Hiya,
i have removed a lot of the old games i had on my system and now much better. You will find the results from Combofix.exe below: What i will say is that even before removing the old games my CPU usage has gone back to normal. I have done nothing that i know of..apart from try and get rid of SPy sweeper(which i cant as some reg entries are undeletable) But looking through the results i can see a lot of registry entries for software that i no longer have, i regularly run Crap cleaner and am told these are fixed but lookign again i can see that there is loads.
Anyway:
ComboFix 09-05-20.A1 - Andy 21/05/2009 16:33.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2046.1008 [GMT 1:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: The Shield Deluxe 2009 Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: The Shield Deluxe 2009 Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\X64
c:\windows\system32\X64\License.rtf
c:\windows\system32\X64\Readme.txt
c:\windows\system32\X64\setup.exe
c:\windows\system32\X86
c:\windows\system32\X86\License.rtf
c:\windows\system32\X86\Readme.txt
c:\windows\system32\X86\setup.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.
2009-05-21 15:39 . 2009-05-21 15:39 -------- d-----w c:\users\Andy\AppData\Local\temp
2009-05-21 15:39 . 2009-05-21 15:39 -------- d-----w c:\users\Games\AppData\Local\temp
2009-05-18 14:09 . 2009-05-18 14:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-18 13:27 . 2009-05-18 13:27 -------- d-----w c:\program files\Trend Micro
2009-05-18 11:27 . 2009-05-18 11:27 -------- d-----w c:\program files\MSSOAP
2009-05-18 11:27 . 2009-05-18 14:35 -------- d-----w c:\programdata\Webroot
2009-05-18 11:27 . 2009-05-18 14:35 -------- d-----w c:\users\All Users\Webroot
2009-05-18 11:27 . 2009-05-18 11:27 -------- d-----w c:\program files\Webroot
2009-05-18 11:19 . 2009-05-18 11:19 164 ----a-w c:\windows\install.dat
2009-05-18 11:13 . 2009-05-18 11:13 -------- d-----w c:\users\Andy\AppData\Roaming\BitDefender
2009-05-18 11:12 . 2009-05-18 11:39 -------- d-----w c:\programdata\BitDefender
2009-05-18 11:12 . 2009-05-18 11:39 -------- d-----w c:\users\All Users\BitDefender
2009-05-18 11:12 . 2009-05-18 11:12 -------- d-----w c:\program files\PCSecurityShield
2009-05-18 11:10 . 2009-05-18 14:12 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-18 11:03 . 2009-05-18 11:04 -------- d-----w c:\windows\BDOSCAN8
2009-05-14 09:43 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-14 09:43 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-14 09:43 . 2009-05-14 09:43 -------- d-----w c:\program files\iPod
2009-05-14 09:42 . 2009-05-14 09:43 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 09:42 . 2009-05-14 09:43 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 09:42 . 2009-05-14 09:43 -------- d-----w c:\program files\iTunes
2009-05-14 09:35 . 2009-05-14 09:35 -------- d-----w c:\program files\Bonjour
2009-04-24 11:25 . 2009-04-24 11:28 -------- d-----w c:\program files\File And MP3 Tag Renamer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 14:03 . 2007-08-16 06:59 213128 ----a-w c:\users\Andy\AppData\Roaming\nvModes.dat
2009-05-20 12:34 . 2007-08-15 16:12 7160 ----a-w c:\users\Andy\AppData\Local\d3d9caps.dat
2009-05-14 09:43 . 2008-06-29 09:58 -------- d-----w c:\program files\Common Files\Apple
2009-05-14 09:40 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-14 09:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-14 09:40 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-30 16:12 . 2009-03-27 19:07 -------- d-----w c:\program files\PokerStars
2009-04-21 14:31 . 2007-08-15 16:13 105840 ----a-w c:\users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-21 14:29 . 2007-08-16 14:40 -------- d-----w c:\program files\Common Files\Adobe
2009-04-21 14:28 . 2009-04-21 14:28 -------- d-----w c:\program files\Adobe Media Player
2009-04-21 14:23 . 2009-04-21 14:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 14:16 . 2009-04-21 14:16 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-16 10:58 . 2009-04-16 10:58 -------- d-----w c:\program files\GIMP-2.0
2009-04-02 13:30 . 2009-04-02 13:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 13:30 . 2009-04-02 13:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 13:30 . 2009-04-02 13:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-02 09:59 . 2009-04-02 09:58 -------- d-----w c:\program files\Ferrari Virtual Race
2009-03-26 14:23 . 2009-03-26 14:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 14:23 . 2009-03-26 14:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-01-21 23:40 . 2009-01-23 11:40 44 ---h--w c:\program files\206246e1.tmp
2008-12-19 12:37 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2007-02-21 19:50 . 2007-02-21 19:50 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"AWMON"="c:\program files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe" [2005-06-27 516608]
"Fraps"="c:\fraps\FRAPS.EXE" [2007-07-12 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648]
SpeedFan (2).lnk - c:\program files\SpeedFan\speedfan.exe [2007-2-28 2796544]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemSet.exe.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemSet.exe.lnk
backup=c:\windows\pss\MemSet.exe.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2365035102-2755956191-3292100487-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{538841C1-D515-4E8D-9A59-48C6881DD9C9}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{31B2E4C5-A7B3-4951-A6DF-C7C7B517D6AF}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{882A83BB-6222-4539-A331-D2E354CC574A}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{65F8BEB8-1F42-4E5F-A30D-1DDCCF4DBCC9}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{8056D63A-0246-4AFC-A7BE-8F23BD608C54}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{4B5D65FA-B95C-440B-A168-D93AC5F17C87}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{8498C5F0-0ECD-42F9-8328-BFE8ED802541}c:\\windows\\system32\\mmc.exe"= UDP:c:\windows\system32\mmc.exe:Microsoft Management Console
"UDP Query User{5329325C-512D-423D-8A12-E67BA8E59588}c:\\windows\\system32\\mmc.exe"= TCP:c:\windows\system32\mmc.exe:Microsoft Management Console
"TCP Query User{0EE1E568-103C-40F3-93C7-994E2F41A5B9}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{480BCA3F-7D7F-4174-8344-81D2E1CFCE28}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{4D18CAC6-F513-4445-817B-CB35CB78A2F1}c:\\windows\\system32\\mmc.exe"= UDP:c:\windows\system32\mmc.exe:Microsoft Management Console
"UDP Query User{FEA728C3-F45F-408D-831B-1B8F55F6D710}c:\\windows\\system32\\mmc.exe"= TCP:c:\windows\system32\mmc.exe:Microsoft Management Console
"{066E3788-3CEF-49AB-B5EF-CB52169F0BA3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{5C1B62CB-D20E-4C4D-8E31-293D7E1844BE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B7419867-C65E-4326-B418-9E11D99E62AC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3702EF26-E37F-4E16-9844-9EBB0A0FA0EC}c:\\users\\public\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\tdu\\testdriveunlimited.exe"= UDP:c:\users\public\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{01AC1678-36BF-4EC5-80E7-F9EF87ED6978}c:\\users\\public\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\tdu\\testdriveunlimited.exe"= TCP:c:\users\public\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{AEA6A451-33DC-422C-B5CA-DB95C7B24C65}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe

iRT Executable
"UDP Query User{F522198F-F546-490C-A5D6-82D42799CD29}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe

iRT Executable
"TCP Query User{EFF502B6-BEC2-4799-8900-5097F0059691}c:\\program files\\golden fairway\\goldenfairway.exe"= UDP:c:\program files\golden fairway\goldenfairway.exe:Golden Fairway Application
"UDP Query User{AE358A1C-5A9C-4AE8-B193-B4A2064A6187}c:\\program files\\golden fairway\\goldenfairway.exe"= TCP:c:\program files\golden fairway\goldenfairway.exe:Golden Fairway Application
"{0440B88C-B4DD-4985-B4E1-7354477B0782}"= UDP:c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{1A58EC9B-2710-4C0F-9123-B2F0ED596806}"= TCP:c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{D07BAACB-E9AC-4438-8B07-90792CB57122}"= UDP:c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"{264515BF-DEDF-4F4D-B875-CFB52144C44D}"= TCP:c:\program files\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"TCP Query User{4CAFF10C-3896-4DB2-91F6-8A72901C9CCD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{263F3C4F-B959-449A-A70C-B38D66DCA108}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{48B7FC1E-C74C-4048-AEF5-8E4EADFF8E4A}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe

iRT Executable
"UDP Query User{5DA221B2-08DA-4A56-8174-7CCA59ED969B}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe

iRT Executable
"TCP Query User{815867B0-51C0-4E90-BC0C-7B1FF49A6AFE}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{431C9323-7B25-41D1-92DD-89BD552E27F7}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"{3B5E09C7-9425-47CB-820B-C07D1F145E38}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{9FF06716-F892-47AE-924D-603F8A120E00}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{34E83B86-2F08-4892-AF79-E291C2E97362}c:\\program files\\thq\\motogp 2007\\motogp.exe"= UDP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"UDP Query User{C16A999A-A43D-487C-A440-9AF84D17D794}c:\\program files\\thq\\motogp 2007\\motogp.exe"= TCP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"TCP Query User{2781A180-AAE7-4501-BE47-65A1C784110E}c:\\program files\\thq\\motogp 2007\\motogp.exe"= UDP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"UDP Query User{E7147865-B691-4B5C-A15C-94C6224AA8F9}c:\\program files\\thq\\motogp 2007\\motogp.exe"= TCP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"{87CFA4DA-8A6C-46A9-9E7F-26B7F8D1284B}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{657734D2-A268-4D7B-BAB0-30E8E49138A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{0243C7CC-F56C-4BF1-BF2A-5A4DB5139098}"= UDP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{0B8A8ED6-7C18-45E3-9373-80790B7FD6CF}"= TCP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{E7EE6818-7C49-41E1-BB0C-09B3D30D7547}"= UDP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{8734CCCB-16CA-41E6-830B-FA3224F69E3E}"= TCP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{67FB004F-D66C-4DC7-AB21-9FCC75B42882}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{4D2ED11A-8CF4-40FB-8557-C23DD9F8CC59}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"TCP Query User{078BD156-654D-404E-9C09-907532B5E93B}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe

elivery Manager
"UDP Query User{2E244CE5-996B-42D9-A74A-41527C10AFA6}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe

elivery Manager
"{E9A43507-1C75-471A-97A2-508A0198D653}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{B97695D2-DC0A-4DED-98DF-198DEBCA6F66}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"TCP Query User{321584A6-F868-4219-A553-9416FC94C391}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{AFE3539E-E363-47BA-B73E-D942C1C7F65D}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary
"{30D212D2-8A04-4B80-8B78-9E1C436D7A78}"= UDP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{C6391F6F-D3EB-447D-A99C-AA0CE6E923DC}"= TCP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{4A102778-509C-4C14-B702-7B8C9065FFC1}"= UDP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{DE690B99-7696-4AFB-9E82-F5DD423F1C54}"= TCP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{9CA2033B-2EB1-4031-9D3F-71E907276260}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{F08346DD-268F-4059-8CEB-FC27B6922419}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{8C6F3104-58B5-44CE-B846-76CA4AFCABD8}c:\\program files\\smart dialer\\smart dialer.exe"= UDP:c:\program files\smart dialer\smart dialer.exe:Smart Dialer Application
"UDP Query User{AB4BF376-A931-48A5-872A-F6F7E4891858}c:\\program files\\smart dialer\\smart dialer.exe"= TCP:c:\program files\smart dialer\smart dialer.exe:Smart Dialer Application
"TCP Query User{12889E35-9C18-44E2-97D9-4AF58B55D855}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{25E30F84-B0E8-43C5-BCF5-B349E8E398C4}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{3F481D7E-57E8-4388-8EC4-17922F28C3DB}c:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:c:\program files\konami\pro evolution soccer 2008\pes2008.exe

ro Evolution Soccer 2008
"UDP Query User{FE36EB4B-3208-4D9F-B7F8-C2AEF2790FB8}c:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:c:\program files\konami\pro evolution soccer 2008\pes2008.exe

ro Evolution Soccer 2008
"TCP Query User{F6121C70-4648-414E-BEC9-C1E80AD8EDB9}c:\\program files\\secway\\simplite-msn 2.2\\simplite-msn.exe"= UDP:c:\program files\secway\simplite-msn 2.2\simplite-msn.exe:SimpLite-MSN
"UDP Query User{8D091261-4053-4598-AEF1-530EB2A6B6BD}c:\\program files\\secway\\simplite-msn 2.2\\simplite-msn.exe"= TCP:c:\program files\secway\simplite-msn 2.2\simplite-msn.exe:SimpLite-MSN
"TCP Query User{2C938378-2AC1-4C95-9DE9-C5018E333869}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{B9957AF1-334E-4B1C-A7E6-DD2B18C11221}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{980CBC56-568E-4C6B-80BD-716CCF3A22DF}c:\\users\\andy\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= UDP:c:\users\andy\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1
"UDP Query User{526A4E3B-9882-4A03-B789-2E60871A2E55}c:\\users\\andy\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= TCP:c:\users\andy\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1
"{10035928-5E65-46B6-9E04-B83D1F510858}"= UDP:c:\program files\CommTraffic\CommTraffic.exe:CommTraffic Console
"{6E69B588-592E-48F6-9767-E7512B1535A8}"= TCP:c:\program files\CommTraffic\CommTraffic.exe:CommTraffic Console
"{4F5E48BC-1CCF-487F-B745-94E8DCF9F000}"= UDP:c:\program files\CommTraffic\CTserv.exe:CommTraffic Service
"{3D2DC6BC-55ED-4323-895A-250F93364F70}"= TCP:c:\program files\CommTraffic\CTserv.exe:CommTraffic Service
"{04DBD6AA-6C48-427C-A78A-D782AE3D08A1}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{96401029-E55F-4BB6-B193-E2CE4E375482}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0E73E634-07C0-4A65-B950-C8225D43449F}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{A5C3ADA1-8A5A-4833-ABE1-A2432D0B3A19}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{62B6268C-04F6-4B28-8E38-62422EAA55F5}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"UDP Query User{DBFF157B-CA3E-48B2-94F9-A863C83D707B}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"TCP Query User{BF5BAB2E-8216-40D0-9858-0BD488608525}c:\\program files\\coreftp\\coreftp.exe"= UDP:c:\program files\coreftp\coreftp.exe:Core FTP App
"UDP Query User{81D8D2A9-14E8-4F2D-B787-19F4497217A4}c:\\program files\\coreftp\\coreftp.exe"= TCP:c:\program files\coreftp\coreftp.exe:Core FTP App
"TCP Query User{CCF38B1B-7950-4378-BCF0-EF935437689A}c:\\team17\\worms2 demo\\worms2.exe"= UDP:c:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{253F95A2-3498-4823-8304-42ECF295A986}c:\\team17\\worms2 demo\\worms2.exe"= TCP:c:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"TCP Query User{063F1A24-5BD2-4C28-8721-77EFE21CB5A7}c:\\program files\\pocket tanks\\pockettanks.exe"= UDP:c:\program files\pocket tanks\pockettanks.exe

ocket Tanks
"UDP Query User{B1331D2D-46FF-416B-AC77-39FB4419F51B}c:\\program files\\pocket tanks\\pockettanks.exe"= TCP:c:\program files\pocket tanks\pockettanks.exe

ocket Tanks
"TCP Query User{6DA25BA0-CF7E-48E5-962B-30CB3F8B44D1}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{BB2E3082-BD68-4BD9-B067-57074F7E50E7}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{3EC7502C-2813-47A8-9D7F-76BA6A244F3E}c:\\program files\\git\\git.exe"= UDP:c:\program files\git\git.exe:Gamer's Internet Tunnel
"UDP Query User{A37C3F32-DD78-490F-8C2D-7DCBE33551CA}c:\\program files\\git\\git.exe"= TCP:c:\program files\git\git.exe:Gamer's Internet Tunnel
"TCP Query User{CD4D2716-E1B9-44FF-BC40-506C377B17C9}c:\\program files\\git\\git.exe"= UDP:c:\program files\git\git.exe:Gamer's Internet Tunnel
"UDP Query User{089740A3-5417-440C-A61F-CE2E5FDD23E9}c:\\program files\\git\\git.exe"= TCP:c:\program files\git\git.exe:Gamer's Internet Tunnel
"TCP Query User{40DB1B76-C0AF-4186-B0E8-86EB3EA9E802}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{4AB3CA66-C0E3-4B57-A892-7F45003ECFAE}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{0E78E0EE-7DE4-4478-8600-01483E1D1F7D}"= UDP:c:\program files\Brother\Brmfl07a\FAXRX.exe:FAXRX.EXE
"{B0E953E6-7A68-4BF3-8F9E-62F89466D538}"= TCP:c:\program files\Brother\Brmfl07a\FAXRX.exe:FAXRX.EXE
"{E8DB996A-671D-4E47-847C-53D3D404DB35}"= TCP:54925:Brother Network Scanner
"TCP Query User{C336EDE0-FA77-4010-9EC7-0A34AB519B8A}c:\\team17\\worms2 demo\\worms2.exe"= UDP:c:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{07BCCEED-928B-4E85-8E10-E5257BFDC176}c:\\team17\\worms2 demo\\worms2.exe"= TCP:c:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"TCP Query User{30BA208F-F17C-42A8-B125-424DBC67546B}c:\\program files\\tightvnc\\vncviewer.exe"= UDP:c:\program files\tightvnc\vncviewer.exe:vncviewer
"UDP Query User{2FA4C4E3-5160-4E52-8BC3-D40482D0ED4A}c:\\program files\\tightvnc\\vncviewer.exe"= TCP:c:\program files\tightvnc\vncviewer.exe:vncviewer
"{04471579-C6ED-4C43-8AEC-FEFB99F0E84D}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{3987A418-D889-469A-8EC6-FA75A6AEFD77}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{C789918D-19A3-4359-9AF1-F17FD9597CA3}c:\\program files\\codemasters\\grid\\grid.exe"= UDP:c:\program files\codemasters\grid\grid.exe:GRID Executable
"UDP Query User{77EFCC83-0EEF-4677-8532-3BC4C04D262E}c:\\program files\\codemasters\\grid\\grid.exe"= TCP:c:\program files\codemasters\grid\grid.exe:GRID Executable
"{B3B326D3-6DF0-4B13-BB35-5070812DB15C}"= UDP:990:LocalSubnet:LocalSubnet|IF={DEC653FF-8899-4DD2-B4D9-DAFA75AE6160}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F2AC60A6-6032-460F-A443-A2B2187BBD75}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{D94B18E3-0BEE-462B-80F6-79F31C34299D}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{5AC979CC-329D-4ABA-B205-2B33B69B1896}"= Disabled:UDP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{22C7CA2B-30EF-4089-91C3-43AB7273B46E}"= Disabled:TCP:e:\setup\HPONICIFS01.EXE:hponicifs01.exe
"{E8012A72-7719-4A31-8C68-27DEF58FA0CD}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4404C4FE-2A3D-4DB1-9CD4-0E597960371A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{6518A5F9-B3D6-4668-BA97-4C5347E9A28B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E8430A2B-D7B7-4D3C-AF67-8913AD215EF2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{43AA69DB-942B-4798-A46A-60BA3D6ECB2C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{C49E68CA-D609-4317-ACAB-54D165706D4E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{78647ECC-F94D-4725-A359-C7E9A66A5EA4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{274105E7-2BE8-4282-826A-38281E12F087}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{B7FA1CBF-61AF-4842-8DF5-245304D9A751}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{26792F6F-32FA-4252-A9F5-DC5824ABA57D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{888FA365-9ED6-487E-8C8C-E0D743899026}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{078230EA-F199-486D-A85A-10EC8FD7A05E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{79D8D4EB-FF6A-448F-928E-3A270475804E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{440E1057-9C89-4B76-9118-641E5637C236}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{974270A2-6350-4DF2-BBE6-72752AFF5AE2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{F6259581-F4F8-432E-B2E2-38C0E208EA07}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{8900CB5A-6062-4242-A2D0-DAB7B5FDC616}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{AAF350B3-E08E-4137-AC40-98FA72D52A0F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"TCP Query User{C8B28B31-8CFC-4093-BB33-32D978370CC5}c:\\program files\\3com\\3cdaemon\\3cdaemon.exe"= UDP:c:\program files\3com\3cdaemon\3cdaemon.exe:3CDaemon Application
"UDP Query User{E3AE67A2-4091-4305-B7CE-9476A4C62484}c:\\program files\\3com\\3cdaemon\\3cdaemon.exe"= TCP:c:\program files\3com\3cdaemon\3cdaemon.exe:3CDaemon Application
"TCP Query User{D1A71C1E-A1B5-4BAC-9700-067CD0FFFE25}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{7CF30481-0652-4099-B42A-B9A5A2D7E618}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{449BAA7D-EB9C-4F6C-AAB4-8114A6265BCF}"= UDP:990:LocalSubnet:LocalSubnet|IF={03B84764-7DF9-4970-9A62-DF36261D4624}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{FA47156E-D64F-4B0C-831D-A1D9E34E1EDB}c:\\program files\\gp bikes\\core.exe"= UDP:c:\program files\gp bikes\core.exe:core
"UDP Query User{5F2C87F2-2C08-4896-94D9-7D946B291529}c:\\program files\\gp bikes\\core.exe"= TCP:c:\program files\gp bikes\core.exe:core
"TCP Query User{BEA01E80-EC72-4ED9-A55B-66B017406E4C}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"UDP Query User{DE06856F-9C7E-4FBD-A952-DC23B2DD3861}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone
"{04B41337-6058-43AD-83AD-C352C95EF949}"= UDP:990:LocalSubnet:LocalSubnet|IF={DEC653FF-8899-4DD2-B4D9-DAFA75AE6160}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{82B4E513-C9AE-4C16-A25B-569B1BF94CC7}"= UDP:990:LocalSubnet:LocalSubnet|IF={03B84764-7DF9-4970-9A62-DF36261D4624}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{4889A91A-B08C-4E65-9324-B72D0693A40B}"= UDP:990:LocalSubnet:LocalSubnet|IF={DEC653FF-8899-4DD2-B4D9-DAFA75AE6160}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{BC17F7EE-8F40-4F77-9E7A-E9FCF6019432}"= UDP:990:LocalSubnet:LocalSubnet|IF={03B84764-7DF9-4970-9A62-DF36261D4624}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr

%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{6551AF73-C7C0-47AA-8AF3-E11BECF3BF12}c:\\program files\\pagebreeze\\pagebreeze.exe"= UDP:c:\program files\pagebreeze\pagebreeze.exe

agebreeze
"UDP Query User{1F9E3D9F-B41D-4CD9-84B1-EDC1E6984A81}c:\\program files\\pagebreeze\\pagebreeze.exe"= TCP:c:\program files\pagebreeze\pagebreeze.exe

agebreeze
"TCP Query User{8DA7950F-F973-46F3-A201-BD713DAC266C}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{486A77E0-0497-48A8-9DC0-F722CB5CA599}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{A80C5640-26A5-476C-AE7D-22CC0042AA38}c:\\program files\\vidophone\\vidophone.exe"= UDP:c:\program files\vidophone\vidophone.exe:Softphone Application
"UDP Query User{6094F19F-CB05-411A-AF2B-31340A6BAD70}c:\\program files\\vidophone\\vidophone.exe"= TCP:c:\program files\vidophone\vidophone.exe:Softphone Application
"TCP Query User{7CE2F325-A7C2-4F19-82F3-9BDBA2BD5D11}c:\\program files\\microsoft office\\office12\\msaccess.exe"= UDP:c:\program files\microsoft office\office12\msaccess.exe:Microsoft Office Access
"UDP Query User{9EBA1D71-B267-4DE6-805B-B955E96C8B7D}c:\\program files\\microsoft office\\office12\\msaccess.exe"= TCP:c:\program files\microsoft office\office12\msaccess.exe:Microsoft Office Access
"TCP Query User{F1E939D6-F53B-4C2F-ABD2-3377E840E677}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{247A9438-FCC2-4DF1-802F-9DF1FB78D7B9}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{9B925FD4-6EBB-44AC-A20B-A40F321C9D8B}"= UDP:5353:Adobe CSI CS4
"{29B63552-5756-4DD0-8F63-70977B38291C}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{B9026D05-ACB4-4111-A174-EC14FBF980D2}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{62E0353F-E86C-4668-B9BA-1BAA335F98CC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9464E704-3942-4AC3-BD44-642C19CC1F81}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61A52147-EDF6-460E-8D23-801A77360090}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{636EAE92-A547-4FF0-BBC6-E51B9BB92F6F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [02/04/2009 14:30 29808]
R1 fanio;FanIO driver;c:\windows\System32\drivers\fanio.sys [10/10/2007 16:25 14464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [02/08/2005 22:10 32512]
R2 QWAlerter;QWAlerter;c:\program files\QuesCom\Management Console\QWAlerter\QWAlerter.exe [15/08/2007 23:11 86016]
R3 DUSBTAWAN;Psion Dacom ISDN NDISWAN;c:\windows\System32\drivers\dusbwan.sys [17/08/2007 13:17 23479]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/03/2009 21:01 101936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/11/2006 11:25 167936]
S3 Camdrv30;Philips ToUcam XS;c:\windows\System32\drivers\camdrv30.sys [17/08/2001 22:04 171264]
S3 DTA128;Psion Dacom Gold Port ISDN;c:\windows\System32\drivers\dusbta2k.sys [17/08/2007 13:17 127949]
S3 Kwari.xLoader;Kwari.xLoader;c:\users\Andy\AppData\Local\Micro Forte\Kwari\Kwari.xLoader.32 --> c:\users\Andy\AppData\Local\Micro Forte\Kwari\Kwari.xLoader.32 [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [28/11/2006 06:34 122008]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [11/09/2008 20:11 16896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NWEReboot - (no file)
HKLM-Run-Auto Run Software for Photo Frame - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A0EF7E3F-789A-4DB1-A286-FA16733DCD4F} = 208.67.220.220,156.154.70.1
TCP: {E8162D65-8F59-417D-8AFC-4AC8ADB38C54} = 208.67.220.220,62.6.40.162
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-05-21 16:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kwari.xLoader]
"ImagePath"="c:\users\Andy\AppData\Local\Micro Forte\Kwari\Kwari.xLoader.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2365035102-2755956191-3292100487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,99,a6,a9,69,dd,17,44,88,d9,df,21,07,ba,fd,a9,5a,2b,25,49,e8,7c,b0,
e9,39,21,ac,46,ed,06,8a,fb,7d,92,94,1e,a2,cd,7e,e3,e0,75,ba,4b,04,61,f6,18,\
"??"=hex:91,c5,4e,72,3a,f7,74,0c,86,02,c0,23,95,1c,e0,b9
[HKEY_USERS\S-1-5-21-2365035102-2755956191-3292100487-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:1b,51,fe,9f,3b,34,6d,99,a0,b6,39,15,82,26,19,46,bd,f6,b3,c0,e0,
6b,49,da,fa,1c,eb,66,f8,73,68,bb,d1,a4,6a,9c,c5,db,05,bc,89,56,4f,88,a1,2d,\
"rkeysecu"=hex:e5,5a,1d,a1,1b,4f,be,7c,92,14,32,1b,05,08,a6,05
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-05-21 16:42
ComboFix-quarantined-files.txt 2009-05-21 15:41
Pre-Run: 6,538,043,392 bytes free
Post-Run: 7,097,798,656 bytes free
372 --- E O F --- 2009-01-01 01:21