[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-HijackThis - L:\HijackThis.exe
AddRemove-MiniStumbler - c:\program files\MiniStumbler\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-WinGTK-2_is1 - c:\program files\Common Files\GTK\2.0\setup\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-10-02 00:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-02 00:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-02 06:18
Pre-Run: 6,091,493,376 bytes free
Post-Run: 7,932,510,208 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /safeboot:network
- - End Of File - - 6B45C2CDCABD71181D548A4214CC3A83
ComboFix 10-10-01.01 - Brad 10/02/2010 0:39.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2873 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 05:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 05:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery