lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Hijack log

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 17th Feb 2008, 12:24
Member Group
  
well im makeing sure everything is fine ... for some reason im having troubles accessing other parts of this site but thats not why im posting ... just looking for viruses stuff or cpu hogs well heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:19 PM, on 2/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\CtHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ZeroOnline\ZeroOnline.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.17.4.250 nprotect.battlelands.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

--
End of file - 5421 bytes
  #2  
Old 17th Feb 2008, 12:38
Moderator Group
  
Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

----------

Next post
Combofix log
__________________
  #3  
Old 17th Feb 2008, 16:34
Member Group
  
thank you .... ill have to do it tomorrow and what does combo fix do?
  #4  
Old 17th Feb 2008, 16:35
Moderator Group
  
It looks for certain virus/trojan and malware entries and also has some detailed registry entries that i can use to identify malware. It takeas less that 10 minutes to run.
__________________
  #5  
Old 17th Feb 2008, 18:21
Member Group
  
thank you ... give me a day to do it i couldnt get a LARGE game patch to download so i had to torrent and it takes huge bandwith
  #6  
Old 27th Feb 2008, 19:10
Member Group
  
sry doesnt fitr ... i will post twice sorry for the LATE reply

ComboFix 08-02-25.3 - Mark JR 2008-02-27 20:56:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1056 [GMT -5:00]
Running from: C:\Users\Mark JR\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-27 19:31 . 2008-02-27 20:35 <DIR> d-------- C:\Program Files\Norton 360
2008-02-27 19:24 . 2008-02-27 20:35 <DIR> d-------- C:\Program Files\Symantec
2008-02-27 18:02 . 2008-02-27 20:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-27 18:00 . 2008-02-27 20:33 <DIR> d-------- C:\Users\All Users\Symantec
2008-02-27 18:00 . 2008-02-27 20:33 <DIR> d-------- C:\ProgramData\Symantec
2008-02-26 14:06 . 2008-02-26 20:01 <DIR> d-------- C:\Program Files\Bridge Construction Set
2008-02-26 14:06 . 2008-02-26 14:06 <DIR> d-------- C:\Program Files\BFG
2008-02-26 14:06 . 2008-02-26 14:06 720,896 --a------ C:\Windows\iun6002.exe
2008-02-26 12:12 . 2008-02-26 12:12 <DIR> d-------- C:\Program Files\Bridge Construction Set Demo
2008-02-26 11:37 . 2008-02-26 11:37 <DIR> d-------- C:\Program Files\Pontifex Demo
2008-02-25 23:23 . 2008-02-25 23:23 <DIR> d-------- C:\Program Files\Bridge Building Game
2008-02-25 17:14 . 2008-02-25 17:14 36,059 --a------ C:\CrashReport.zip
2008-02-23 14:14 . 2002-02-18 18:40 6,200 --a------ C:\Windows\System32\INT13EXT.VXD
2008-02-23 14:13 . 2008-02-23 14:14 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2008-02-23 12:41 . 2008-02-23 12:41 <DIR> d-------- C:\Users\Mark JR\AppData\Roaming\PeerNetworking
2008-02-21 14:02 . 2008-02-21 14:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-21 14:02 . 2008-02-21 14:02 1,409 --a------ C:\Windows\QTFont.for
2008-02-20 21:42 . 2008-02-23 17:56 <DIR> d-------- C:\Program Files\Codemasters
2008-02-20 21:29 . 2008-02-20 21:29 <DIR> d-------- C:\Windows\Sun
2008-02-20 19:46 . 2008-02-20 19:46 <DIR> d-------- C:\Program Files\DNA
2008-02-20 17:01 . 2008-01-18 16:40 <DIR> d-------- C:\Windows\System32\SpriteImage
2008-02-20 17:01 . 2008-01-17 09:44 <DIR> d-------- C:\Windows\System32\Map
2008-02-20 17:01 . 2008-01-16 13:07 <DIR> d-------- C:\Windows\System32\Item
2008-02-20 17:01 . 2008-01-18 17:14 <DIR> d-------- C:\Windows\System32\DataTable
2008-02-20 17:01 . 2008-01-18 16:58 <DIR> d-------- C:\Windows\System32\Chef
2008-02-20 17:01 . 2008-01-27 14:39 5,255,168 --a------ C:\Windows\System32\RF_Online.bin
2008-02-20 17:01 . 2007-11-16 18:34 4,177,920 --a------ C:\Windows\System32\RFPoA.exe
2008-02-20 17:01 . 2007-11-16 19:09 14,562 --a------ C:\Windows\System32\LauncherMessage.ini
2008-02-19 21:49 . 2008-02-19 21:49 <DIR> d-------- C:\Program Files\Midway Games
2008-02-19 11:53 . 2008-02-19 11:53 <DIR> d-------- C:\Users\All Users\Mozilla
2008-02-19 11:52 . 2008-02-19 11:52 68,608 --a------ C:\Windows\ScEdUnin.exe
2008-02-19 11:52 . 2008-02-19 11:52 6,597 --a------ C:\Windows\scedunin.dat
2008-02-19 11:52 . 2008-02-19 11:52 967 --a------ C:\Windows\ScEdUnin.pif
2008-02-19 11:51 . 2008-02-20 20:36 <DIR> d-------- C:\Program Files\Starcraft Shareware(ED)
2008-02-19 11:33 . 2008-02-19 11:33 <DIR> d-------- C:\Program Files\UltimatePatch
2008-02-19 09:51 . 2008-02-19 09:51 <DIR> d-------- C:\Users\josh\AppData\Roaming\fretsonfire
2008-02-18 20:42 . 2008-02-18 20:43 <DIR> d-------- C:\Users\Mark JR\AppData\Roaming\IGN_DLM
2008-02-18 20:40 . 2008-02-18 20:40 <DIR> d-------- C:\Program Files\Download Manager
2008-02-18 01:32 . 2008-02-18 01:33 266,178,618 --a------ C:\Windows\MEMORY.DMP
2008-02-17 10:39 . 2008-02-17 10:41 <DIR> d-------- C:\Fraps
2008-02-16 13:40 . 2008-02-16 13:49 <DIR> d-------- C:\Program Files\Audacity
2008-02-16 00:08 . 2008-02-23 11:15 <DIR> d-------- C:\Users\Mark JR\AppData\Roaming\fretsonfire
2008-02-16 00:08 . 2008-02-16 00:08 <DIR> d-------- C:\Program Files\Frets on Fire
2008-02-14 17:55 . 2008-02-14 17:55 <DIR> d-------- C:\Program Files\Sierra
2008-02-13 18:59 . 2008-02-13 18:59 <DIR> d-------- C:\Program Files\Drug Wars
2008-02-13 16:32 . 2008-02-13 16:32 780,895 ---h----- C:\Windows\System32\~tmp29867.$$$
2008-02-13 16:32 . 2008-02-13 17:42 20,480 --a------ C:\Windows\System32\H@tKeysH@@k.DLL
2008-02-12 20:46 . 2008-02-12 20:46 16 --a------ C:\Windows\popcinfot.dat
2008-02-12 20:13 . 2008-02-12 20:13 <DIR> d-------- C:\Program Files\PopCap Games
2008-02-12 20:12 . 2008-02-12 20:12 <DIR> d-------- C:\Users\All Users\PopCap Games
2008-02-12 20:12 . 2008-02-12 20:12 <DIR> d-------- C:\ProgramData\PopCap Games
2008-02-12 19:22 . 2008-02-12 19:22 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-12 19:22 . 2008-02-12 19:22 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-12 19:18 . 2008-02-12 19:18 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-12 19:18 . 2008-02-12 19:18 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-12 19:18 . 2008-02-12 19:18 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-12 19:18 . 2008-02-12 19:18 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-12 19:18 . 2008-02-12 19:18 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-12 19:15 . 2008-02-12 19:15 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-12 19:15 . 2008-02-12 19:15 824,832 --a------ C:\Windows\System32\wininet.dll
2008-02-12 19:14 . 2008-02-12 19:14 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-12 19:14 . 2008-02-12 19:14 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-12 19:14 . 2008-02-12 19:14 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-10 19:12 . 2008-02-10 19:22 1,891 --a------ C:\black-spider-monkey.png
2008-02-06 14:40 . 2008-02-06 14:40 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-05 18:35 . 2008-02-05 18:35 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 17:58 . 2008-02-05 17:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 14:31 . 2008-02-05 14:32 <DIR> d-------- C:\Users\Mark JR\AppData\Roaming\PrevxCSI
2008-02-02 15:10 . 2008-02-02 15:13 <DIR> d-------- C:\Users\All Users\Grid
2008-02-02 15:10 . 2008-02-02 15:13 <DIR> d-------- C:\ProgramData\Grid
2008-02-02 15:10 . 2008-02-02 15:10 <DIR> d-------- C:\Program Files\RaySource
2008-02-02 15:10 . 2008-02-03 14:26 <DIR> d-------- C:\Program Files\GridService
2008-02-01 15:28 . 2008-02-05 12:21 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-01 15:28 . 2008-02-01 15:28 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-01 15:28 . 2008-02-05 12:21 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-01 06:38 . 2008-02-01 16:11 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-30 08:39 . 2008-02-23 11:15 <DIR> d-------- C:\Program Files\Portal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-28 01:53 --------- d-----w C:\Users\Mark JR\AppData\Roaming\DNA
2008-02-28 01:48 --------- d-----w C:\Program Files\AutoMacroRecorder
2008-02-28 01:16 --------- d-----w C:\Program Files\Cheat Engine
2008-02-26 19:05 --------- d-----w C:\Users\Mark JR\AppData\Roaming\BitTorrent
2008-02-23 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 19:06 --------- d-----w C:\ProgramData\VMware
2008-02-21 20:28 --------- d-----w C:\Program Files\ZeroOnline
2008-02-17 15:42 --------- d---a-w C:\ProgramData\TEMP
2008-02-16 04:36 --------- d-----w C:\Users\Mark JR\AppData\Roaming\teamspeak2
2008-02-13 00:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 00:19 --------- d-----w C:\Program Files\Yahoo!
2008-02-12 00:17 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-12 00:12 --------- d-----w C:\Program Files\Microsoft Games
2008-02-12 00:10 --------- d-----w C:\Program Files\WildGames
2008-02-06 01:20 --------- d-----w C:\Users\Mark JR\AppData\Roaming\VMware
2008-02-04 21:35 --------- d-----w C:\Users\josh\AppData\Roaming\VMware
2008-02-01 02:35 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-25 21:39 --------- d-----w C:\Program Files\Windows Live
2008-01-25 21:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 21:30 --------- d-----w C:\ProgramData\WLInstaller
2008-01-21 21:05 --------- d-----w C:\Program Files\OGPlanet
2008-01-21 01:40 --------- d-----w C:\Users\Guest\AppData\Roaming\Talkback
2008-01-21 01:39 --------- d-----w C:\Users\Guest\AppData\Roaming\VMware
2008-01-19 17:04 --------- d-----w C:\Program Files\CFZcomp2
2008-01-14 12:52 81,920 ----a-w C:\Windows\System32\frapsvid.dll
2008-01-12 00:46 --------- d-----w C:\Program Files\TheUniversal
2008-01-09 20:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 20:13 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 02:50 --------- d-----w C:\Program Files\Qonquer Online Client
2008-01-05 15:45 --------- d-----w C:\Users\Mark JR\AppData\Roaming\DVD Flick
2008-01-05 05:39 --------- d-----w C:\Program Files\DVD Flick
2008-01-05 05:16 --------- d-----w C:\Program Files\Xvid
2008-01-02 13:26 --------- d-----w C:\Users\Mark JR\AppData\Roaming\DAEMON Tools
2008-01-01 18:55 --------- d-----w C:\Program Files\Hamachi
2008-01-01 18:26 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-29 03:40 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-12-29 02:19 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-29 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 20:43 --------- d-----w C:\ProgramData\GameTap
2007-12-28 20:27 --------- d-----w C:\Program Files\GameTap
2007-12-19 20:49 88,576 ----a-w C:\Windows\System32\infocardapi.dll
2007-12-19 20:49 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2007-12-19 20:49 579,584 ----a-w C:\Windows\System32\icardagt.exe
2007-12-19 20:49 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2007-12-19 20:49 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2007-12-19 20:49 11,776 ----a-w C:\Windows\System32\icardres.dll
2007-12-19 20:49 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2007-12-18 02:12 96,760 ----a-w C:\Windows\System32\dfshim.dll
2007-12-18 02:12 84,480 ----a-w C:\Windows\System32\mscories.dll
2007-12-18 02:12 41,984 ----a-w C:\Windows\System32\netfxperf.dll
2007-12-18 02:12 282,112 ----a-w C:\Windows\System32\mscoree.dll
2007-12-18 02:12 158,720 ----a-w C:\Windows\System32\mscorier.dll
2007-12-15 11:48 90,112 ----a-w C:\Windows\System32\XCoreLib.dll
2007-12-13 20:45 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 20:45 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 20:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 20:43 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 20:43 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-01 20:30 65,536 ----a-w C:\Windows\IFinst27.exe
2007-10-31 21:33 262,144 ----a-w C:\ProgramData\ntuser.dat
2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Users\Mark JR\Program Files\DNA\btdna.exe" [2008-02-13 16:05 287040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 15:17 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-04-26 15:17 81920]
"CTXFIREG"="CTxfiReg.exe" [2006-11-02 07:20 44032 C:\Windows\System32\CTXFIREG.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-11-02 07:24 20480 C:\Windows\System32\CTXFIHLP.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 07:33 1004136]
"Grid Service"="C:\Program Files\GridService\peer.exe" [ ]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [ ]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{E2E8B6E8-8796-41D6-BCBD-0843270902CE}C:\program files\bots\bots.dat"= UDP:C:\program files\bots\bots.dat:Bout_d|Desc=Bout_d
"UDP Query User{EE7C6528-2B7F-4C75-8083-934802EF1A66}C:\program files\bots\bots.dat"= TCP:C:\program files\bots\bots.dat:Bout_d|Desc=Bout_d
"TCP Query User{9597F531-C2BD-4997-9998-99A9C9201499}C:\program files\triggersoft\rose online evolutionrrr\mx6027proxy.exe"= UDP:C:\program files\triggersoft\rose online evolutionrrr\mx6027proxy.exe:mx6027Proxy|Desc=mx60 27Proxy
"UDP Query User{AE9EE32C-8DF5-417D-A67E-EEA654AFB5C0}C:\program files\triggersoft\rose online evolutionrrr\mx6027proxy.exe"= TCP:C:\program files\triggersoft\rose online evolutionrrr\mx6027proxy.exe:mx6027Proxy|Desc=mx60 27Proxy
"TCP Query User{545AAE7F-0BA9-42E9-A78F-B0DD195374FA}C:\program files\triggersoft\rose online evolution\mx6027proxy.exe"= UDP:C:\program files\triggersoft\rose online evolution\mx6027proxy.exe:mx6027Proxy|Desc=mx6027P roxy
"UDP Query User{EA2D3E6F-CCCB-4ECE-A9AB-3439DFC4D11A}C:\program files\triggersoft\rose online evolution\mx6027proxy.exe"= TCP:C:\program files\triggersoft\rose online evolution\mx6027proxy.exe:mx6027Proxy|Desc=mx6027P roxy
"TCP Query User{D0277012-05F5-4214-96CF-902334042901}C:\program files\gameflier\ghostonline\game.exe"= UDP:C:\program files\gameflier\ghostonline\game.exe:game|Desc=gam e
"UDP Query User{3D2B51FA-6705-42E9-BBEC-3EFB9BB8535A}C:\program files\gameflier\ghostonline\game.exe"= TCP:C:\program files\gameflier\ghostonline\game.exe:game|Desc=gam e
"{2C6D3DA0-6D2F-49E8-8545-10496CBE4B8D}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{328BBF51-C31D-4692-A05D-D2A3951443B9}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"TCP Query User{27F5D33C-9519-458B-B330-DB99E73B482A}C:\program files\cheat engine\cheat engine server.exe"= UDP:C:\program files\cheat engine\cheat engine server.exe:Cheat Engine Server|Desc=Cheat Engine Server
"UDP Query User{B9AA777D-A000-4C6C-B9BE-15BF4756C2BD}C:\program files\cheat engine\cheat engine server.exe"= TCP:C:\program files\cheat engine\cheat engine server.exe:Cheat Engine Server|Desc=Cheat Engine Server
"TCP Query User{F0FF8C90-A607-4EC8-9CCD-D8CEBB1A0F2C}C:\program files\triggersoft\rose online\mx6027proxy.exe"= UDP:C:\program files\triggersoft\rose online\mx6027proxy.exe:mx6027Proxy|Desc=mx6027Prox y
"UDP Query User{6853AB74-BBE5-4BEE-9723-39A935199CA1}C:\program files\triggersoft\rose online\mx6027proxy.exe"= TCP:C:\program files\triggersoft\rose online\mx6027proxy.exe:mx6027Proxy|Desc=mx6027Prox y
"TCP Query User{BD338FA4-8855-424E-90E3-444B78DE2D8C}C:\users\mark jr\desktop\mupie x\mupie x.exe"= UDP:C:\users\mark jr\desktop\mupie x\mupie x.exe:mupie x.exe|Desc=mupie x.exe
"UDP Query User{59A8CBD1-C7CE-4735-9D8B-DF2A864BDEA0}C:\users\mark jr\desktop\mupie x\mupie x.exe"= TCP:C:\users\mark jr\desktop\mupie x\mupie x.exe:mupie x.exe|Desc=mupie x.exe
"TCP Query User{1DED3903-3CA4-4B57-95AF-E5C04C8773DA}C:\users\mark jr\desktop\evolutions_0.8_xml\evolutions 0.8 xml\evolutions-xml.exe"= UDP:C:\users\mark jr\desktop\evolutions_0.8_xml\evolutions 0.8 xml\evolutions-xml.exe:evolutions-xml.exe|Desc=evolutions-xml.exe
"UDP Query User{B0ABB8D1-C74E-40EA-8AC5-53C1920D055A}C:\users\mark jr\desktop\evolutions_0.8_xml\evolutions 0.8 xml\evolutions-xml.exe"= TCP:C:\users\mark jr\desktop\evolutions_0.8_xml\evolutions 0.8 xml\evolutions-xml.exe:evolutions-xml.exe|Desc=evolutions-xml.exe
"TCP Query User{1522142A-82A8-4AB5-ABEF-08DC85536896}C:\users\mark jr\desktop\wow\wowclient-downloader.exe"= UDP:C:\users\mark jr\desktop\wow\wowclient-downloader.exe:wowclient-downloader.exe|Desc=wowclient-downloader.exe
"UDP Query User{2EA1017F-5EC7-477E-8ACB-C79C40136246}C:\users\mark jr\desktop\wow\wowclient-downloader.exe"= TCP:C:\users\mark jr\desktop\wow\wowclient-downloader.exe:wowclient-downloader.exe|Desc=wowclient-downloader.exe
"TCP Query User{D539EB92-8CDC-42F4-97B1-455E5B309C99}C:\world of warcraft\wow-2.1.0-enus-downloader.exe"= UDP:C:\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"UDP Query User{2A0942F8-4FD8-46EA-B3FC-E74AB1A08D6A}C:\world of warcraft\wow-2.1.0-enus-downloader.exe"= TCP:C:\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"TCP Query User{EF783FF1-B4C4-44C7-BD32-E0DEDFBFBD88}C:\users\mark jr\desktop\wow\wow-burningcrusade-enus-installer-downloader.exe"= UDP:C:\users\mark jr\desktop\wow\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe|Desc=wow-burningcrusade-enus-installer-downloader.exe
"UDP Query User{CEAF95ED-5B81-4CAF-AF54-7099A19963C7}C:\users\mark jr\desktop\wow\wow-burningcrusade-enus-installer-downloader.exe"= TCP:C:\users\mark jr\desktop\wow\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe|Desc=wow-burningcrusade-enus-installer-downloader.exe
"TCP Query User{45EA2500-365B-4F01-8737-9A0C395A6586}C:\world of warcraft\repair.exe"= UDP:C:\world of warcraft\repair.exe:Blizzard Repair Utility|Desc=Blizzard Repair Utility
"UDP Query User{7B1BEB18-147F-44E1-A258-2D08F88E6DC3}C:\world of warcraft\repair.exe"= TCP:C:\world of warcraft\repair.exe:Blizzard Repair Utility|Desc=Blizzard Repair Utility
"TCP Query User{3428FA28-262B-4AFA-B9A1-D0588BE67702}C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe"= UDP:C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"UDP Query User{09B4297F-07E4-4D28-B830-D867C52F5D5E}C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe"= TCP:C:\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"TCP Query User{151C72C9-A438-4C9F-8FE3-82B0050F0F5D}C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= UDP:C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"UDP Query User{77A8E52A-A227-40D4-8329-7BC0FA9644B6}C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= TCP:C:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"TCP Query User{414367C9-D810-4346-8E25-17B15130A021}C:\program files\joan of arc\joan.exe"= UDP:C:\program files\joan of arc\joan.exe:joan|Desc=joan
"UDP Query User{895485F1-61D4-4A13-8F75-425E43DAC0DE}C:\program files\joan of arc\joan.exe"= TCP:C:\program files\joan of arc\joan.exe:joan|Desc=joan
"TCP Query User{82BEDCA0-5DE6-42A0-B1F2-08007B903611}C:\users\mark jr\desktop\wildproxy021\wildproxy.exe"= UDP:C:\users\mark jr\desktop\wildproxy021\wildproxy.exe:wildproxy.ex e|Desc=wildproxy.exe
"UDP Query User{E229A1FC-A1B1-4F70-B0D9-90BBE6BC9DC4}C:\users\mark jr\desktop\wildproxy021\wildproxy.exe"= TCP:C:\users\mark jr\desktop\wildproxy021\wildproxy.exe:wildproxy.ex e|Desc=wildproxy.exe
"TCP Query User{F2EC5ABF-58E6-41FC-8CDD-A184A57C6443}C:\users\mark jr\desktop\evolutions6.1+xml\evolutions 0.6.1 xml\evolutions-xml.exe"= UDP:C:\users\mark jr\desktop\evolutions6.1+xml\evolutions 0.6.1 xml\evolutions-xml.exe:evolutions-xml.exe|Desc=evolutions-xml.exe
"UDP Query User{D6B9F15B-7421-40F3-B0D1-B33A8612970C}C:\users\mark jr\desktop\evolutions6.1+xml\evolutions 0.6.1 xml\evolutions-xml.exe"= TCP:C:\users\mark jr\desktop\evolutions6.1+xml\evolutions 0.6.1 xml\evolutions-xml.exe:evolutions-xml.exe|Desc=evolutions-xml.exe
"TCP Query User{30106398-0B1B-4E25-815B-D0E62094522F}C:\program files\infogrames\robot arena 2\robot arena 2.exe"= UDP:C:\program files\infogrames\robot arena 2\robot arena 2.exe:Robot Arena 2|Desc=Robot Arena 2
"UDP Query User{0E5E8980-66A7-407F-99A1-B10AE98EFA77}C:\program files\infogrames\robot arena 2\robot arena 2.exe"= TCP:C:\program files\infogrames\robot arena 2\robot arena 2.exe:Robot Arena 2|Desc=Robot Arena 2
"{45644B36-5217-4F1B-9595-1BC799755BED}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{73906406-89AD-4B5C-8D9F-266D0CF7DEA2}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{30C920EE-06F8-48AA-BD01-AB7BCE05C31C}C:\windows\system32\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"UDP Query User{B3D5ED73-240E-43BD-B680-3004DC13949B}C:\windows\system32\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server|Desc=Microsoft DirectPlay8 Server
"TCP Query User{59198665-29A5-4760-8644-C77D7B04D176}C:\program files\robot arena beetle\robot arena 2.exe"= UDP:C:\program files\robot arena beetle\robot arena 2.exe:Robot Arena 2|Desc=Robot Arena 2
"UDP Query User{AF917A22-A77C-4CD1-BE18-383070DD837F}C:\program files\robot arena beetle\robot arena 2.exe"= TCP:C:\program files\robot arena beetle\robot arena 2.exe:Robot Arena 2|Desc=Robot Arena 2
"TCP Query User{2EADDF81-1DB7-46D5-863B-500F9B6C6E7A}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{5CE4124E-9021-428B-98E1-295BE35E14D9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{2B7F9436-057E-4572-8358-B6FC3C1DC2EC}C:\windows\system32\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"UDP Query User{BA919E7E-1E05-4A55-B01D-02D1CE243A80}C:\windows\system32\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"TCP Query User{7892DFE8-5EB0-4CD3-83B4-5224ABB6D617}C:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe"= UDP:C:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe:Battlefront|D esc=Battlefront
"UDP Query User{8CB44D30-2667-40FC-A3A8-5CC9B2F0346E}C:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe"= TCP:C:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe:Battlefront|D esc=Battlefront
"TCP Query User{F67166FD-E235-4771-B7A6-405E091C0DCB}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{D563F2C8-DADF-4780-9631-21E1F646FBD2}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{D4E2D244-7165-4D8C-B88E-764321727F62}C:\users\mark jr\desktop\fullserver_v76\loginserver.exe"= UDP:C:\users\mark jr\desktop\fullserver_v76\loginserver.exe:loginser ver.exe|Desc=loginserver.exe
"UDP Query User{4A229B5B-6620-485D-80AD-857025CF884D}C:\users\mark jr\desktop\fullserver_v76\loginserver.exe"= TCP:C:\users\mark jr\desktop\fullserver_v76\loginserver.exe:loginser ver.exe|Desc=loginserver.exe
"TCP Query User{FE079973-925A-4665-A765-8CAAE5F0120E}C:\users\mark jr\desktop\fullserver_v76\charserver.exe"= UDP:C:\users\mark jr\desktop\fullserver_v76\charserver.exe:charserve r.exe|Desc=charserver.exe
"UDP Query User{1ED77CFA-021A-4710-9D03-2CA74CF165BA}C:\users\mark jr\desktop\fullserver_v76\charserver.exe"= TCP:C:\users\mark jr\desktop\fullserver_v76\charserver.exe:charserve r.exe|Desc=charserver.exe
"TCP Query User{CD1F145B-AB57-41D5-A99D-F687E0F1622B}C:\users\mark jr\desktop\fullserver_v76\worldserver.exe"= UDP:C:\users\mark jr\desktop\fullserver_v76\worldserver.exe:worldser ver.exe|Desc=worldserver.exe
"UDP Query User{0978A06F-9251-458E-87C3-0DED8AA740DF}C:\users\mark jr\desktop\fullserver_v76\worldserver.exe"= TCP:C:\users\mark jr\desktop\fullserver_v76\worldserver.exe:worldser ver.exe|Desc=worldserver.exe
"TCP Query User{81E84365-DE64-41BA-8AB5-FC7F5DCCC7A6}C:\program files\triggersoft - copy\rose online evolution\charserver.exe"= UDP:C:\program files\triggersoft - copy\rose online evolution\charserver.exe:CharServer|Desc=CharServe r
"UDP Query User{B7471B90-5E9F-4D10-B849-7F111F6D3FB4}C:\program files\triggersoft - copy\rose online evolution\charserver.exe"= TCP:C:\program files\triggersoft - copy\rose online evolution\charserver.exe:CharServer|Desc=CharServe r
"TCP Query User{B1916CAE-9C1E-4722-A446-711AD06692D6}C:\chain\creation.exe"= UDP:C:\chain\creation.exe:2AM Creation game engine|Desc=2AM Creation game engine
"UDP Query User{0D46B5E5-B425-42B9-9FB7-4D61A24DE579}C:\chain\creation.exe"= TCP:C:\chain\creation.exe:2AM Creation game engine|Desc=2AM Creation game engine
"TCP Query User{D4A441C9-5D4E-434A-9151-F20239B64136}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{06627C03-1986-4CA5-8B55-86AB461E04F8}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"{BB8D350F-BC9B-4471-B5FC-2F1DFC440B3C}"= UDP:C:\Users\Mark JR\AppData\Local\Temp\nsp3E04.tmp\utorrent.exe:µT orrent
"{D7165BF0-9A2A-456F-B0D4-5B8DD9657100}"= TCP:C:\Users\Mark JR\AppData\Local\Temp\nsp3E04.tmp\utorrent.exe:µT orrent
"TCP Query User{3CFC38AF-6101-4205-AD8A-DABB881E8B29}C:\program files\real\realplayer\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNet works Download and Record Manager|Desc=RealNetworks Download and Record Manager
"UDP Query User{121229E5-FCB6-4EB4-8087-2C9F8EBCF976}C:\program files\real\realplayer\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNet works Download and Record Manager|Desc=RealNetworks Download and Record Manager
"{B551CFB4-40C7-43E0-BF72-A1D80DEC71B1}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{F7D9F1AD-8E60-4F4B-ACC9-EAE31DE3E282}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"TCP Query User{04954996-F212-4077-BC87-A9C0B1ADC63F}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire|Desc=LimeWire
"UDP Query User{E9FA83B7-73BE-424B-9922-131524D47ED6}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire|Desc=LimeWire
"{8641D31E-9C15-489E-95E5-E34C45E4799C}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F99DD380-DFAE-4FDC-A5AA-A91414623FCD}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4D7775A8-E679-4C6E-B63D-94F0CA42C254}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C64730B5-B2E9-4E47-A008-22C501E659CC}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6158E975-3498-4BCC-91FE-7A699A3390E2}C:\sierra\sigspat.exe"= UDP:C:\sierra\sigspat.exe:Auto Update|Desc=Auto Update
"UDP Query User{E2ADE4CD-1BC1-4611-9BC9-E882E7D712C7}C:\sierra\sigspat.exe"= TCP:C:\sierra\sigspat.exe:Auto Update|Desc=Auto Update
"TCP Query User{2FC7D1E7-C3DE-435A-82F0-8D41FD5A0E5C}C:\sierra\lords2\lords2.exe"= UDP:C:\sierra\lords2\lords2.exe:LORDS2|Desc=LORDS2
"UDP Query User{E1C32986-6F48-484A-A1C5-9871FDC9A31F}C:\sierra\lords2\lords2.exe"= TCP:C:\sierra\lords2\lords2.exe:LORDS2|Desc=LORDS2
"{3F50CCB2-C914-4FC1-B28F-E9E9503E75CF}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{C151DFBE-ACD9-4A69-AEAE-1C755C069B1F}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E5F8F835-3792-4B3C-AA42-74D94E234EA1}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{6E49F80B-AA59-436E-A054-E960994E61AC}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{5463B87F-DD16-44FF-B36E-73B5B141579E}C:\program files\legacygamers\legacygamers gunz online\legacygamers.exe"= UDP:C:\program files\legacygamers\legacygamers gunz online\legacygamers.exe:Gunz|Desc=Gunz
"UDP Query User{4359A469-8E66-487B-8401-44C4C444E728}C:\program files\legacygamers\legacygamers gunz online\legacygamers.exe"= TCP:C:\program files\legacygamers\legacygamers gunz online\legacygamers.exe:Gunz|Desc=Gunz
"TCP Query User{6324305A-5CB4-4792-8961-6CFC5196405F}C:\program files\euro gunz beta 4\gunz.exe"= UDP:C:\program files\euro gunz beta 4\gunz.exe:Gunz|Desc=Gunz
"UDP Query User{60147446-0EFD-4C18-9646-1629FBB78C91}C:\program files\euro gunz beta 4\gunz.exe"= TCP:C:\program files\euro gunz beta 4\gunz.exe:Gunz|Desc=Gunz
"{FD8FD210-02C2-4B95-8F90-68239786ED58}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{49A2437B-A8A8-42F0-A5A5-F808CFFA3255}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{77D70DC4-C194-4A3B-B628-9ED9E24B868F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{35A1E219-377F-42A0-9A35-446DE6BF2A98}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FD5F2277-808A-4FB3-BFD3-F4EED1222233}C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\char-server.exe"= UDP:C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\char-server.exe:char-server|Desc=char-server
"UDP Query User{077AD9DC-765C-4037-85A4-B2E141E856AC}C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\char-server.exe"= TCP:C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\char-server.exe:char-server|Desc=char-server
"TCP Query User{320D7123-F074-4856-8019-FC29206BC7BF}C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\login-server.exe"= UDP:C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\login-server.exe:login-server|Desc=login-server
"UDP Query User{F24723C1-FA1A-4D5E-A60F-18BFE55007E6}C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\login-server.exe"= TCP:C:\program files\gravity\ro\11649_eathena_stable_txt\11649_ea thena_stable_txt\login-server.exe:login-server|Desc=login-server
"TCP Query User{E2D072B6-1AA7-4992-ABA4-6E2558F4B588}C:\program files\ragezone online games\gunz online v1.0\game.exe"= UDP:C:\program files\ragezone online games\gunz online v1.0\game.exe:Gunz|Desc=Gunz
"UDP Query User{5A3C3999-7D94-4FB2-99D3-AAFD1E064CEB}C:\program files\ragezone online games\gunz online v1.0\game.exe"= TCP:C:\program files\ragezone online games\gunz online v1.0\game.exe:Gunz|Desc=Gunz
"TCP Query User{7FA98B14-FBFC-4E4D-A31F-BC107FB6DA8B}C:\program files\softnyx\rakion\bin\rakion.bin"= UDP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin|Des c=rakion.bin
"UDP Query User{76FAF32B-B47A-426F-804C-5CB0930F64E2}C:\program files\softnyx\rakion\bin\rakion.bin"= TCP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin|Des c=rakion.bin
"TCP Query User{6216DC71-13BE-415D-96A0-359C3F7A6A8E}C:\program files\pushtop.com\purge\purgeserv.exe"= UDP:C:\program files\pushtop.com\purge\purgeserv.exe:Purge Jihad Dedicated Server|Desc=Purge Jihad Dedicated Server
"UDP Query User{79F91B1B-E963-47EE-ADC5-3D48F966C00B}C:\program files\pushtop.com\purge\purgeserv.exe"= TCP:C:\program files\pushtop.com\purge\purgeserv.exe:Purge Jihad Dedicated Server|Desc=Purge Jihad Dedicated Server
"TCP Query User{EA4DE61B-151F-415F-B6DA-98CB2C166376}C:\program files\the all-seeing eye\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye|Desc=Yahoo! All-Seeing Eye
"UDP Query User{B309041E-4DD6-4A67-A168-5A0776585808}C:\program files\the all-seeing eye\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye|Desc=Yahoo! All-Seeing Eye
"TCP Query User{87E55885-F5F2-4E00-89D1-07913045F3D5}C:\program files\softnyx\wolfteam\wolfteam.bin"= UDP:C:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam|Desc= WolfTeam
"UDP Query User{AA12AB58-9264-4EC3-8DD4-048D06CB8B36}C:\program files\softnyx\wolfteam\wolfteam.bin"= TCP:C:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam|Desc= WolfTeam
"TCP Query User{499F329A-1534-49E1-B778-62E31D4ED8A8}C:\odinms\odinms\odinms.exe"= UDP:C:\odinms\odinms\odinms.exe:MapleStory|Desc=Ma pleStory
"UDP Query User{30682F3B-645E-435D-B583-AFC136538657}C:\odinms\odinms\odinms.exe"= TCP:C:\odinms\odinms\odinms.exe:MapleStory|Desc=Ma pleStory
"TCP Query User{86ACF535-8C14-4028-B2E5-C20B7AD5C48F}C:\odinms\odinms\maplestory.exe"= UDP:C:\odinms\odinms\maplestory.exe:MapleStory|Des c=MapleStory
"UDP Query User{22791EE3-389F-476D-8FB8-2C717BE0AEAA}C:\odinms\odinms\maplestory.exe"= TCP:C:\odinms\odinms\maplestory.exe:MapleStory|Des c=MapleStory
"TCP Query User{E03F32D3-7876-48CD-9300-56FEF49F4DC0}C:\program files\gametap\bin\release\gametap.exe"= UDP:C:\program files\gametap\bin\release\gametap.exe:GameTap Application|Desc=GameTap Application
"UDP Query User{43BF2AF3-8FC6-40F0-94F5-28404EC9474E}C:\program files\gametap\bin\release\gametap.exe"= TCP:C:\program files\gametap\bin\release\gametap.exe:GameTap Application|Desc=GameTap Application
"TCP Query User{A403FAF5-875D-4FB7-B0C9-3DF371948666}X:\program files\infogrames interactive\civilization iii\civ3ptw\civilization3x.exe"= UDP:X:\program files\infogrames interactive\civilization iii\civ3ptw\civilization3x.exe:civilization3x.exe| Desc=civilization3x.exe
"UDP Query User{7907A14C-C91F-484A-BA09-8E4B8FBD53D0}X:\program files\infogrames interactive\civilization iii\civ3ptw\civilization3x.exe"= TCP:X:\program files\infogrames interactive\civilization iii\civ3ptw\civilization3x.exe:civilization3x.exe| Desc=civilization3x.exe
"TCP Query User{17A3DD89-A969-4AAE-8E7C-9AE8BF8B2F39}C:\programdata\gametap\games\14000015 0\data\uruexplorer.exe"= UDP:C:\programdata\gametap\games\140000150\data\ur uexplorer.exe:UruExplorer|Desc=UruExplorer
"UDP Query User{B8C25AA9-7F8E-4BC7-BC60-342ED9B4BB3A}C:\programdata\gametap\games\14000015 0\data\uruexplorer.exe"= TCP:C:\programdata\gametap\games\140000150\data\ur uexplorer.exe:UruExplorer|Desc=UruExplorer
"TCP Query User{F64E0F7A-A54F-4B6E-B635-102D91068901}X:\seven kingdoms aa\7k.exe"= UDP:X:\seven kingdoms aa\7k.exe:7k.exe|Desc=7k.exe
"UDP Query User{1CB90A5B-5776-4A3D-B368-3356F2C12A0E}X:\seven kingdoms aa\7k.exe"= TCP:X:\seven kingdoms aa\7k.exe:7k.exe|Desc=7k.exe
"TCP Query User{70D45158-6B93-4142-B507-E2548C6D9D2B}C:\windows\system32\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper
"UDP Query User{8B193AC3-84A3-4B1D-AF6D-E5C24773EBF9}C:\windows\system32\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper
"TCP Query User{EEB6351A-5710-40ED-9A6A-7B766C4A1F25}X:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe"= UDP:X:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe:battlecry iii.exe|Desc=battlecry iii.exe
"UDP Query User{CAF581C9-4770-494E-83A9-518D2E2B52F8}X:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe"= TCP:X:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe:battlecry iii.exe|Desc=battlecry iii.exe
"TCP Query User{D55D3F8E-D2D5-4E77-8D0B-ED1597FCE503}C:\odinms\odinms\odinms.exe"= UDP:C:\odinms\odinms\odinms.exe:MapleStory|Desc=Ma pleStory
"UDP Query User{4B33BEB9-2704-4669-BAFF-79EFF663C811}C:\odinms\odinms\odinms.exe"= TCP:C:\odinms\odinms\odinms.exe:MapleStory|Desc=Ma pleStory
"TCP Query User{288A9952-E0B9-4261-8CF4-F2D8CA677AB6}C:\program files\gameflier\ghostonline\game.exe"= UDP:C:\program files\gameflier\ghostonline\game.exe:game|Desc=gam e
"UDP Query User{0CF131CF-1314-44D3-9F2D-D770659AAD26}C:\program files\gameflier\ghostonline\game.exe"= TCP:C:\program files\gameflier\ghostonline\game.exe:game|Desc=gam e
"TCP Query User{3979BBAC-9BA1-4B8A-AA01-744C19F89A4D}C:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe"= UDP:C:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe:Supreme Commander Application|Desc=Supreme Commander Application
"UDP Query User{10B180FD-1709-44BF-B1A0-6D48D360FDA6}C:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe"= TCP:C:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe:Supreme Commander Application|Desc=Supreme Commander Application
"TCP Query User{423A8B78-6F25-4D57-981C-0FEBC2137F17}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe"= UDP:C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe:GPGnet: Supreme Commander|Desc=GPGnet: Supreme Commander
"UDP Query User{B4D45845-5394-4F7C-8D8C-DB29F10DA9D6}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe"= TCP:C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe:GPGnet: Supreme Commander|Desc=GPGnet: Supreme Commander
  #7  
Old 27th Feb 2008, 19:11
Member Group
  
"TCP Query User{D9D131C5-FBC3-4213-A6E3-08C829AB8CF9}C:\program files\kuma games\kumaclient.exe"= UDP:C:\program files\kuma games\kumaclient.exe:KumaClient|Desc=KumaClient
"UDP Query User{8B04A767-3B95-41EE-ACA0-073B8F04A7ED}C:\program files\kuma games\kumaclient.exe"= TCP:C:\program files\kuma games\kumaclient.exe:KumaClient|Desc=KumaClient
"TCP Query User{B0B096AB-231A-4E5A-BC5E-181440B47E7F}C:\program files\kuma games\kumaclient.exe"= UDP:C:\program files\kuma games\kumaclient.exe:KumaClient|Desc=KumaClient
"UDP Query User{3417FC40-D9CB-4229-8F48-1FC1FF68CA3E}C:\program files\kuma games\kumaclient.exe"= TCP:C:\program files\kuma games\kumaclient.exe:KumaClient|Desc=KumaClient
"TCP Query User{A32E5A44-E49B-4AC1-A9D7-ED9F1DCC3163}C:\program files\gametap\bin\release\gametap.exe"= UDP:C:\program files\gametap\bin\release\gametap.exe:GameTap Application|Desc=GameTap Application
"UDP Query User{160F5DFC-BE8D-4B0D-BA03-DB2253658D9E}C:\program files\gametap\bin\release\gametap.exe"= TCP:C:\program files\gametap\bin\release\gametap.exe:GameTap Application|Desc=GameTap Application
"TCP Query User{137FF54A-C65E-4842-BE94-A8FD67844B21}X:\sierra\lords2\lords2.exe"= UDP:X:\sierra\lords2\lords2.exe:lords2.exe|Desc=lo rds2.exe
"UDP Query User{6E85FFAB-46AD-4A08-B13C-7953B4A79C1D}X:\sierra\lords2\lords2.exe"= TCP:X:\sierra\lords2\lords2.exe:lords2.exe|Desc=lo rds2.exe
"TCP Query User{A3616CFB-E824-4748-8B68-FE7DD22E9029}C:\windows\system32\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper
"UDP Query User{46D41606-10BE-4DBD-B9F1-CFB4F40B422D}C:\windows\system32\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper
"TCP Query User{E0E3CE52-20C6-4BC4-B574-62270677795B}C:\sierra\lords2\lords2.exe"= UDP:C:\sierra\lords2\lords2.exe:LORDS2|Desc=LORDS2
"UDP Query User{B4FCB7EA-05B0-490B-A29E-002B3491E36F}C:\sierra\lords2\lords2.exe"= TCP:C:\sierra\lords2\lords2.exe:LORDS2|Desc=LORDS2
"TCP Query User{03F268AB-164F-482F-9E70-D69E8D8051AB}C:\program files\microsoft games\age of empires ii trial\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II|Desc=Age of Empires II
"UDP Query User{8C580EF6-D8E0-4283-8BFF-91013104D405}C:\program files\microsoft games\age of empires ii trial\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II|Desc=Age of Empires II
"{5477C795-14F6-42E6-A594-10885FF17401}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{1EEA6B5C-C2C5-4373-B91F-C49B5D0EBA5B}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{ED7C7779-D1EC-4B16-BCBB-4562D6480285}"= UDP:27900:Master Server UDP Heartbeat
"{AF7FC7CA-2153-4EF4-A9EC-1CBC987F60C2}"= UDP:6667:IRC
"{26EE523F-0D26-4D71-B31B-25344FBFF9F1}"= UDP:3783:Voice Chat Port
"{AC58758C-BA25-4F2F-BCFE-DB3D14ED43AF}"= UDP:28900:Master Server List Request
"{BD475780-96E2-468E-8222-58C4FB1BE725}"= UDP:29900:GP Connection Manager
"{30083803-83E9-4127-95A7-5214DA649A1D}"= UDP:29901:GP Search Manager
"{E5F196FF-14FA-4079-991B-EDF0F6F3ADF1}"= UDP:13139:Custom UDP Pings
"{6CE0DFE4-DB8A-4984-88B4-ADF176DF37B7}"= UDP:6515:Dplay UDP
"{00686643-0B37-4382-8219-A51D41D7CEE5}"= UDP:6500:Query Port
"TCP Query User{38830D7F-8F97-452A-B847-6DA977003962}C:\program files\microsoft games\age of empires ii trial\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II|Desc=Age of Empires II
"UDP Query User{61EE5ABA-172F-490A-AEDE-1EEBC87FE1F6}C:\program files\microsoft games\age of empires ii trial\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II|Desc=Age of Empires II
"TCP Query User{A8805F80-EBD1-4FB1-82F4-230455634D07}C:\users\mark jr\desktop\tc\aoe2conq\empires2.exe"= UDP:C:\users\mark jr\desktop\tc\aoe2conq\empires2.exe:empires2.exe|D esc=empires2.exe
"UDP Query User{CA4A63C9-4615-46F2-8F05-E6D7C0EF65A9}C:\users\mark jr\desktop\tc\aoe2conq\empires2.exe"= TCP:C:\users\mark jr\desktop\tc\aoe2conq\empires2.exe:empires2.exe|D esc=empires2.exe
"{6E2E913D-9C88-4A3A-AD11-7609BB0DA0E8}"= UDP:23978:age of emppires fix?
"TCP Query User{0A5E5A54-4B67-476F-BA11-76079B01863F}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1.exe"= UDP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1.exe:age2_x1.exe|Des c=age2_x1.exe
"UDP Query User{0AFA5CD2-97C6-41F6-81CA-3670AD16C789}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1.exe"= TCP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1.exe:age2_x1.exe|Des c=age2_x1.exe
"TCP Query User{4E1EA48F-D6DB-48B9-A06A-AF1963E4D8E8}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe"= UDP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe:age2_x1 (2).exe|Desc=age2_x1 (2).exe
"UDP Query User{D9606984-36A5-405A-B02E-E8E90B7FA1B0}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe"= TCP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe:age2_x1 (2).exe|Desc=age2_x1 (2).exe
"{ECB48CF3-E9D3-47C6-A966-9ACF2008AD00}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7E28A35C-5B3D-4E73-8CEE-EB1BE541399B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9BFF7F0C-5516-4A4E-BBBB-28FE9EE4546C}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe"= UDP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe:age2_x1 (2).exe|Desc=age2_x1 (2).exe
"UDP Query User{FF8D673C-C8D6-47E5-94C5-B16B6CB0A80E}C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe"= TCP:C:\users\mark jr\desktop\tc\aoe2conq\age2_x1 (2).exe:age2_x1 (2).exe|Desc=age2_x1 (2).exe
"TCP Query User{AF8E3CE3-E578-443A-9E76-9E430B8F68D5}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bi ttorrent
"UDP Query User{1964436B-718F-4AFB-A831-1CD88F4E4227}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bi ttorrent
"TCP Query User{69C0632D-1648-4D36-8CF0-A40D1B2F9061}X:\program files\impressions games\lords of the realm iii\game.exe"= UDP:X:\program files\impressions games\lords of the realm iii\game.exe:game.exe|Desc=game.exe
"UDP Query User{05D8C4F2-6190-414B-ABFD-EE103E4F6438}X:\program files\impressions games\lords of the realm iii\game.exe"= TCP:X:\program files\impressions games\lords of the realm iii\game.exe:game.exe|Desc=game.exe
"TCP Query User{07FF04FB-F078-46C4-BAD9-B3933BD8422A}C:\program files\wolfenstein - enemy territory\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET|Desc=ET
"UDP Query User{E3B3A472-1853-491C-B445-895777E3630A}C:\program files\wolfenstein - enemy territory\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET|Desc=ET
"TCP Query User{292A8442-784E-4EB1-A220-87183FFDA280}C:\program files\wolfenstein - enemy territory\etded.exe"= UDP:C:\program files\wolfenstein - enemy territory\etded.exe:ETDED|Desc=ETDED
"UDP Query User{EDCFAC4B-B961-414C-88ED-5E5635FDD7CB}C:\program files\wolfenstein - enemy territory\etded.exe"= TCP:C:\program files\wolfenstein - enemy territory\etded.exe:ETDED|Desc=ETDED
"TCP Query User{64477D24-CDB6-4D30-951F-3B17BE8F8AD4}C:\program files\gridservice\peer.exe"= UDP:C:\program files\gridservice\peer.exe:Grid Service|Desc=Grid Service
"UDP Query User{76189BA5-44D9-4F20-A608-443B84695F23}C:\program files\gridservice\peer.exe"= TCP:C:\program files\gridservice\peer.exe:Grid Service|Desc=Grid Service
"TCP Query User{997B194A-5FCD-425F-B803-191C27DBD870}C:\savage\silverback2.exe"= UDP:C:\savage\silverback2.exe:silverback2|Desc=sil verback2
"UDP Query User{33AB9E67-3C63-4632-94E0-FC0B2618C8D4}C:\savage\silverback2.exe"= TCP:C:\savage\silverback2.exe:silverback2|Desc=sil verback2
"TCP Query User{5F75651F-629B-4877-84AD-C157CDEA1035}C:\users\mark jr\desktop\sfe-server-win32\silverback.exe"= UDP:C:\users\mark jr\desktop\sfe-server-win32\silverback.exe:silverback.exe|Desc=silverbac k.exe
"UDP Query User{68BF64B0-2D39-466C-A868-B6D9FBD3F89C}C:\users\mark jr\desktop\sfe-server-win32\silverback.exe"= TCP:C:\users\mark jr\desktop\sfe-server-win32\silverback.exe:silverback.exe|Desc=silverbac k.exe
"TCP Query User{CE01D933-2FA3-4206-8D64-928629DA24F6}C:\users\mark jr\desktop\sfe-n4b-server-win32\silverback.exe"= UDP:C:\users\mark jr\desktop\sfe-n4b-server-win32\silverback.exe:silverback.exe|Desc=silverbac k.exe
"UDP Query User{6EE479F7-9AF1-4E9F-8052-B3FECAFF121C}C:\users\mark jr\desktop\sfe-n4b-server-win32\silverback.exe"= TCP:C:\users\mark jr\desktop\sfe-n4b-server-win32\silverback.exe:silverback.exe|Desc=silverbac k.exe
"TCP Query User{E318A456-9E50-466F-BC5C-E3D3A1F4F779}C:\users\mark jr\desktop\rune\system\rune.exe"= UDP:C:\users\mark jr\desktop\rune\system\rune.exe:rune.exe|Desc=rune .exe
"UDP Query User{2C4F2E17-441D-4C5A-930B-CF47D561FCBA}C:\users\mark jr\desktop\rune\system\rune.exe"= TCP:C:\users\mark jr\desktop\rune\system\rune.exe:rune.exe|Desc=rune .exe
"TCP Query User{FA49907F-1BDA-4ACE-9A4F-B8480AA1F0FE}C:\program files\sierra\swat 4\content\system\swat4.exe"= UDP:C:\program files\sierra\swat 4\content\system\swat4.exe:SWAT 4|Desc=SWAT 4
"UDP Query User{121238EF-1C46-4457-AA8D-B93E515A6B5E}C:\program files\sierra\swat 4\content\system\swat4.exe"= TCP:C:\program files\sierra\swat 4\content\system\swat4.exe:SWAT 4|Desc=SWAT 4
"TCP Query User{BA6D6B74-0ABC-45A2-9FB6-34CE34E5D516}C:\program files\starcraft shareware(ed)\starcraft.exe"= UDP:C:\program files\starcraft shareware(ed)\starcraft.exe:Starcraft|Desc=Starcra ft
"UDP Query User{435A4D39-44AF-4AD5-9CDA-FB544988D26B}C:\program files\starcraft shareware(ed)\starcraft.exe"= TCP:C:\program files\starcraft shareware(ed)\starcraft.exe:Starcraft|Desc=Starcra ft
"{8A7019F7-6728-4DF9-B385-FE06E3749B5B}"= TCP:6112:battle.net
"{D2A458C3-0A93-407F-B3D0-197D3A524CB7}"= UDP:6112:battlenet2
"TCP Query User{AE108F95-E242-451C-B098-85DAC58DB406}C:\program files\codemasters\rf online\rf.exe"= UDP:C:\program files\codemasters\rf online\rf.exe:RFLauncher|Desc=RFLauncher
"UDP Query User{2DA89C77-3F03-43A6-823B-959E276E2A8C}C:\program files\codemasters\rf online\rf.exe"= TCP:C:\program files\codemasters\rf online\rf.exe:RFLauncher|Desc=RFLauncher
"{94A7BBEE-7DA2-4FF3-82B8-88F11E7ED2C0}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{3E084362-F000-4037-8A41-44C2D05C7733}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{1AFC2D19-5540-4A1B-91F4-B2401AB1BF9E}"= UDP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{8E4DBC67-B119-4AE1-AD68-9028634BB2F8}"= TCP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{CF3EDF22-A356-4624-9F82-E55C569DD995}"= UDP:C:\Program Files\Codemasters\warzone 51\Warzone51.exe:Warzone51.exe
"{85F05214-5E7E-44C7-A6D7-09D625E7DDEB}"= TCP:C:\Program Files\Codemasters\warzone 51\Warzone51.exe:Warzone51.exe
"{BFFDD0C5-3167-445D-93C2-033F16C0DC37}"= UDP:C:\Users\Mark JR\Desktop\GP-GrandChase\main.exe:GrandChase
"{34B7588F-C9D7-4740-85BD-DBEABEA0738B}"= TCP:C:\Users\Mark JR\Desktop\GP-GrandChase\main.exe:GrandChase
"TCP Query User{0F8A9413-6722-444C-BC16-1A266268D1BC}C:\users\mark jr\desktop\odinms\gms\localms.exe"= UDP:C:\users\mark jr\desktop\odinms\gms\localms.exe:localms.exe|Desc =localms.exe
"UDP Query User{EBB7F8D7-682F-49C0-9AE2-E1048F29D3CF}C:\users\mark jr\desktop\odinms\gms\localms.exe"= TCP:C:\users\mark jr\desktop\odinms\gms\localms.exe:localms.exe|Desc =localms.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2007-12-04 09:52]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-13 13:52]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2006-11-02 10:01]
R3 kbdcap;kbdcap;C:\Windows\system32\drivers\kbdcap.s ys [2007-12-16 13:30]
R3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 02:41]
R3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 02:41]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 18:13]
S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 04:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - EECTRL
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - IDSVIX86
*Newly Created Service* - NAVENG
*Newly Created Service* - NAVEX15
*Newly Created Service* - NPKCRYPT
*Newly Created Service* - SPBBCDRV
*Newly Created Service* - SRTSPX
*Newly Created Service* - SYMDNS
*Newly Created Service* - SYMEVENT
*Newly Created Service* - SYMFW
*Newly Created Service* - SYMIDS
*Newly Created Service* - SYMNDISV
*Newly Created Service* - SYMREDRV
*Newly Created Service* - SYMTDI
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 21:00:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-27 21:06:48
ComboFix-quarantined-files.txt 2008-02-28 02:06:43
.
2008-02-27 20:15:24 --- E O F ---





OH YEAH IT DELETED 4 WINDOW DOWNLOADED IT WAS LIKE C:WINDOWS/IFORGOTLOL/DOWNLOAD.01 ETC


IS THAT A BUG? OR ANYWAY TO GET TI BACK IF I NEEDED IT
  #8  
Old 27th Feb 2008, 19:38
Moderator Group
  
The only thing scombofix deleted was these two files.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat

Can you be more specific on what it deleted.

Are you behind a proxy or something?
__________________
  #9  
Old 27th Feb 2008, 20:48
Member Group
  
ok it said qmgr 2 and 3 also ... anyways what do i need to do know norton antivirus detected adware
  #10  
Old 27th Feb 2008, 21:25
Moderator Group
  
Quote:
Originally Posted by madcows7 View Post
ok it said qmgr 2 and 3 also
It only removed the two listed unless you edited some out of the log.

Quote:
qmgr0.dat and qmgr1.dat are files that are created/used by BITS
(Background Intelligent Transfer service), and they are constantly
in use by the BITS service.
Windows has most likely already recreated any that are needed. but if you want to restore them you can go to C:\qoobox which is the backups Combofix made before removal, or do a system restore to before running Combofix as it also created a restore point before running.

Quote:
Originally Posted by madcows7 View Post
anyways what do i need to do know norton antivirus detected adware
What is the name of the adware it is finding. You appear to be running game cheats or something? I have no problem with this and the only reason I mention it is because it makes it hard for me to determine what is legit (added by you) and what may be added by malware.

Post a fresh Hijackthis log please.
__________________
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.