Those .exe's are actually little flash files. They're without viruses or other badware, and if you wish, you can use a spyware/virus scan on it ;)

well p2d2 I don't know what to say...my version of PG2 does nothing like what you describe, there is no catalog.wci on my machine, and the only problems I've ever had with PG2 are when I am for all intensive purposes being DDOS'd by Macrovision when using BearShare...I guess PG can't handle the abuse and will occasionally freak out and I have to use the Recover PeerGuardian option to kill the driver and restart the app...other than that it has done its job marvelously.....

And suppose the first lines of that Flash code are an encrypted registry edit, Neglacio, which decrypts and executes when you click the file. Would you be able to see that? And would a virus scanner be able to detect that?

P2D2: First of all, I guess you're yet contaminated with spyware and others.
I suggest you a check with Hitman Pro: Hitman Pro | Alles-in-1 oplossing tegen spyware - Home
Next to that, I'm responsible for the content of the .exe's since the creator of the Security Centre is a good friend of me ;)

Yes, Peerless, it seems more probable that the Server service is actually started by Shareaza, because it is required for file sharing. But the big server index, catalog.wci, is definitely the work of PG2.

You can't see it because it is hidden in the (normally) unreadable System Volume Information file. To access that file you have to change the access permissions (Start > Run > cmd > change to root directory of drive you want to access file on. Then cacls "system volume information" /t /g "Your user name":f )

That permanently (/t) grants you (/g "username") full access (:f) by editing the Access Control List (cACLs) for that file. Then you can look inside your SVI folder and delete stuff - but be careful because that's your system restore file (if you are still using System Restore).

@Neglacio, perhaps you could gently pass your friend at the Shareaza Security Centre the feedback that whilst X-Ray Filter looks like it could be useful... it is pretty difficult to trust or evaluate when he doesn't provide any documentation.

Shareaza does NOT start the server service...
I asked the devs, and looked in the code itself...

That's interesting. If Shareaza doesn't need it then, I'm going to disable that service. And since Shareaza didn't turn it on, it must have been PG2.

(Later) It's off... and Shareaza's still happy, so that's a step forward.

p2d2 your command line command is different that the one given at M$...they detail the following : cacls "driveletter:\System Volume Information" /E /G username:F

either way, there is no such file on my machine...in fact my system volume folder is for all basic purposes empty (probably because I don't use system restore)...

soooo...from my viewpoint PG2 has nothing to do with that...UNLESS there has been some sort of add on slipped in since I got my version...now note the fact that I got the original release and PG2 when active does show no updates available...

I like that for Microsoft - M$ :)
In CACLS, switch tee (/t) is a permanent change; switch e (/e) is a session edit that reverts when you reboot, that's all.

Checking Phoenix Labs website just now, I notice that PeerGuardian2 is open source, so I guess that answers almost all the questions. The only one it leaves is to verify that the compiled source code and the download are the same file. How easy is that going to be to do?

Patience often helps. Keep searching for your sources. It looks like it's a rare few parts of the file that are being shared. ;) Eventually you will be online at same time someone else does who has those parts & has free upload slot just for you. :)