:\\program files\\ubisoft\\blazing angels squadrons of wwii\\bin\\mainr.exe"= TCP:c:\program files\ubisoft\blazing angels squadrons of wwii\bin\mainr.exe:Blazing Angels
"TCP Query User{89529CE3-0495-40C0-BBB0-6525F701F8AB}c:\\program files\\steam\\steamapps\\scabiez\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\team fortress 2\hl2.exe:hl2
"UDP Query User{D3FF2794-5BCE-40DB-B522-E7A3644DDCBF}c:\\program files\\steam\\steamapps\\scabiez\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\team fortress 2\hl2.exe:hl2
"TCP Query User{E020D995-DCAE-478E-92AE-FCAD0CE10580}c:\\program files\\dobermann\\halo zero\\halozero.exe"= UDP:c:\program files\dobermann\halo zero\halozero.exe:Halo Zero
"UDP Query User{46A9CC1B-61FE-4BDB-9E9D-BAEFDA8F2B30}c:\\program files\\dobermann\\halo zero\\halozero.exe"= TCP:c:\program files\dobermann\halo zero\halozero.exe:Halo Zero
"{80660933-72CF-4D1C-9C6F-9C6DFDA98B00}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{956A1DC1-2543-4A84-A533-C5BA30702BF0}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{682979E9-29C6-4806-874F-ED5DD71683CF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B44B30EB-591E-4151-8B45-D2712D7ACD70}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0FA5E593-E79E-4D6F-B258-4FADC6B3BB5A}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A12F501-9A0E-41A2-8237-80F29A707A2C}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"TCP Query User{79198D80-84B6-44BF-AB9F-3F2097615B92}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam
"UDP Query User{B96FA4B7-B206-41B0-8E08-6E89C316422C}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam
"TCP Query User{E011CDFB-632D-4D17-82A7-17F1E3125651}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{E64B231E-F41B-4944-8747-67FC8D4A195F}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{80BF5A2B-F663-4241-B95B-4BB4C13A08DF}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{5A602E85-2575-4528-9791-1B96D24D616F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{1C17F1DC-E51A-49FD-B97A-42312F02FF43}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{70A4FF1B-D49F-43BD-84F2-58509E0A0E6D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{B9BBE8CB-F478-49DA-B077-8941205E28DE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3C21645D-68AC-46CF-9645-B2490AF61DF4}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{0EB3621C-5660-4957-83C7-FC75F8B9CCFD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{ABF76488-D506-4415-97CC-753AF9885DCF}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{195C159C-1410-473C-AE51-18E036B55B27}c:\\program files\\steam\\steamapps\\scabiez\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{D9C0115A-E3F6-42DD-A5C7-062506BA65CE}c:\\program files\\steam\\steamapps\\scabiez\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{FC1AB5B6-E546-4ECE-96D5-C60790DAA7AC}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FCBEAEB6-6DED-4C8F-8159-23504B8387F8}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{37FA1D8C-0E14-4332-A5C6-77F0A0EF76BA}c:\\program files\\steam\\steamapps\\scabiez\\rag doll kung fu\\rag_doll_kung_fu_steam.exe"= UDP:c:\program files\steam\steamapps\scabiez\rag doll kung fu\rag_doll_kung_fu_steam.exe:Rag_Doll_Kung_Fu_Steam
"UDP Query User{1B8E9A44-544B-4752-A694-9F2BE7A11101}c:\\program files\\steam\\steamapps\\scabiez\\rag doll kung fu\\rag_doll_kung_fu_steam.exe"= TCP:c:\program files\steam\steamapps\scabiez\rag doll kung fu\rag_doll_kung_fu_steam.exe:Rag_Doll_Kung_Fu_Steam
"TCP Query User{C8B94722-F8BB-40A8-80AB-46436C69C18F}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{EB83BBAE-254A-4D52-90B9-D7D7CE841475}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{8A01051F-0F17-43FA-8538-C6E6F42FE2EE}"= UDP:c:\program files\Fury\Binaries\Fury.exe:Fury
"{7E1E36E9-6771-4D52-B76C-6B82FBE0489B}"= TCP:c:\program files\Fury\Binaries\Fury.exe:Fury
"{D227BAA3-99F6-4E26-914C-0DD9B52BD2CD}"= UDP:c:\program files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"{BFEBA8EB-600F-435C-876C-604B8206730F}"= TCP:c:\program files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"TCP Query User{02EF8991-9E91-4CBC-8115-3EEBAC160CAB}c:\\program files\\zdaemon\\zlauncher.exe"= UDP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{BDDE6D98-ADE9-4438-BA36-8670221616F6}c:\\program files\\zdaemon\\zlauncher.exe"= TCP:c:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{6484EBC9-46FF-4E9B-9D8D-5646A1A2EC5D}c:\\program files\\zdaemon\\zdaemon.exe"= UDP:c:\program files\zdaemon\zdaemon.exe:ZDaemon
"UDP Query User{20483E9D-21E7-4E0D-B8DF-F50DF0F8D603}c:\\program files\\zdaemon\\zdaemon.exe"= TCP:c:\program files\zdaemon\zdaemon.exe:ZDaemon
"TCP Query User{786FA42D-EF07-43A9-9230-4232DBA34F56}c:\\runehov\\system\\rune.exe"= UDP:c:\runehov\system\rune.exe:Rune
"UDP Query User{4C2AA890-7DA2-4BB4-9F81-B6CC444FAFF9}c:\\runehov\\system\\rune.exe"= TCP:c:\runehov\system\rune.exe:Rune
"TCP Query User{4C6E4787-9961-437D-BEB0-0FC081B834B3}c:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:c:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{B207D0CD-2C73-4198-93B9-E2446907AD12}c:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:c:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{9CEF8E67-98D6-4CE5-82CF-EB7CB771BC1E}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{D1BD75B0-4606-4A4C-BE86-D071640B78A2}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{1FECF425-5CD4-47E0-B44B-31A27C5AAA5E}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{76ACC8DB-F614-4AF0-97A9-2157E3E6DCFB}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"TCP Query User{422BBEAE-8A65-4B8D-B42D-12C72537EF27}c:\\program files\\steam\\steamapps\\common\\the club\\theclub.exe"= UDP:c:\program files\steam\steamapps\common\the club\theclub.exe:The Club
"UDP Query User{8AE7E067-BE23-44DC-A40C-2801FBC97EFB}c:\\program files\\steam\\steamapps\\common\\the club\\theclub.exe"= TCP:c:\program files\steam\steamapps\common\the club\theclub.exe:The Club
"TCP Query User{686376A5-E089-456A-9222-9DC984D02AF0}c:\\users\\ari\\appdata\\local\\temp\\rar$ex32.218\\samp-server.exe"= UDP:c:\users\ari\appdata\local\temp\rar$ex32.218\samp-server.exe:samp-server.exe
"UDP Query User{E7384033-7CA2-448B-BFDB-BD447BF3BC23}c:\\users\\ari\\appdata\\local\\temp\\rar$ex32.218\\samp-server.exe"= TCP:c:\users\ari\appdata\local\temp\rar$ex32.218\samp-server.exe:samp-server.exe
"TCP Query User{D60F3B56-3DAC-4183-9368-2BF0880E3C33}c:\\users\\ari\\appdata\\local\\temp\\rar$ex34.968\\samp-server.exe"= UDP:c:\users\ari\appdata\local\temp\rar$ex34.968\samp-server.exe:samp-server.exe
"UDP Query User{76770936-C8CB-48A1-BBB9-B674CCC187D2}c:\\users\\ari\\appdata\\local\\temp\\rar$ex34.968\\samp-server.exe"= TCP:c:\users\ari\appdata\local\temp\rar$ex34.968\samp-server.exe:samp-server.exe
"TCP Query User{36AAAB6C-A05F-4FCF-AE7C-0A1C6E3C6003}c:\\program files\\rockstar games\\gta san andreas\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp-server.exe:samp-server
"UDP Query User{A887EA43-396D-4353-941B-917C52EA00BA}c:\\program files\\rockstar games\\gta san andreas\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp-server.exe:samp-server
"TCP Query User{AE9C5DB2-1200-488E-B74A-377E4C01986D}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jampded.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jampded.exe:Jedi Academy MP Dedicated Server
"UDP Query User{2F34776F-0263-4CB8-BC65-C8197EFDA349}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jampded.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jampded.exe:Jedi Academy MP Dedicated Server
"{BF69C652-46B5-42F2-8205-EC1DB838417C}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{1AF1F6FA-4224-4907-9D9A-3B76C0738EC6}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{CB96C084-73BB-4257-9496-E53E579FF491}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B2F031C5-3593-451C-AE56-A45C328D070D}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AF2FD04F-DABD-4EDE-8F1E-08FF951BF6A8}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{362EA14A-53DF-41C0-86E2-F9255AA5BF1E}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{7597E9BE-3132-4587-B9E8-F7E11F82253E}c:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{73670725-F87A-4357-A3D0-21EAD370FD29}c:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader
"{3827EE17-E808-4C84-AFD3-B302C95B3671}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B0725D22-B39B-4751-8F6D-01214B908DD2}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{2E594EEF-F94F-460D-AF2F-745508E72AEE}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life 2\hl2.exe:hl2
"UDP Query User{C83DFF14-02E5-4ACB-ABD4-5B093484E38D}c:\\program files\\steam\\steamapps\\scabiez\\half-life 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life 2\hl2.exe:hl2
"{A5B8A5E5-BCE1-4D34-B46E-22247B80650E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E94F9BAA-C5E7-4B29-BB78-94CCE4FCE1D4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{07461DF6-DA5C-4B1B-9D4B-5BB9C7AAABC0}c:\\users\\ari\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\ari\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{D27682BD-42AF-434A-A13C-CBBD2A315AE6}c:\\users\\ari\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\ari\program files\utorrent\utorrent.exe:utorrent.exe
"{68E93548-99B2-4C3F-BE1B-932A1341E025}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{4836BB6A-E6E9-4F7A-9AC4-F0C582CB93A4}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{115A762C-E710-4DFA-BA63-10771E687BA7}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{9AA3C15F-6B0E-483A-8CCD-C33F0AC56018}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{271A29C9-E06D-45C4-BBB0-53594539369D}c:\\dynamix\\tribes\\tribes.exe"= UDP:c:\dynamix\tribes\tribes.exe:Tribes
"UDP Query User{722C1EA9-0B79-4D9B-9199-9E58C4441C72}c:\\dynamix\\tribes\\tribes.exe"= TCP:c:\dynamix\tribes\tribes.exe:Tribes
"TCP Query User{A7EA7602-370E-4F24-B5D3-EC0C5DFC3124}c:\\program files\\gamespy arcade\\aphex.exe"= UDP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"UDP Query User{B860BDFB-BCBB-48D4-B261-144A10885647}c:\\program files\\gamespy arcade\\aphex.exe"= TCP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"{468AA411-8D81-4AB8-8471-42B7C16EC8A3}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{97DDCEB7-CE00-4B59-A001-6C13B7AC2A4F}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"176baa83-0507-45da-a8e2-cac40236e15c"= %ProgramFiles%\IGZones\IGZones.exe:IGZones
"{AB068A95-9026-4DF8-B975-614486A5BDE5}"= UDP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{9AA19C76-3F52-4FE2-95A1-D7FDFCB28FF7}"= TCP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"TCP Query User{3C7765B0-CE57-423E-B49F-AC6403FFEB27}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{AD84576C-2B91-4D39-A7ED-D17568EDCB97}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"TCP Query User{11AD55A4-D377-4F2C-AB5F-640B498DD02B}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{ABE1A9BC-317E-44B6-AE54-E5DCF5016FE9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{E7703ACA-6C5F-4422-85A6-7AB18CD78447}c:\\program files\\steam\\steamapps\\scabiez\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{4761C5AF-72B6-4DB1-885B-CC6C9CD407FC}c:\\program files\\steam\\steamapps\\scabiez\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{6179FC0E-6B3D-4FEE-B072-FDBF409873FD}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{6EE20952-99CF-4B8F-88F3-9E561724E26C}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{D120B114-CD0D-42FE-A95F-A19BFC20C400}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{72C39C5D-9F86-4721-87D1-30B78DD6B0B8}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{590ABD20-6DDC-4F59-BA09-CFFDCB033208}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= UDP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis
"UDP Query User{9239A72F-386F-46EF-825A-2B2935A6529E}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= TCP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis
"TCP Query User{B182F18B-4D2D-4A5F-AB64-EA46EA2C08A0}c:\\users\\ari\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\ari\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{39A5F3C3-9717-46B8-B60B-FF96E1F743BD}c:\\users\\ari\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\ari\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{40231066-03DC-45D2-9C5F-21AC61429862}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A33D2FD3-C5DB-4F12-9784-DEF4F0811BD5}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{D026144B-8EE5-4E85-BFD0-73BB3C616538}c:\\program files\\steam\\steamapps\\scabiez\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\diprip warm up\hl2.exe:hl2
"UDP Query User{CAF230A6-C98D-4342-B5D2-0831DCC20529}c:\\program files\\steam\\steamapps\\scabiez\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\diprip warm up\hl2.exe:hl2
"TCP Query User{D59E0331-22AF-44C4-8975-223F09F80B1E}c:\\program files\\steam\\steamapps\\scabiez\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\age of chivalry\hl2.exe:hl2
"UDP Query User{43E4087D-DC27-4CB9-996F-07069157EB2A}c:\\program files\\steam\\steamapps\\scabiez\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\age of chivalry\hl2.exe:hl2
"TCP Query User{93885717-6A7E-44F7-A942-DCC99F49356B}c:\\program files\\steam\\steamapps\\scabiez\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\scabiez\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{7B34C48E-65DE-40C5-9E73-3D42584527A6}c:\\program files\\steam\\steamapps\\scabiez\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\scabiez\dedicated server\hlds.exe:HLDS Launcher
"{71608032-9372-4A06-BE11-CD7EB6FE1374}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{572F84C4-4A74-43A1-BE9A-39BA15D3190B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{725E52CE-05D9-4779-A609-D43820C446FB}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{14EF038E-0B87-4DD1-9F04-23B647481A21}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{6961A76B-5F58-4D8C-98A5-9EE7D194A060}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{EED587F1-6C7A-4C4C-A467-79550102D046}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{02C784BA-522D-4C40-917C-278A8C245F24}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9696E838-E61C-46C1-832B-75AE26CE082C}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{F1880216-D111-4A00-B2F8-6185369733C9}c:\\program files\\electronic arts\\battlefield 2142 deluxe edition\\firststrike.exe"= UDP:c:\program files\electronic arts\battlefield 2142 deluxe edition\firststrike.exe:FirstStrike
"UDP Query User{F3BA2DDD-7791-4F8D-A58D-E90CD9AFC50D}c:\\program files\\electronic arts\\battlefield 2142 deluxe edition\\firststrike.exe"= TCP:c:\program files\electronic arts\battlefield 2142 deluxe edition\firststrike.exe:FirstStrike
"TCP Query User{8D87A3DB-A270-4265-8884-2F14E2B2E5A0}c:\\soldat\\soldat.exe"= UDP:c:\soldat\soldat.exe:Soldat
"UDP Query User{C232774B-3E31-4BB1-BE50-480D0C4C4D30}c:\\soldat\\soldat.exe"= TCP:c:\soldat\soldat.exe:Soldat
"{14B5D685-B2E6-4559-9D1E-E75FB1C4D611}"= UDP:6112:Blizzard Downloader: 6112
"33f9e889-b660-43fb-9a99-50af8a99eeb5"= UDP:6881|LPort=6882|LPort=6883|LPort=6884|LPort=6885|LPort=6886|LPort=6887|LPort=6888|LPort=6889|LPort=6890|LPort=6891|LPort=6892|LPort=6893|LPort=6894|LPort=6895|LPort=6896|LPort=6897|LPort=6898|LPort=6899|LPort=6900|LPort=6901|LPort=6902|LPort=6903|LPort=6904|LPort=6905|LPort=6906|LPort=6907|LPort=6908|LPort=6909|LPort=6910|LPort=6911|LPort=6912|LPort=6913|LPort=6914|LPort=6915|LPort=6916|LPort=6917|LPort=6918|LPort=6919|LPort=6920|LPort=6921|LPort=6922|LPort=6923|LPort=6924|LPort=6925|LPort=6926|LPort=6927|LPort=6928|LPort=6929|LPort=6930|LPort=6931|LPort=6932|LPort=6933|LPort=6934|LPort=6935|LPort=6936|LPort=6937|LPort=6938|LPort=6939|LPort=6940|LPort=6941|LPort=6942|LPort=6943|LPort=6944|LPort=6945|LPort=6946|LPort=6947|LPort=6948|LPort=6949|LPort=6950|LPort=6951|LPort=6952|LPort=6953|LPort=6954|LPort=6955|LPort=6956|LPort=6957|LPort=6958|LPort=6959|LPort=6960|LPort=6961|LPort=6962|LPort=6963|LPort=6964|LPort=6965|LPort=6966|LPort=6967|LPort=6968|LPort=6969|LPort=6970|LPort=6971|LPort=6972|LPort=6973|LPort=6974|LPort=6975|LPort=6976|LPort=6977|LPort=6978|LPort=6979|LPort=6980|LPort=6981|LPort=6982|LPort=6983|LPort=6984|LPort=6985|LPort=6986|LPort=6987|LPort=6988|LPort=6989|LPort=6990|LPort=6991|LPort=6992|LPort=6993|LPort=6994|LPort=6995|LPort=6996|LPort=6997|LPort=6998|LPort=6999:Blizzard Downloader: 6881-6999
"TCP Query User{422057EB-3266-414D-A1CB-260A465A9BD5}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 52169ed0\\launcher.exe"= UDP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 52169ed0\launcher.exe:launcher.exe
"UDP Query User{445D4B75-2694-4F97-A4D2-195885F7D4B6}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 52169ed0\\launcher.exe"= TCP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 52169ed0\launcher.exe:launcher.exe
"{A42B2316-F6A5-4363-8BAD-208A43CDDBCF}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV
"{86222767-AC1A-4879-AE5F-A77D237AFE8A}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV
"{2AD484B2-6A85-4EE4-9912-450AC42BDDC5}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords
"{83923844-F594-4670-9E39-B8A87BBDC0C9}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords
"{A4917EBB-F396-4ADF-8D47-ADF4E5449A37}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords
"{71E376DF-65ED-42B9-948B-A0D315E7C3FE}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords
"{BE237F3D-76FF-49C7-8350-C1F49D6B4B22}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{4C0AC28F-9D22-4862-91B7-BE558667216C}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{14128FC7-1083-4C8E-81F9-73AD1F3AB4F3}l:\\techwizard.exe"= UDP:L:\techwizard.exe:FiOS Video Tech Wizard
"UDP Query User{294BBE7E-0316-4A08-9C4B-BF61E1DD9938}l:\\techwizard.exe"= TCP:L:\techwizard.exe:FiOS Video Tech Wizard
"TCP Query User{4BFDD0AB-58E9-4BD1-9017-A86A1BB00093}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 243b7848\\launcher.exe"= UDP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 243b7848\launcher.exe:launcher.exe
"UDP Query User{C9E60BE9-1BCC-4E9B-B134-5FBAF35B14EF}c:\\users\\ari\\appdata\\local\\temp\\blizzard launcher temporary - 243b7848\\launcher.exe"= TCP:c:\users\ari\appdata\local\temp\blizzard launcher temporary - 243b7848\launcher.exe:launcher.exe
"{033E5307-DCB4-4EDD-AAFE-197CDFD171CC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{E1B53981-AEBB-4DB0-B419-901EC7578EE6}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{9E5A5B53-0208-4E5F-A2D2-58F2DB032CE2}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{5354BC5B-1710-4697-8D3D-87865E4CEF00}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{AB091D87-10EB-4507-A7B7-A656A70F4114}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{41D90F4A-0F30-432E-8A4D-6D1B2985A84D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FA81C908-D27E-47B6-89DE-FC04DE070B8F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{6A169CF9-95AD-4108-A775-578FEE71E37E}c:\\program files\\darkfall\\lobby.exe"= UDP:c:\program files\darkfall\lobby.exe:Lobby
"UDP Query User{5B2D7683-ADEC-4049-B565-65AC5812223E}c:\\program files\\darkfall\\lobby.exe"= TCP:c:\program files\darkfall\lobby.exe:Lobby
"TCP Query User{36003EA0-C00F-4314-9823-6E94C885A9F0}c:\\program files\\darkfall\\jre\\bin\\tnameserv.exe"= UDP:c:\program files\darkfall\jre\bin\tnameserv.exe:Java(TM) Platform SE binary
"UDP Query User{81352B79-0A86-44A1-9042-481A6476895F}c:\\program files\\darkfall\\jre\\bin\\tnameserv.exe"= TCP:c:\program files\darkfall\jre\bin\tnameserv.exe:Java(TM) Platform SE binary
"TCP Query User{C47E44CB-03AE-4E4A-AEDD-D33E09B5A50C}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{514831F6-8517-4CC0-BEDC-C9D994F615EF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{782C868C-3892-43B2-BA48-15FB03C86DBB}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9B0C3BCE-2443-4BD6-B7C4-B53CDC00061F}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8B54910B-8B60-4DDA-92A9-3EDBD85F9150}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{1BC4DE9D-AF06-45A0-899B-D76EF5BB2D6E}c:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"{6B6522A1-A1C4-42B1-A83E-398AE35E47B0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2D1F3934-D3AE-480A-B318-A5DFE2FC385B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{794D79A9-CFC5-4B1B-A2A6-99BADC8B9C6D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{28097EF7-D517-4528-8312-0EC6769A3FC2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{05F07A48-FCB9-4A91-A445-4D2ED1D062FC}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EE549C06-9EC5-468C-AAFC-9EAB5B8BF838}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A1F1DB93-21E4-45D6-82BE-D7FE809E45A3}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{1C5A73BD-045D-402C-B85F-E435636EEA35}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{C06CC4B1-D142-4860-9D47-02B5D2C1BAC7}c:\\users\\ari\\desktop\\age of empires\\empires.exe"= UDP:c:\users\ari\desktop\age of empires\empires.exe:empires.exe
"UDP Query User{2BB53D35-0B29-4373-A51D-24C8FCDA7C45}c:\\users\\ari\\desktop\\age of empires\\empires.exe"= TCP:c:\users\ari\desktop\age of empires\empires.exe:empires.exe
"TCP Query User{B80F2341-66B4-47E0-9924-F937E93B23EA}c:\\users\\ari\\desktop\\age of empires\\empiresx.exe"= UDP:c:\users\ari\desktop\age of empires\empiresx.exe:empiresx.exe
"UDP Query User{98B74674-E073-4A65-9AAD-C2E2D784CC5B}c:\\users\\ari\\desktop\\age of empires\\empiresx.exe"= TCP:c:\users\ari\desktop\age of empires\empiresx.exe:empiresx.exe
"TCP Query User{87DEFC74-EBC3-40AC-8491-2FCC4559E0BA}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{68ED65BA-BDA7-44B4-9180-61CC27C7EA4A}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{C61B7D6F-0924-43EA-9481-388B95970610}c:\\program files\\age of empires\\empiresx.exe"= UDP:c:\program files\age of empires\empiresx.exe:Age of Empires, the Rise of Rome
"UDP Query User{931BC194-B182-468F-9B5F-F5FEC228743A}c:\\program files\\age of empires\\empiresx.exe"= TCP:c:\program files\age of empires\empiresx.exe:Age of Empires, the Rise of Rome
"TCP Query User{EB01F78A-5C72-46A6-8413-3F1C978453BD}c:\\program files\\age of empires\\empires.exe"= UDP:c:\program files\age of empires\empires.exe:Age of Empires
"UDP Query User{3BAE38C4-DFF4-4825-B255-3056DD7C1DD1}c:\\program files\\age of empires\\empires.exe"= TCP:c:\program files\age of empires\empires.exe:Age of Empires
"TCP Query User{4E595D04-8630-48EC-9819-E56D6FE93CBF}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"UDP Query User{9CD66308-F2E3-46F7-A535-DFF6F496E348}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike source\hl2.exe:hl2
"TCP Query User{23788DE8-B848-4D5E-9D23-26F5B7397840}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"UDP Query User{4410BB42-5AA9-4D0D-BB97-023228643E3F}c:\\program files\\steam\\steamapps\\scabiez\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\scabiez\garrysmod\hl2.exe:hl2
"TCP Query User{6C3FCC59-5040-4BF8-8892-053680F14621}c:\\program files\\darkfall\\lobby.exe"= UDP:c:\program files\darkfall\lobby.exe:Lobby
"UDP Query User{346F0869-CA9A-477C-A74D-F2BFDEAF02F1}c:\\program files\\darkfall\\lobby.exe"= TCP:c:\program files\darkfall\lobby.exe:Lobby
"TCP Query User{75DB2E71-5AEF-4879-B10C-1674A0A021ED}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{881F17AF-5548-4D31-AC6C-A3BC08636854}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"TCP Query User{072314D1-21B8-44E3-BBEA-BDC1469C2BE0}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{1AFDD677-A0EA-4B9B-8CB9-BF4FED716E41}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"TCP Query User{F9D024D6-6D72-4802-8FD0-C675B636D6CD}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{EA8D24BE-B4FB-4969-BEB5-810534C2EC75}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"{78D7AA89-5D8A-4C00-94DB-5C3160F327C7}"= UDP:c:\program files\Steam\steamapps\common\wanted - weapons of fate\Wanted.exe:Wanted: Weapons of Fate
"{137992F3-656B-4367-8E03-714A636CE75F}"= TCP:c:\program files\Steam\steamapps\common\wanted - weapons of fate\Wanted.exe:Wanted: Weapons of Fate
"{A8B955D1-C8EB-44F7-AC2A-7D67AD76CFB9}"= UDP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{237FB32A-78D5-4BAE-B85A-FFB8A32C5AAE}"= TCP:c:\program files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:Star Wars(TM): Republic Commando(TM)
"{9F7FDE0E-E01E-4A11-A350-732EC5998295}"= UDP:c:\users\Ari\Desktop\utorrent.exe:µTorrent (TCP-In)
"{2E4CFCB6-C1C6-457A-B485-72B58D1FA121}"= TCP:c:\users\Ari\Desktop\utorrent.exe:µTorrent (UDP-In)
"{ED37B5BB-99BC-4FCA-AD11-F4612E72AC34}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{9FB27238-930F-4075-8622-3BBC92517BFE}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{9E2AA1EF-425C-49EF-BFD0-59DE5A33B8E7}c:\\program files\\hogs of war\\warhogs.exe"= UDP:c:\program files\hogs of war\warhogs.exe:warhogs
"UDP Query User{783902A7-1DC5-4034-B7C9-FAA2AF93CAF7}c:\\program files\\hogs of war\\warhogs.exe"= TCP:c:\program files\hogs of war\warhogs.exe:warhogs
"{738CAA0B-04FE-41BE-961C-E8F9034F0078}"= UDP:c:\users\Ari\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{A50CC3DE-DCF3-4812-AB6E-66A2D0F90C54}"= TCP:c:\users\Ari\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"TCP Query User{34DE80EE-BED2-4A4D-998D-856783F0745B}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"UDP Query User{70657D8C-8A97-4F18-B0FA-69D206F9B43D}c:\\program files\\steam\\steamapps\\scabiez\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\half-life\hl.exe:Half-Life Launcher
"{EDFA91F4-9649-4F22-AA3E-275B6FB82C79}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{FA12966C-A2C3-4F9F-B864-22C96FEC122C}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{AF19147C-FD48-4616-8D13-140F7EA4FCA0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{58EE6E85-49A1-463F-B5A7-064ADCB8B43D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{1F4BC3D6-5F76-49EF-BE86-3AAD3BFC1A7A}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{34C7DBDE-2DA7-4938-9D9F-4CFBF007C50E}c:\\program files\\steam\\steamapps\\scabiez\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\scabiez\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E4228362-46C8-4B8C-9D69-A2D6EC98D52C}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{77D976EF-063A-4543-947A-727BD42FB5C9}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{131D5EFA-D12B-43DA-9331-EC6B42FAE693}c:\\program files\\steam\\steamapps\\common\\arma armed assault\\beta\\arma.exe"= UDP:c:\program files\steam\steamapps\common\arma armed assault\beta\arma.exe:ArmA
"UDP Query User{458FFC84-256F-4F19-91EE-68F184383E21}c:\\program files\\steam\\steamapps\\common\\arma armed assault\\beta\\arma.exe"= TCP:c:\program files\steam\steamapps\common\arma armed assault\beta\arma.exe:ArmA
"{12B9AEBC-C344-4BB4-97E4-229F3467F35A}"= UDP:c:\program files\Steam\steamapps\common\arma armed assault\arma.exe:ArmA: Armed Assault
"{69BF6E07-2A98-456C-AF45-05EB145475FA}"= TCP:c:\program files\Steam\steamapps\common\arma armed assault\arma.exe:ArmA: Armed Assault
"{83D885A7-2851-4A19-A3DB-82E2B16766F6}"= UDP:c:\program files\Steam\steamapps\common\arma armed assault\arma_server.exe:ArmA: Armed Assault
"{1EFE2FE8-86D1-47A6-B3D6-1DA648CD5CD0}"= TCP:c:\program files\Steam\steamapps\common\arma armed assault\arma_server.exe:ArmA: Armed Assault
"TCP Query User{DA9A4C30-458E-4AEC-85B4-54890D53C6C9}c:\\program files\\codemasters\\overlord\\overlord.exe"= UDP:c:\program files\codemasters\overlord\overlord.exe:Overlord
"UDP Query User{1CB4D30A-4F60-48FD-9359-3D0F376F7881}c:\\program files\\codemasters\\overlord\\overlord.exe"= TCP:c:\program files\codemasters\overlord\overlord.exe:Overlord
"TCP Query User{8FB4A697-2C30-4919-82B9-74F7D5B37B4E}c:\\dynamix\\tribes\\tribes.exe"= UDP:c:\dynamix\tribes\tribes.exe:Tribes
"UDP Query User{C4971F03-5EB3-4A44-9CC8-8D4820001E3E}c:\\dynamix\\tribes\\tribes.exe"= TCP:c:\dynamix\tribes\tribes.exe:Tribes
"{18D1DCF8-8097-44DC-8BF8-CFC222E026ED}"= UDP:c:\program files\Steam\steamapps\common\wolfenstein 3d\Wolf3d.bat:Wolfenstein 3D
"{BC004A19-8D25-4EAF-BFE3-E8540A286B70}"= TCP:c:\program files\Steam\steamapps\common\wolfenstein 3d\Wolf3d.bat:Wolfenstein 3D
"{17F6DFFE-1D08-48F0-85DF-E50A171EB6F1}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{8926BA5C-EEEC-4C4A-A7F5-9FE5A09970CE}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-14 325128]
R3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2006-11-02 7168]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-20 130936]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-14 107272]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-14 298264]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db25653f-2625-11de-8ce8-0013d4ca3f81}]
\shell\AutoRun\command - G:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{4E4D0663-F650-472E-9B95-E3C95019F53E}.job
- c:\windows\system32\msfeedssync.exe [2008-07-20 07:33]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.14.0.cab
FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\61ys9jsj.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 11:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-215139384-1497984128-1827781979-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,f2,b3,a7,32,7b,34,27,51,9b,5c,94,18,ee,63,69,48,a2,c1,df,aa,fe,15,
13,44,42,97,d7,27,a1,9d,22,a6,16,92,e2,fb,3d,9d,20,c7,5c,e3,56,46,1a,86,b9,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-215139384-1497984128-1827781979-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,66,33,5f,dd,66,c9,9a,ba,a3,a2,2c,68,43,ae,65,ac,f8,ec,39,92,
42,b7,14,af,40,7b,b3,60,42,13,fa,93,53,0f,29,65,18,c2,30,03,41,41,9c,64,fe,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-04-29 11:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 15:40
ComboFix2.txt 2009-04-28 15:55

Pre-Run: 57,509,261,312 bytes free
Post-Run: 57,204,211,712 bytes free

606 --- E O F --- 2009-04-23 01:05

Ried · 04-29-2009, 03:42 PM

No worries about the autostartup and files you saw in task manager.

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Also - please tell me how the system is behaving now. Any issues remaining?

xstation14 · 04-30-2009, 09:13 AM

Files are still disappearing from my desktop a few seconds after they hit 100%. Spyware Doctor found a few viruses yesterday, but they were under Low threat and the problem hasn't been fixed so it's not the one i'm looking for.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 30, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 29, 2009 23:15:23
Records in database: 2101635
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 358016
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 05:34:14

File name / Threat name / Threats count
C:\hp\bin\wbug\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
D:\I386\Apps\APP17561\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.

Ried · 04-30-2009, 10:20 PM

What happens if you download an .exe straight to the C:\ drive? Does it disappear from there as well?

xstation14 · 05-03-2009, 01:01 PM

Sorry for the late reply i've been away for a few days. I tried what you suggested and something weird happened. I set the default download destination to C:\ in Firefox and tried to download AVG again and when I hit save nothing happened. No download menu came up, and when I clicked Tools > Downloads it was blank. Just to make sure it was with every file I tried to download one of my game mods and the same thing happened. But when I switched it back to Desktop, the download box opened and it again disappeared from my desktop after it hit 100%.

Ried · 05-04-2009, 07:57 AM

What browser are you using to download? Does it happen in both Mozilla and IE?

xstation14 · 05-04-2009, 03:45 PM

Ok I found out the reason the download prompt wouldn't come up is that I didn't open Firefox as an administrator so it wouldn't save to the C:\ path. If I open Firefox or IE and save it to C:\ as an administrator, the same thing happens with the desktop, where it shows up under C:\ until a few seconds after it hits 100% it disappears

Ried · 05-05-2009, 09:33 PM

I am inclined to believe it is some setting on your system that is causing this.

Let's begin with the multiple AV's. It is never a good idea to have more than one installed at a given time as they will conflict with one another and can cause OS issues.

I see 3 currently installed:

Authentium AntiVirus SDK - 2
AVG Free 8.0
Radialpoint Security Services

Choose and run only 1. Remove the others via Start > Computer > uninstall or change a program

Reboot.

Try again to download a program. Tell me what happens.

xstation14 · 05-08-2009, 07:41 PM

I don't see Authentium Antivirus ADK - 2 or Radialpoint Security Services in the programs list.

Ried · 05-08-2009, 10:45 PM

Interesting--Windows sees it. Take a look at the Attach.txt in your first post.

Download HijackThis to your desktop.

Double-click on the file you just downloaded. Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

=============================

Click on the button " Open the Misc Tools section" > "Open Uninstall Manager"

Do you see either of those programs listed there? If so:

Highlight each one (one at a time) and Copy the Uninstall Command (on the right side of the screen)
Paste that information in your next reply.

xstation14 · 05-10-2009, 08:05 PM

Ok

Authentium AntiVirus SDK - 2:

MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}

Radialpoint Security Services:

MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}

Ried · 05-10-2009, 10:53 PM

Click Start>Run and copy/paste each of those commands (one at a time) into the Run box and click OK:

MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}

MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}

Reboot your machine.

Run a new scan with dds.scr and post both logs it produces.

04-26-2009, 01:21 PM	#2 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... BUMP, please

04-27-2009, 09:08 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... Hello xstation14, Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

04-29-2009, 03:42 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... No worries about the autostartup and files you saw in task manager. It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Vista users - right click on the IE icon and run as administrator Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply Also - please tell me how the system is behaving now. Any issues remaining? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

04-30-2009, 09:13 AM	#8 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... Files are still disappearing from my desktop a few seconds after they hit 100%. Spyware Doctor found a few viruses yesterday, but they were under Low threat and the problem hasn't been fixed so it's not the one i'm looking for. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, April 30, 2009 Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 29, 2009 23:15:23 Records in database: 2101635 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Files scanned: 358016 Threat name: 2 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 05:34:14 File name / Threat name / Threats count C:\hp\bin\wbug\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1 D:\I386\Apps\APP17561\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1 The selected area was scanned.

04-30-2009, 10:20 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... What happens if you download an .exe straight to the C:\ drive? Does it disappear from there as well? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-03-2009, 01:01 PM	#10 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... Sorry for the late reply i've been away for a few days. I tried what you suggested and something weird happened. I set the default download destination to C:\ in Firefox and tried to download AVG again and when I hit save nothing happened. No download menu came up, and when I clicked Tools > Downloads it was blank. Just to make sure it was with every file I tried to download one of my game mods and the same thing happened. But when I switched it back to Desktop, the download box opened and it again disappeared from my desktop after it hit 100%.

05-04-2009, 07:57 AM	#11 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... What browser are you using to download? Does it happen in both Mozilla and IE? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-04-2009, 03:45 PM	#12 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... Ok I found out the reason the download prompt wouldn't come up is that I didn't open Firefox as an administrator so it wouldn't save to the C:\ path. If I open Firefox or IE and save it to C:\ as an administrator, the same thing happens with the desktop, where it shows up under C:\ until a few seconds after it hits 100% it disappears

05-05-2009, 09:33 PM	#13 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... I am inclined to believe it is some setting on your system that is causing this. Let's begin with the multiple AV's. It is never a good idea to have more than one installed at a given time as they will conflict with one another and can cause OS issues. I see 3 currently installed: Authentium AntiVirus SDK - 2 AVG Free 8.0 Radialpoint Security Services Choose and run only 1. Remove the others via Start > Computer > uninstall or change a program Reboot. Try again to download a program. Tell me what happens. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-08-2009, 07:41 PM	#14 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... I don't see Authentium Antivirus ADK - 2 or Radialpoint Security Services in the programs list.

05-08-2009, 10:45 PM	#15 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... Interesting--Windows sees it. Take a look at the Attach.txt in your first post. Download HijackThis to your desktop. Double-click on the file you just downloaded. Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe ============================= Click on the button " Open the Misc Tools section" > "Open Uninstall Manager" Do you see either of those programs listed there? If so: Highlight each one (one at a time) and Copy the Uninstall Command (on the right side of the screen) Paste that information in your next reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-10-2009, 08:05 PM	#16 (permalink)
xstation14 Registered User Join Date: Apr 2008 Posts: 18 OS: Windows Vista	Re: Yep, I have a virus... Ok Authentium AntiVirus SDK - 2: MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579} Radialpoint Security Services: MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}

05-10-2009, 10:53 PM	#17 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,072 OS: WinXP and Vista	Re: Yep, I have a virus... Click Start>Run and copy/paste each of those commands (one at a time) into the Run box and click OK: MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579} MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF} Reboot your machine. Run a new scan with dds.scr and post both logs it produces. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."