fleury

Chrome infected? Help =(

61 posts in this topic

Hi,

On my laptop, Google Chrome has recently become completely unusable. It is my preferred browser, so I'm really hoping this can be fixed.

Laptop is running Windows Vista Home Premium SP2. I'd previously had AVG installed. Over the years, everything has gradually run slower, but it's been mostly bareable. Last week, I ended up with utorrentcontrol2 community toolbar, and this appears to have broken Chrome). (I didn't deliberately install the toolbar. I have since deleted it and utorrent. I also uninstalled and reinstalled Chrome.)

I have uninstalled AVG and ran AVGRemover, and installed Microsoft Security Essentials (which said there were no viruses). I installed and ran Malwarebytes Anti-Malware free edition, which found no malware. I installed and ran SUPERAntiSpyWare which found (and removed) 913 file threats.

I tried Chrome again and nothing has improved. I can sometimes get one webpage loaded and then it becomes complete non responsive. When I have Task Manager running, it tells me on the Processes tab that Chrome is using 300+ Mb of memory, and 50 (%? I'm not sure what the unit is there) of the cpu.

Any help is appreciated.

Thanks,

--

Marc.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Marc at 12:22:29 on 2012-06-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.121 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\ehome\ehmsas.exe

C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\Users\Marc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.ca/

mStart Page = hxxp://sympatico.ca

mDefault_Page_URL = hxxp://sympatico.ca

uURLSearchHooks: H - No File

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\marc\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [googletalk] c:\users\marc\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\koobit~1.lnk - c:\program files\koobits 4.0\KooBits 4.0.exe

StartupFolder: c:\users\marc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0} : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 257696]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765]

.

=============== Created Last 30 ================

.

2012-06-03 14:40:53 -------- d-----w- c:\users\marc\appdata\roaming\SUPERAntiSpyware.com

2012-06-03 14:39:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-03 14:39:43 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-03 13:56:26 -------- d-----w- c:\users\marc\appdata\roaming\Malwarebytes

2012-06-03 13:55:51 -------- d-----w- c:\programdata\Malwarebytes

2012-06-03 13:55:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-03 13:55:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-03 06:01:32 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9d8cde56-eb92-4e00-b9da-7f235501ff9f}\mpengine.dll

2012-06-03 04:56:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2012-06-03 04:56:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fdcaff3e-ee34-4100-9f33-f376eeff2365}\gapaengine.dll

2012-06-03 04:32:48 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-06-03 04:07:25 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-03 04:06:42 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-06-03 03:40:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13f0bdb0-ab9f-463e-82f2-8c56660eb083}\offreg.dll

2012-06-03 03:20:57 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13f0bdb0-ab9f-463e-82f2-8c56660eb083}\mpengine.dll

2012-06-01 03:41:22 -------- d-----w- c:\users\marc\appdata\local\Apps

2012-06-01 03:41:21 -------- d-----w- c:\users\marc\appdata\local\Deployment

2012-06-01 02:45:50 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP

2012-05-28 02:57:19 -------- d-----w- c:\program files\Conduit

2012-05-28 02:42:36 -------- d-----w- c:\users\marc\appdata\local\CRE

2012-05-28 02:40:39 -------- d-----w- c:\users\marc\appdata\local\Conduit

2012-05-25 19:02:08 -------- d-----w- c:\users\marc\appdata\local\Samsung

2012-05-25 18:58:34 -------- d-----w- c:\users\marc\appdata\roaming\Samsung

2012-05-25 18:11:17 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-05-25 18:07:44 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-25 18:07:44 -------- d-----w- c:\program files\MarkAny

2012-05-25 18:07:42 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-25 18:04:06 -------- d-----w- c:\program files\Samsung

2012-05-25 18:04:05 -------- d-----w- c:\programdata\Samsung

2012-05-25 17:59:47 -------- d-----w- c:\users\marc\appdata\local\Downloaded Installations

.

==================== Find3M ====================

.

2012-05-05 14:07:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 14:07:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-21 07:05:20 161792 ----a-w- c:\windows\system32\msls31.dll

2012-03-21 07:05:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-21 07:05:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-21 07:05:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-21 07:05:06 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-21 07:05:03 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-03-21 07:05:00 367104 ----a-w- c:\windows\system32\html.iec

2012-03-21 07:04:56 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-03-21 07:04:51 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-21 07:04:44 152064 ----a-w- c:\windows\system32\wextract.exe

2012-03-21 07:04:42 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-03-21 07:04:36 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-03-21 07:04:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-21 07:04:23 11776 ----a-w- c:\windows\system32\mshta.exe

2012-03-21 07:04:23 101888 ----a-w- c:\windows\system32\admparse.dll

2012-03-21 07:04:19 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-03-21 07:04:15 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-03-08 03:35:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

.

============= FINISH: 12:28:34.68 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 04/01/2008 8:58:19 AM

System Uptime: 03/06/2012 11:26:15 AM (1 hours ago)

.

Motherboard: Quanta | | 30BB

Processor: Genuine Intel® CPU T2080 @ 1.73GHz | U2E1 | 1733/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 105 GiB total, 10.98 GiB free.

D: is FIXED (NTFS) - 6 GiB total, 0.753 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 8.3.1

Apple Software Update

ASL_HS_Installer32

AutoUpdate

BrickStore

CDisplay 1.8

Conexant HD Audio

Crystal Reports for Visual Studio

D3DX10

DHTML Editing Component

DivX

DivX Plus Web Player

Evernote v. 4.5.3

Free Realms Installer

Google Chrome

Google Talk (remove only)

Google Talk Plugin

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check for Health Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2455033)

HP Active Support Library

HP Connections (remove only)

HP Customer Experience Enhancements

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Help and Support

HP Pavilion Webcam Driver for Vista v061.001.00005

HP Quick Launch Buttons

HP QuickPlay 3.0

HP Total Care Advisor

HP Update

HP User Guide 0048

HP Wireless Assistant

HPNetworkAssistant

Intel® Graphics Media Accelerator Driver

Intel® Network Connections Drivers

Ipswitch WS_FTP 12

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6

Junk Mail filter update

LEGO Digital Designer

LightScribe 1.4.124.1

LiveUpdate 3.2 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Help Viewer 1.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Professional with FrontPage

Microsoft Reader

Microsoft Reader Text-to-Speech for English

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft Sync Framework Runtime v1.0 SP1 (x86)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x86)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual Basic 6.0 Working Model Edition

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Professional - ENU

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio Macro Tools

Microsoft Web Publishing Wizard 1.53

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Notepad++

O3D Extras

O3D Plugin

PDF Info 1.0

Picasa 3

Python 2.6 pygame-1.8.1

Python 2.6.1

QLBCASL

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)

Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Segoe UI

Simple FTP Client 1.0

Sonic Activation Module

Spelling Dictionaries Support For Adobe Reader 8

SUPERAntiSpyware

Synaptics Pointing Device Driver

TES Construction Set

Unity Web Player

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.4053

VideoLAN VLC media player 0.8.6d

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Web Deployment Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

29/05/2012 8:32:27 PM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.

29/05/2012 8:28:27 PM, Error: Service Control Manager [7022] - The HP Health Check Service service hung on starting.

29/05/2012 8:21:14 PM, Error: EventLog [6008] - The previous system shutdown at 8:18:48 PM on 29/05/2012 was unexpected.

29/05/2012 7:09:18 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

29/05/2012 7:06:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

28/05/2012 3:52:07 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/05/2012 3:52:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

03/06/2012 12:56:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:54:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1256.0).

03/06/2012 12:53:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:49:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070643 Error description: Fatal error during installation.

03/06/2012 12:48:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

03/06/2012 12:30:54 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

03/06/2012 12:28:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

03/06/2012 12:28:19 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/06/2012 12:27:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

03/06/2012 12:27:33 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

03/06/2012 12:18:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

03/06/2012 12:17:53 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

03/06/2012 11:36:04 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

03/06/2012 11:28:20 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

02/06/2012 11:21:55 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

02/06/2012 10:57:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgfwfd

01/06/2012 12:18:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

01/06/2012 1:31:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello Marc! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL and Extras.txt log

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.04.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Marc :: MARC_LAPTOP [administrator]

04/06/2012 8:38:42 PM

mbam-log-2012-06-04 (20-38-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 256023

Time elapsed: 28 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

OTL logfile created on: 04/06/2012 9:22:49 PM - Run 1

OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Marc\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.31 Mb Total Physical Memory | 285.57 Mb Available Physical Memory | 28.18% Memory free

2.23 Gb Paging File | 0.80 Gb Available in Paging File | 35.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 105.33 Gb Total Space | 10.95 Gb Free Space | 10.39% Space Free | Partition Type: NTFS

Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 21:18:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

PRC - [2012/05/21 16:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/05/05 10:07:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

PRC - [2012/04/27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/03/23 20:09:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011/08/30 21:57:45 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe

PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/03 11:31:14 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/06/03 11:31:14 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/06/03 10:41:46 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/06/03 10:41:45 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2010/11/08 11:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

MOD - [2009/05/13 10:32:00 | 000,943,104 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\libeay32.dll

MOD - [2009/05/13 10:32:00 | 000,147,968 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\ssleay32.dll

MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007/01/13 03:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll

MOD - [2007/01/13 03:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll

MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/05/05 10:07:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/19 03:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)

SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)

SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Marc\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)

DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)

DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/01/19 01:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV - [2008/01/19 01:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)

DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger)

DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)

DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)

DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)

DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)

DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)

DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)

DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)

DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)

DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)

DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)

DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)

DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)

DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)

DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)

DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)

DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)

DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)

DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)

DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)

DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)

DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)

DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)

DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)

DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)

DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)

DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)

DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)

DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)

DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.ca

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS

IE - HKLM\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0FB5313F-675E-4315-9AC7-BBA6C053F71E}

IE - HKCU\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS

IE - HKCU\..\SearchScopes\{0FB5313F-675E-4315-9AC7-BBA6C053F71E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_en

IE - HKCU\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7

IE - HKCU\..\SearchScopes\{DA6977C3-D42C-4398-A009-620D94BFBE7B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\..\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2012/05/27 22:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions

[2012/05/27 22:45:45 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: O3D Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [googletalk] C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk = File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab (SetupLauncher Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0}: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{333294b3-1710-11df-a293-001b24019602}\Shell - "" = AutoRun

O33 - MountPoints2\{333294b3-1710-11df-a293-001b24019602}\Shell\AutoRun\command - "" = F:\AutoRunMorrowind.exe

O33 - MountPoints2\{333294b3-1710-11df-a293-001b24019602}\Shell\install\command - "" = F:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 21:18:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

[2012/06/03 12:21:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marc\Desktop\dds.scr

[2012/06/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/03 10:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/03 09:56:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes

[2012/06/03 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/03 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/03 09:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/03 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/03 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/06/03 00:06:42 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/05/31 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/31 23:41:22 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Apps

[2012/05/31 23:41:21 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Deployment

[2012/05/27 22:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/05/27 22:42:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\CRE

[2012/05/27 22:40:39 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Conduit

[2012/05/25 15:02:08 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Samsung

[2012/05/25 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Samsung

[2012/05/25 14:57:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\samsung

[2012/05/25 14:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2012/05/25 14:11:17 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll

[2012/05/25 14:07:44 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys

[2012/05/25 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2012/05/25 14:07:42 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll

[2012/05/25 14:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2012/05/25 14:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2012/05/25 13:59:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Downloaded Installations

[2012/05/11 23:24:21 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/05/11 23:24:21 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/05/11 23:24:20 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/05/11 23:24:20 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/05/11 23:24:20 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/05/11 23:24:02 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/05/11 23:24:02 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/05/11 23:24:02 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Marc\*.tmp files -> C:\Users\Marc\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/04 21:27:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/04 21:27:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/04 21:18:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

[2012/06/03 19:07:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/03 18:15:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job

[2012/06/03 12:22:25 | 000,000,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat

[2012/06/03 12:21:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marc\Desktop\dds.scr

[2012/06/03 11:35:31 | 000,002,092 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/03 11:26:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/03 11:26:35 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/03 11:24:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/06/03 10:40:08 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/03 09:56:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 00:15:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/06/03 00:08:31 | 000,644,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/03 00:08:31 | 000,124,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/02 20:15:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job

[2012/05/28 16:34:37 | 000,235,520 | ---- | M] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/25 14:14:26 | 000,001,758 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

[2012/05/21 20:24:49 | 000,002,345 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\BrickStore.lnk

[2012/05/18 21:43:01 | 000,002,609 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012/05/12 06:29:34 | 000,423,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Marc\*.tmp files -> C:\Users\Marc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 11:35:31 | 000,002,092 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/03 10:40:08 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/03 09:56:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 00:15:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/06/03 00:09:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/25 14:14:26 | 000,001,758 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

[2012/01/26 09:46:49 | 000,000,218 | ---- | C] () -- C:\Users\Marc\AppData\Local\recently-used.xbel

[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51CF25B1

< End of report >

Share this post


Link to post
Share on other sites

Extras.txt says "too long to post" when I try to post it here.

Share this post


Link to post
Share on other sites

Try to put it in another post.

Share this post


Link to post
Share on other sites

(have to split the file into two posts. 1/2)

OTL Extras logfile created on: 04/06/2012 10:01:39 PM - Run 1

OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Marc\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.31 Mb Total Physical Memory | 162.66 Mb Available Physical Memory | 16.05% Memory free

2.23 Gb Paging File | 0.73 Gb Available in Paging File | 32.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 105.33 Gb Total Space | 10.94 Gb Free Space | 10.39% Space Free | Partition Type: NTFS

Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00517579-CCD8-43BA-952C-140DB2B32554}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{005543EF-53E3-4E34-BD78-DC22EE7B65EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{00660E4A-AAB8-49F9-BF57-0333FC1A564D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{00B8624C-8442-4171-B804-018BFED7ACF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{00DA7785-29B3-446F-A6E1-9DD1AD79DC63}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0209BCFE-181B-4782-82FD-5E4CF25A567E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{02663325-88D9-4D9E-8CA7-DE4504A10BAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{02937B1A-8933-4316-91FA-872ABCD0ED7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{02D9A1E7-FC1C-4F72-978D-AFFDEB91204C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{02EC73A0-C6CB-4A17-A06C-1DA53E63F474}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{031008C8-2D95-4C00-9EBA-CD3945D1A74C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{03153302-2073-4076-8CF0-BDEABA6AFE2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{03699DC2-F759-45A3-AB2A-B9777C5AA53F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{046B6E1B-30D0-4BA7-AFD7-46C36BE1FCE8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0561566A-4CFF-4B26-A42E-D0590A3CDEA9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{056C090A-8D2A-489F-AC47-5459A7F4A6C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{05ED45C8-5506-48D5-A81C-866F3AC1F8FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{062A7B43-DBB0-497B-8031-1507FF0145C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0633BC52-5AB4-4C48-A7F0-2E4078DD1B6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0643D82C-5793-4C8F-8A40-ED1DF298A9C3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{06FD1FA7-6E32-419D-91A1-6A0AC70FDC69}" = lport=2869 | protocol=6 | dir=in | app=system |

"{070564BB-A522-4B59-9D13-479034E066E1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0707174A-5BB7-4886-A4DE-58B9F8489B06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{07A1CE25-3EFC-4F08-B5FE-119EB4698E8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{08949D41-FE6E-44D4-B707-36E4B49981B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{09B9C618-B636-47C2-B12B-90B99D09548B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{09D2C3FD-1617-411C-9D24-8D31601441AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0A85E203-A412-4651-A209-C87301D051B9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0AC0E174-E19A-4F22-AE44-224D42F2FC16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0C42E388-1FEE-4808-A91B-F16C1EC5C213}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0C6353F7-BD93-4A4E-8A57-B6B0B299DC8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0CD50BA6-CA41-416C-89BA-7377F2047310}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0E85BC1D-C195-47AE-BCB1-A36EE1378E2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0F17BFE2-2F77-48C8-B487-DCF5DCECD5CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{0F336D9A-4D2C-4A64-BFCD-28F1766B381F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0FAA980D-D00C-4C3D-BDBB-3795DE708911}" = lport=2869 | protocol=6 | dir=in | app=system |

"{10778D34-57A3-42A8-8399-8CCCCEA823F9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{10DCE637-CCFC-49DC-AF87-7D613852D111}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{114FC620-0869-410A-A4D2-1D05634F5879}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{11D32F7A-804B-4E2B-9192-EB589D44D0C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1212901F-3883-4506-8EC3-46BE1DC05A88}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1320AA3B-968E-4695-A48D-96C21381DC3E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{14224622-9393-4C63-AD46-10B1643F37C8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{146FF07E-AF6F-4F71-970A-6BC76FFA5050}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{147C0A1F-42B7-446F-8DD3-3684D2E94231}" = lport=2869 | protocol=6 | dir=in | app=system |

"{14B2984D-76CD-426D-9882-760C1731E32A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{15BA6935-2258-4D97-B34C-EF3E8721BED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{16C6FB10-81F1-495C-87F9-7CEF67DA79C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{172A7886-0EBD-4075-8343-FF8DA69F0631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{173B228C-0131-4FE8-89E6-61BD1FB69BA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{176CB5DB-F7D9-49CC-88C2-C90FDAB234A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{177BE2AB-A258-4C25-AA68-9BCABD2A1ED6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{17A08998-D64F-466D-903D-3EE273E30343}" = lport=2869 | protocol=6 | dir=in | app=system |

"{17CD715C-123E-45B7-8DA5-BB0B73DE9625}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{18052FC1-B44A-4928-ABDF-D342F7E74ACE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{18C05D7B-074E-4A81-AE65-DE08B11FBE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1937005D-EA58-41A1-B182-92E9B824DF95}" = lport=2869 | protocol=6 | dir=in | app=system |

"{193BA3D8-DC77-4AB6-8694-EBCBA37A8439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{19867D63-A56C-45AA-AC34-37BD4045AA2C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{19F8B0EE-2240-47F9-8923-9AFA1998E60B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1ACD7900-8439-4A1E-9007-3D521C0AFD22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1B39B187-BB20-4260-9CD1-ED132FAAED7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1C08911B-C004-4365-9A8E-D99B936F2C7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1CB3DABC-4951-456F-8A42-B8011362BAE9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1CFB8982-201B-4AFD-9421-396CB93D8E80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1D93766A-8E1B-45EC-B91F-CF51CD1CFB0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1E1BEBA0-4061-4F03-9A54-43E98A9A6821}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1E80FF49-A5F3-4711-AAE1-1723E06F807D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1EF9C8C5-1F8C-486E-9D3C-CD67A9308138}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1F6C19F3-22BB-412A-996E-0735BDF62A02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1F959A07-E3CE-4FD8-9570-DFC4D079452E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1FDC4164-1B14-45F2-B940-AB70B8926C3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1FFE9DE7-4D6E-4578-B0FD-427A7A9D056B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2011CA1C-8005-4374-BC56-228AFFF15182}" = lport=2869 | protocol=6 | dir=in | app=system |

"{20A65497-8FCA-4C05-A16E-22CB281E8B71}" = lport=2869 | protocol=6 | dir=in | app=system |

"{20B2BDCC-3B82-4199-91AE-F299DA45C60B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{211780BD-3C11-4912-9F36-713B1E19335B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{21631065-2F47-41E8-8C75-08E72B304D33}" = lport=2869 | protocol=6 | dir=in | app=system |

"{239FC9A2-A8A4-49CF-82DB-298BCA141014}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{241114BA-A260-41DC-8BBD-7156C117336A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{244A552C-C532-48F5-A039-E398FC8D0388}" = lport=2869 | protocol=6 | dir=in | app=system |

"{24D0ABC9-3FF8-4A35-90A5-3DD29B4BF165}" = lport=2869 | protocol=6 | dir=in | app=system |

"{24D5B65F-23E3-448C-BC9C-0A3250FBEFEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{251D8FE5-5646-477D-A1EA-1681763D11E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2570C0CE-F19C-41D3-B2FF-9ABF58E4D834}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2571E42D-5081-4BC0-9F81-5103598ECB60}" = lport=2869 | protocol=6 | dir=in | app=system |

"{25755649-7F6C-4D92-8602-2621BE23C723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{25DB383D-9A58-4C7A-87C8-A80618407594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{25F55F54-0561-454A-9B46-16CEC7D69A25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{261EBB65-458D-4626-B980-ECE089105DF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{266A4320-F453-4C3E-B78D-7E2369626700}" = lport=2869 | protocol=6 | dir=in | app=system |

"{271444DF-B40E-47C1-9CCB-8CDC12988707}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{27AA15D1-0E7E-411F-AC3A-9A1C575687FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{27D13EFC-5ACA-48B6-91E3-5C46FA5041F5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2818FDA9-3368-4DC8-8700-80C4E883B64C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{281BBD08-E325-43B7-BD15-BEEB5C43127F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{28561745-868C-4542-90FB-D18A78E7FD75}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2857B8E0-D8D9-4969-9942-E09E3D404C03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{28634283-8D1F-4E00-8045-01C8637B19DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{289952A3-A701-457D-BDD6-DF21C4511E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{297692FD-3254-4B8A-943D-5585A82F9486}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{29E3FD0F-F6FF-43EA-8722-A0BCC99C5490}" = lport=2869 | protocol=6 | dir=in | app=system |

"{29F2BD01-0DDE-4D73-93DD-9686EE9C20ED}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2A14E9C0-2F9C-43B9-8C78-4B951EB6C96F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2A20482C-43AF-4FA6-8224-B2662D87956E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2AE075E9-6366-443B-B24B-045134D41BE0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2AF19AB8-4407-4EFD-A9F1-3000E1582EAC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2AFB2814-5BEC-48D4-AD75-3E0225A127A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2B198907-BE4F-4BFC-838C-E97C22625D10}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2B1A2230-2DB3-42E1-8806-79C3BC3A30EF}" = lport=3390 | protocol=6 | dir=in | app=system |

"{2BCB4DA7-F8EB-4AF5-ADB9-044B8CE8BE62}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2C1C7ED9-E5FA-428F-801E-A1BFFEEB0F93}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2D19147E-A21D-4982-9B61-C8A85D3C42AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2D331903-2CD1-4C09-8BEB-0CB18CD343ED}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2D545FE3-5CA4-4A9D-9200-0FC37FCD44DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2DF1D18D-C0B3-44BE-996F-CD3510E036B4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2E0ED5F4-75FE-4B21-BE47-E8DB35496C5A}" = lport=10244 | protocol=6 | dir=in | app=system |

"{2E23EDE6-F875-4692-9549-4EAEEC3DA38F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2F3DA7D3-501D-42AC-B70E-889CB812BB88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2F4061DF-07A1-446F-8CEE-079AA1B394E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2F5F2751-6B8E-4E94-ABD7-C465A535C72E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2FE3F4C7-02E2-4FF3-9ABA-9EB715591E79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{30541FAB-6D52-4B08-845C-6CF74873A8E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3123315A-B714-48A3-9066-DFEE0DE66F8B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3138242E-3C66-4084-A1C9-8878DF63A6F7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{31CFE869-D3FE-485F-A557-66645AB93F9E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{31E15B6D-A106-4B69-AB3D-A99124AB1C4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{31EE36CD-94C9-4741-B37D-DDD829129676}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3255D9DD-2039-4286-863A-1533B63B500B}" = lport=10244 | protocol=6 | dir=in | app=system |

"{326F6E5B-376F-40B0-AB24-A20A984A7E91}" = lport=2869 | protocol=6 | dir=in | app=system |

"{327E6CBD-DC38-4A14-B86D-A414A6F40661}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{32846FA1-58D5-45A9-A654-F70DBE4959F4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{32D2EE2D-7B3C-4021-9FF6-CEFC639F0EEC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{33152E57-758A-4B5F-AFFE-F71C721AB4D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{33A6E76C-C836-4EF2-8226-98FDB84C2419}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3428EC34-CDC7-48FB-9D3F-76010AA0E1DC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3444733A-5371-4D8B-AAC1-0916D4290C23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{345C8C2E-A0CA-4BFD-BE40-CF5442647CB2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3464E376-6347-41CE-95B9-950B4AB7CFD4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{34BBCC1E-1597-4CBE-9FFB-45385DF961EC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3577213E-29C6-44AC-855B-E6F679C3198E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{359E4971-4F56-4A4A-BCC7-18AFDC0B3EE4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{35D4186C-2806-40D7-894E-5E13F3E7DAE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{35D471AA-FA3C-4E3D-83DA-1E1051EB594E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{363B85E5-434D-4425-9609-09B769D2FF66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{36D305C0-F199-4534-9002-2973DC528304}" = lport=2869 | protocol=6 | dir=in | app=system |

"{373BF40A-5060-4AED-B7AE-AEA5AEA84262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{379A9148-1E11-43C9-8F5E-4AD75670637A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{38DD2CB9-6C3B-4006-957D-635A23D8328B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{39EB3113-463C-451E-86D8-E4C9699473AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3A0C31C0-12CE-4029-ADBD-7C5171E0892B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3A28A0E4-8E7D-40ED-ABE4-BF7BB57AC5CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3AD0341B-8958-42BA-9D0E-871C2229A262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3AE24708-8D4A-41C5-94B2-9D39941A4CEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3B199CE1-A88C-48C0-B125-17DA650FB3BD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3B98A62B-7432-4DA2-8B6F-0D860A2208B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3BCF4777-7682-49A5-924C-1CBE048F8E00}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3C0B9600-D2D2-4827-97DC-033E27C8B744}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3C881A52-217D-4CE5-A783-3536D7C7657D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3CA38834-F28F-4C45-89F1-70F3C72524C7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3CBC850E-C867-4C67-8BC5-12E509FFF620}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3CC28C92-B41A-4834-9709-A229457661FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3CF059EE-25E1-4875-B20E-C5E2D082158C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3D951343-48A9-48D9-BBBD-27C5F5F6F486}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3DBC89FC-4C4D-4E80-9256-64AFD201444A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3EC63D8C-EA93-40F1-A0AB-265806A1D0AD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3EC87A46-0524-4005-BB1A-2DB192C12C4A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3EFDADD8-E253-488E-8B1A-941BBB99CFBB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3F01F1A1-EE3D-46AD-B056-78FEA944E3E6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3F1A3CD8-1F83-44EA-8CFF-AE8B9901D165}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3F5C9E1A-168E-497C-821B-4C7167DE651F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3F797F10-0AA2-4F8E-9E32-8871E31D1348}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3F8FC1EB-E537-4BCC-840F-68B91F2B1DCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{40C4EC5C-6BB4-46A9-894D-304FA3A65141}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{40FAF15C-0619-45A5-A267-0A85F6209E23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4135BC3E-C4E6-4B17-9880-4F9442F38D04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{41B6CA4C-C996-4E3C-B938-50A43FF2D6C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{42E5BA44-6005-4088-95A7-F8283777067D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{443D4D32-4D1E-47C1-9C89-A12B6EEE3F02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4460110E-4A6A-41DD-A159-F791E203469C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{44B1887A-1F8F-41AA-822D-950F4EF404E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{44E7142D-C9EC-4A5E-8A8A-4C7EF41A043F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{44ED086C-E541-4E49-B3D6-C6BBF2C252FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{44FAAB83-A30F-4C29-B75D-2E34F7260923}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4602F2E5-15D4-4EB9-9821-967695311207}" = lport=2869 | protocol=6 | dir=in | app=system |

"{46F7D2DC-DCE7-4048-9BE0-C228A1875839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{471C5BE3-029C-4E7E-B7EB-B7C81BE602E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{47D1036F-F7BB-4BE5-BC06-03591876E333}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4916E94F-07B2-4400-88B8-56E68AA24E57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{49CD04F2-3BA6-4013-8612-72078A1A7A69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4B31A475-BA6C-4205-8BF0-5BEECA303CE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4BA66947-E4D3-4EB4-A302-1D68312B7846}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4BB338A0-BAD8-4B1B-B4E1-7E0B564A00A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4C02C810-289A-481E-8FA8-5CEE0D455FE8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4C2F1728-8179-4459-8E2B-972238404554}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4C837FED-07DA-4CCB-9FAD-80A987229EFA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4D0F6E5D-7C93-4C73-A4B0-61F185A2AF3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4D4D4065-D5AF-4605-8385-CE80DDF8384A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4D853889-C4EB-47C6-82EE-B0FEC9677514}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4DAAF2ED-2213-4A49-9F96-5F741BF691DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4DD0758C-E4ED-4F45-9D03-640F526ED9C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4E16D93A-B829-4660-8050-1D8BBA783CF1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4E5FCFA4-97AE-4CEC-B0A8-AC1BEB0F2B23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4F917B94-9EE8-479A-9BF6-820DEA9A9D94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{500444E8-937E-4629-B82C-96A7ABF1D62C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{50BA4CBC-56DD-4FF2-A0A0-6174DEEDF4E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{50F9E17D-A3FB-4EEF-8F73-776787A645DC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5120A557-9BB2-4ABA-8403-4564F3D3B083}" = lport=2869 | protocol=6 | dir=in | app=system |

"{51BB4971-0072-4A44-AFD6-2268816DDD8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{51EBFAC8-853A-4CC8-85B6-B34979271C02}" = lport=2869 | protocol=6 | dir=in | app=system |

"{51F004B2-7A3F-4B5F-91EB-D8597820D590}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{51FDFB47-1F70-48C2-A6E3-AF965A57E157}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{520B5089-0170-4CA4-90F3-1E51AEFC6280}" = lport=2869 | protocol=6 | dir=in | app=system |

"{528F3042-C11E-4F27-8E13-F73C5AAC6F2C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{52B6EF2C-0562-41CA-A1EA-487531D4F1D3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{531C34BC-5511-483C-B586-7E0F279A1084}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5342F52C-1805-41D2-AB61-5F3FD8193470}" = lport=2869 | protocol=6 | dir=in | app=system |

"{537A41FF-B30A-4738-8027-36B58EED1C1B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{53E32A22-796E-4137-B79C-41A51FAA75A2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{53F59B7D-DB83-4349-B329-3C82F385E812}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{53F61603-9A71-4A45-B460-CE0698754AFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{551DF1DB-8BCB-4C8C-ADFD-E22ED054D557}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5525FF21-CF5C-4C32-9BDB-79BFFA021653}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{556A38EB-8778-4416-99F8-890217759A39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{56BD3A92-E596-4FC3-B19C-1F17D210E287}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{576E396F-E5D4-4906-8FC1-9523168C3955}" = lport=2869 | protocol=6 | dir=in | app=system |

"{57B14FAB-3E6B-4F24-A90E-775EE1055875}" = lport=2869 | protocol=6 | dir=in | app=system |

"{57D9C7F6-C903-4054-AD04-51DB12CA0D9B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{58045A0B-809E-4EF9-B214-33E694C2D192}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{58AA30BE-C3BA-4D06-B6F5-873DDD984ACA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5988FC86-B86E-4C2E-96FF-895201620896}" = lport=2869 | protocol=6 | dir=in | app=system |

"{59950C31-0AA7-489A-AFB9-F70B513865BB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5A7570B3-7CC8-4AB0-8693-73E927C23C12}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5A766F59-13EC-48C6-9B38-88E0F0ACDB30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5B16A9E8-9776-4D22-B7B3-05BDBA951042}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5BF7A1AD-0C3D-400A-8A13-0B3FA9E7D625}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5C49E4A8-DCFA-4536-A8C3-9738497A16BA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5C9DC57B-4986-47DD-8981-F0B78671FCC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5D14E322-EED0-410B-B222-110E28306861}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5D397273-10BC-4FFD-8D0B-16969778F97F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5DBBF8C9-8DFD-4990-83D3-A79442A3113B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5DC08785-9A56-467C-AD35-3C12CA6251E2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5EF3D392-FBED-4E51-B2E4-6979935373C4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5F12DA97-F8ED-48E6-8DE4-0CEEB0F2226B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5F8A004F-23F3-4F88-BB57-1AD271EF387F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5FCB771E-9728-4A0D-B0C9-83C08569D8FC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{60616818-5767-49CF-894A-739B6778D6C3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{607C1EBE-3DC9-443A-867C-458594779EA5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{60BD1142-5EE8-4136-8256-3AE42445F511}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{60CA0BC8-E55D-4372-B637-9A4594AAC468}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{60D67E8D-2B67-49FC-BE7B-853AF74F6324}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6101B56E-C22B-4F19-BDEF-5F77405AB2E9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{612058A5-D88A-4CC2-B551-2EAFC59C6E62}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6153A9CA-DC46-4B1F-BE3E-31C705285B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{617A5E42-5661-4D4C-AA81-A9C41132A412}" = lport=2869 | protocol=6 | dir=in | app=system |

"{61A39491-F017-42AE-8FE6-CB0F747ACBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{621A75CE-ED92-4D98-BC39-EFF0E7B751C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{62DBD780-FE87-458F-889D-D7005264E5F4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{62E9281D-BE6E-4462-979C-78255F8F423E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{630A7913-FD35-4EDE-84BA-BF6BB31910BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{63A2831B-5991-44DD-A79A-A7452D89FD73}" = lport=2869 | protocol=6 | dir=in | app=system |

"{646F656B-29A6-4134-880B-4CF226D2FA9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{64C233B8-3D37-4910-BE24-5C684CC2919C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{662864E6-E480-4510-A9E4-278041196BFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{67C8A6DF-3427-4D0B-A9AA-5FCB737EEA00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{67EFB7C1-4069-4011-8575-D627F64C7ED3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{687D2955-7661-467A-9CB2-C684CA7AAA7F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{68FEDBE3-4A5E-4EF6-A829-CF0A381CABBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6A4D91E1-B1E5-49C1-AFD0-403D189CA71A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6A7589FE-A61B-4D7B-9323-3F40EA66A1BF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6A8475D8-DC54-4463-9732-859D682DC276}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6A9037F8-01BA-460C-80DE-9EBEE193DFA7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6B2B7FA0-9DC2-48EE-A684-95588F724CE9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6B4773BE-38EE-478C-886C-A7A27E2AFC9F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6B7C0FF3-4441-4B90-9216-0B6869CC0568}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6BE51BB5-7C99-4D29-8728-9B48C58B88C8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6C220D1B-73A9-40A3-AD0A-C5308FB3DF37}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6C639427-8C13-4459-8227-4FCEF2F52BB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6DA8FE08-EEB8-451D-8824-EC53A9437DA7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6E0CEDB2-EAEC-49A8-A4BD-6D634C3625FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6F8BC76B-DB6D-42AF-B7B7-FF6195A5237B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6FECDA5F-5B2A-4921-A0AA-D2030C7CF92A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{701DD04A-5CCB-4E23-886A-23F822020DE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{708D6BAF-AFD0-4E94-A670-33F7341E28E6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7141C1DD-1E47-4ED2-AE84-A3D3ACDFC006}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7205A765-384F-492F-85CD-166757A82C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{722FEA3A-CE8C-4D9E-9290-C3E4B523B9C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{725DF718-CC4F-4ED4-9EDC-1AE78CEBA18C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7293569D-01E3-46ED-9697-9B85E27C0F3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{72CC7EFB-B53D-4B3F-A56F-1E519A43F5CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7398811B-0DDF-46F0-8005-2CC111DCB7C8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{73DD81FC-A535-4F8A-B4AC-D93A85D8A7A7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{74075725-DF4D-4548-8AAA-5ADE467FFF1A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{746626ED-DC30-48D8-8F35-6917C70776AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{748CF183-7610-43B7-AD18-CECA95EE96D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{749E62B9-B7D5-4DEB-8D9C-79667D5A531E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{74FBFDEC-E9FA-412E-B5E1-5D66AA3641DD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{75919BEF-2804-44AF-B243-014445810E7C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76D36509-3A13-42F2-9EEB-D11022D96C33}" = lport=2869 | protocol=6 | dir=in | app=system |

"{771B3943-DFE0-48CD-8636-A513507E289E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{779D3DE7-8E04-4572-98C0-E507AE4E6E0B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{77AD27E6-5D31-41F4-BED9-870325690177}" = lport=2869 | protocol=6 | dir=in | app=system |

"{78AE7F34-40C3-45B3-9BC6-DE38DD6C57BA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{79001088-5F85-4445-A51D-33BBA8A2890B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{79070D22-2CFE-49F6-9B16-254C0A187135}" = lport=2869 | protocol=6 | dir=in | app=system |

"{794BE92F-7FD0-463F-A3DC-4AFAC63483FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7A16B708-675E-4E32-B1F3-765F431632C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7A7E1BED-9672-425E-A565-9FBD8F571ECD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7AB79EAE-25CB-4C51-930E-09EE937160AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7AD8F8B9-EF32-4DE0-9254-BBC72CF6B763}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7AFD9DCF-0397-406A-96AA-BDB89C0216A2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7B572EF0-E065-4681-9CF5-D21CF4B0E0D1}" = lport=3390 | protocol=6 | dir=in | app=system |

"{7BED306F-C379-451C-BA70-8F5527EA18FC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C0A8DD2-85B9-4BDB-8927-C7FA70135AF1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C253518-153B-48F6-8380-4F848B2202C9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C5BD9DF-0063-4FA3-B595-F0E24CA0ECF1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C8F4E4D-238D-4B31-AE01-DFFCFC7AEE71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7CA15F79-D01B-4002-BD25-0F369C0257AD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7EBBD696-62CE-4905-9D5B-10E67A5F809B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7EEDB502-CECA-4E1F-808D-715A8234732F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{7EF94EAC-203B-48DC-8B30-393F73A4CB79}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7F76A4CC-7103-420E-AF05-BD5F0713D69A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8114C315-3738-45EF-8993-55E3C5E74EC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8157342D-0E1A-46AA-88A2-F3D0B1CFA8BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{81B0B785-F5B3-41D6-8C6E-E7BA8DC57223}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{82E78CC1-2D7F-4509-AC19-2338D2B9E14A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{82F21CC3-8D45-4C30-814A-1377B9440F5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8303D10D-4CE5-4343-B3D3-1E63DDA88EBF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{83769678-4F69-4F8A-B543-C3D90761702F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8390118D-D8AA-458F-9B37-8AD17E003E07}" = lport=2869 | protocol=6 | dir=in | app=system |

"{83D29C43-64F6-4FB5-AFFA-FA39BA35D460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{844075EB-1A01-4439-BC66-659733BB58AA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{8478467C-0657-423E-B2A3-AD1149520032}" = lport=2869 | protocol=6 | dir=in | app=system |

"{84D79126-595F-4029-BB01-4CF62E11C53A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{85CA30D3-335D-4084-B69B-8D090482971E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8616E0FF-1B68-4210-8009-28A1BC7426EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8617CBF8-27AD-428D-AD87-F8C8C99FF987}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{862E81F8-C6F3-447F-8A03-1F488731E808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{873A0A9B-AE71-461E-8D70-C7A3A70F322A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8876E2BB-E49A-4138-BE12-9732EBDC2476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8898FE7E-F4D1-4A5B-989D-9A8B45D913AD}" = rport=10244 | protocol=6 | dir=out | app=system |

"{88C1C336-CA12-4982-8420-3C02CAB05CE0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{88F76F92-98AA-4291-B036-BAE78590919D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{89128CE4-5A5F-40B2-88DB-28BA483B400E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{891ADCFB-19AB-41DA-A480-120C94957651}" = lport=2869 | protocol=6 | dir=in | app=system |

"{89556499-80C0-4F6A-B391-6C97122F58A4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{89F79158-7EE9-4FB7-9848-A218E813BB03}" = lport=2869 | protocol=6 | dir=in | app=system |

"{89F9F191-AA31-44A5-BC51-41194152B72A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8A0F1862-01BC-4AB1-8293-6474F351C14A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8AD7D43D-BECF-4EBA-A50E-4BD20C609A6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8B774AA7-6E91-49B7-9BFF-5FE44D5027A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8BCFC184-936F-4EE1-85CB-5BBDE91EB078}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8BE10B3E-F699-4DBD-9884-EBA29E56E3FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8C42E0AB-9542-4649-9AE2-F86C8C3BF430}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8C4B3D2D-8A02-4C8B-8B26-08024AB1781E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8CFEF22C-DDE8-4391-8D92-33EC7F061E91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8D0403F6-DBD8-45AF-AE27-52F2955DDA2A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8D35845D-2939-412C-BAA7-186EF3880300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8D365593-C942-4361-B04C-E6E10B0AAA6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8D6FDACD-71D3-4EE4-B75A-C73B869308E7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8DC3F02A-9D24-4996-ADD8-D4FAE36F932B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8EA74F6B-5F6C-4A93-8CD9-84DF2AF05149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{90ED56B7-1206-41B5-90D3-5C0D1607E3FA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9148BACB-2F6C-40F2-B6F7-B7A4247377DE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{91534779-5420-44F8-9A55-8364F99184EA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{91D4DC0E-A037-4420-A9AA-F9B36AECD9B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{92EFD386-503E-46A3-AA99-02562475C965}" = lport=2869 | protocol=6 | dir=in | app=system |

"{93319617-A1BD-453C-B87F-1572A0635BD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{93BFEA60-4FAB-4BA5-8053-70855B62E04E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{93C53CC9-DEAC-4E0A-8568-8623440EBD25}" = lport=2869 | protocol=6 | dir=in | app=system |

"{940BBFB0-A744-4E6E-AA28-EB59C6D62277}" = lport=2869 | protocol=6 | dir=in | app=system |

"{94441E91-1428-40CB-BF18-3B243DD19473}" = lport=2869 | protocol=6 | dir=in | app=system |

"{945958A7-435D-47E4-A8A5-E5D9D456D4D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{95EB3790-611E-4155-97BD-511F683B5CB0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{960E1729-DA21-4157-BF08-A8F6307EF5FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9614ABE4-B9BA-40F7-8404-6602ABA1F1F1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{962A5317-A034-46B5-B706-85A483315736}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9645076A-2F36-440C-8560-E3A97F991A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{96595D59-1EDC-46C7-8F9F-6B3825F9873F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{96BF544B-BEAC-4688-B892-82B4479D55F8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{96D01521-95A0-4043-890B-062358DCA5D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9795E896-F52C-4C9D-883C-2BCBC5B8765D}" = rport=10244 | protocol=6 | dir=out | app=system |

"{98158211-B57D-40BA-9293-DFFE202B49F2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9815F8BA-83A2-430A-BF6C-38BA8694AA22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{987F0BE0-4AAA-4047-94DD-2625F5315A31}" = lport=2869 | protocol=6 | dir=in | app=system |

"{99BBEE93-B207-4AEF-8630-32A82B6E6BF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9A9FB0FD-9BA9-43AA-A61D-8853099162AB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9AC23E8A-A971-47D5-830C-B01E4A742D38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9AE142AD-5969-426A-B131-39267C2F4F4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9B0B0D3B-7CAB-4953-8C6E-5A0AA5952F2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9B3F3DEF-57B7-4598-B4C1-FE126E7C3283}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9B84BA49-1EC3-4B2C-BAAF-BBFA5E22394A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9BB25BB8-9180-417F-8944-93191FA79294}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9BBF5E7E-6897-4CE8-B066-A6737D957340}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9C0B1818-E17D-42DF-9CB9-3DD8922953C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9C80A4ED-C9F3-40F2-AE45-29137DBAE7D9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9CC2DA34-5172-4C22-9929-BBC29F905EEB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9CCC719E-BC22-4724-B527-3CC2C0957E74}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9D0A2379-5967-498F-899D-5AA8FA602EB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9DDBEFB7-1C92-461B-8B28-048F352BFF82}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9DE4E4D7-93DA-43D9-9F43-86B501A8A6AD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9E5AC853-ABA6-49AD-ADFC-BFC004E0500F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9E73FF6B-3F90-40AB-A231-8DCA8144F396}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9E96A4D3-C813-49F0-8136-898DC5DBDCA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9ED8CC87-26F3-49F5-BCE9-8AA11B20422C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9EFD4E0F-69A8-44F6-9711-D10556CDB097}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9F9AC2A4-709F-462A-B2DB-7E83BD1C7AC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A00B2770-F534-49E0-8109-C484EBDAB617}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A0C1800E-975D-4448-8479-491FD9AFF8F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A1011297-2401-4D9C-81A6-C9D5E8D39108}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A10DB254-8F34-45BA-8EE1-8FA9D8DB2678}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A120AB7E-9753-457D-9673-5DCBF2E7AC94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A18EB63E-6183-4E20-8B37-DA24E4050507}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A27576D5-3B73-4278-AFE6-B0414E2B263F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A38F784B-A54F-46D7-B7B5-F687C0E82053}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A3B0787D-DDF5-4FE7-BD53-E06268F8B04C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A3D3EFF4-D3EA-4500-93C8-BC9455805B6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A3FD2B56-5026-4958-9380-7EF5C8410E4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A436EAEF-2663-42D5-991D-7AE22807E543}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A46EDA14-A3F6-40D7-AD43-BA7D47CCC6EB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A4C30D10-8A49-4DA5-B99B-CF5CDDFDBCC3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A4C4A6D7-2F59-498E-AEAB-2A25579B9550}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A514B351-AA78-4D0E-8A63-6CE704BAEB62}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A5C759DA-02C3-4AD8-AFC4-330B9732444C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A65D95C7-866E-4650-8C52-001427255E57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A667F2D5-D05A-4905-8C1B-CD5FFF2D44A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A679E171-6C83-40DE-8CE4-21461EC1F89E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A699C0C6-738D-43A8-ABA4-4E647D93820F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A69B998E-41A0-48A9-BCE0-BA9C2B16DAA0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A6E34420-3B89-4A86-8306-2B7AF0B4518D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A6E65DCF-5D06-4C62-B281-EC6D59B1CD55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A6E720AB-3D7A-4CAE-9FD7-E5597169DC9E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A71EB3B0-9E14-4258-8195-38E8AF444FDE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A725B317-FAA6-4D31-A4A1-07CE64C9356B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A74FD7EF-8A16-46FA-A4DC-25FB6F504854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A7ACA93B-92AB-4DB1-8345-F419AC156257}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A7AD8C41-ADA4-4B3B-B7A7-AD4976E034D3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A7E3CF25-4F1F-448D-9512-322FB808A433}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A7EB3762-A807-4777-A0F5-254F207F4BB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A7F77F8F-F5EF-4A23-9479-F8FCA76164E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A8324799-75BD-4D4C-A400-B66408C476C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A8EFD12E-36D3-44E1-BD73-73CDDD210E1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A9B4E8FE-5BDE-48AD-A3C8-2242DB997BCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AA6300D0-2EE8-42D5-9BCB-437026C2F9AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AA794095-FB38-4251-95C6-02A08288651D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AAB1BC07-317C-4001-9F3E-6B54E8725AAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{ABC5155C-C0B1-46DD-861B-6C7831FEE2B8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AC4C7D09-8136-4DE1-9510-905BB244B7B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AC5DC298-9710-4497-9FF9-CDC3198DE695}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{ACA20CB9-3F8A-4EAC-A17E-75EAF1F57839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AE60FC54-CEB0-4516-B2F0-B8AE4843A0E5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AE74EA36-B047-4775-B4BC-9E8F394F4845}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AE791CD1-4734-4DE9-B742-0FEAC166273F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AEA3A86A-04D8-4953-94EA-5E3B437E37B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AECB6C61-1ACD-41C5-AB13-C9FEA54B5F43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AFD20AEC-A408-4176-A26D-A34D879F42C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B00F151B-84C0-4CE6-9F76-1AD6C1643A08}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B0514B04-BDB7-42A0-8E1D-C2DCF0CD6F4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{B0DFA9FB-C6E9-41DC-9FE1-BBE474A63C8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B0EBC9BA-CCD5-4DFA-923F-4ED5AE421D27}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B18D3FC9-C6BF-4B11-8019-FB5BB5170BE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B1919170-359C-43D5-A911-402A366C3079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B1D8620A-C8AD-4BD3-A4DE-CC1F50C1D4E6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B20D007F-89D5-4081-9028-D15AC2982126}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B294CA8F-A647-46EC-A261-125F9676C401}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B2999EB3-4D75-418C-B58E-A50A72C747FE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B2B3CF40-194B-4EA2-9771-FEE13C446853}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B2D956B4-D897-4E4F-9F2E-3228C21CEFF8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B3AB9B5A-9464-4581-9C17-7AF8DD05C434}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B3DC105A-D896-4674-ABCF-446B17619086}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B45E7A12-A8C4-4BAA-9D98-B98AF8186B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B462DBD8-E5FF-4E30-B909-10D82DF77B6C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B4AA21A8-3BF0-402E-ADA4-176291DE4230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B4EC205E-5483-4F4C-8F0B-D9B13C729AB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B550AD51-1D66-40C4-8A96-F83EDDADCE23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B566F686-0CE2-4E8A-A426-EE38045C2486}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B575E895-8E1E-479E-BEC4-FF33F59784E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B7786333-7B04-47CF-807F-7527B25D379D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B7C24F96-9836-4F91-A8A1-C6563732DBBA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B8A32FA2-591A-4C75-9E3B-BC78AA1D2326}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B8BA8B3A-08CD-4B5D-9B03-2E1EDB10AF79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B8E460D9-4E2D-4C7B-8178-D17D14E9B7A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B94867A1-2166-4A4A-B342-1A3C86423009}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B9AD9CD9-0C94-41A7-8C60-272DBD87F8F6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BA9DB9D9-E8C8-4E73-A263-C1FEA6D2EE19}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BAB8BBA8-096B-4BF3-8DAD-2B229BF27B0B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BAFA216B-34D4-46B8-B537-B72B3236CFE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BAFE089C-6380-4A1E-918D-936E4BE6C0F7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BB112C7A-2833-4CC2-88A7-29331E21FFBA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{BB4E068C-FC2E-450D-894A-17BB4637D761}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BB7391A4-66B7-4315-9BC8-1B0B59CB6784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BBA2EDEE-3390-4481-BC88-CB2444BB0C00}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BBFA9916-4AE9-4603-AD49-85FF9890AA2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{BBFD7340-1A7E-415A-98BA-F6C4E6D6932C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BC006361-02E9-4475-975D-9114FF17789A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BC1D6234-6C4B-464C-8F12-A68B3D3506AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BC7F09A4-110C-4D2B-8208-FDCB1299A90A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BCAD33D1-BE83-4AD0-9A77-3C6CC163E199}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BD4BF785-6760-4C98-A8FD-F2D137AC4A59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BE21DC9B-6777-45B3-80FB-83ECF2106443}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE4DDE5C-D235-4082-B914-27F62FC39C45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BE4FA6E7-A349-4C48-864B-30D5074EA6B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BED6F55B-0C54-423E-8012-CECE138CE93D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BF8F30BF-2C7E-4397-814B-DD6AD8473432}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{C0299B6B-8ED6-420B-9C95-509F55EC88F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C07CC6BE-7C3D-4135-BE79-9569ACB26290}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C1310086-A22A-497D-A97D-B9FC7969BF5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C14C5309-3354-4F14-B35C-268833DC94C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C20E770A-A854-40B3-91F9-2863782E7848}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C2471A16-245A-444F-B636-B1B46C199AAB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C24768D0-C589-46D2-B8E5-93ABA903B4C2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C29A5398-9FE1-468C-82DA-B55CEAEA8079}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C3553C75-B00A-45FA-BDF7-8C480D59F44C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C374BA71-5BF2-49A4-8D45-183A92E3EF67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C3CAF8F3-F1EA-43A1-A1E6-78EFDC6E0226}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C4322706-555C-444F-9FAF-F6470411D4A6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C47171A2-2C1B-4385-A3F5-80F89747988D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C541BEAC-F7D6-45FE-BDE9-DDCEC7C317FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C5D67408-2B72-4AD2-8B00-503A1C8AE210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C611C40D-44EB-42B5-A690-E45028A9876D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C6E14E0A-D610-493C-85E2-5ACD7264A39A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C756B7E6-4E44-4230-99AA-97DFF4DB0D34}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C89A26F1-B391-4B86-9BB6-8DB3B24E62E8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C8A73405-7873-4887-8AC7-86AEE07D96A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C8B4C25E-7632-4885-AB18-FC5F23AFDB2D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C95C8596-7769-41AB-B4A0-0D2656BAA0A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C9A03E08-34FF-46E0-9351-9A52240F78B1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CB201E08-7EC2-49AE-B816-5EF003499581}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CC503276-1B01-4B80-B401-034A987D3189}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CCA0C8A2-E435-407A-B171-C16A4A0D4C3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CCD0BC1D-FC65-4D2B-AB72-8FC0D6D4D770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CCF5785A-39C7-486B-96F9-48610A9DF2EA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CD615BE2-C6DB-4BA0-BC14-16190DF34598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{CE20C4A3-A614-4105-B994-9C8138EF7131}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CECFF1DA-AE52-4D4A-8649-B1F57D740ABE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CFFAA559-83A1-48EB-8B12-C9643DF91135}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D063BA5B-4177-4B2F-9725-7D9D5A734DA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D114F4B1-6B14-4BB9-AFB0-1B35B7DB4EF0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D14D521E-FCC3-4855-BC66-D11E57F67631}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D1F303C3-D4E0-4E32-847E-4ADBB76C8797}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D1FF8F8C-0C05-47D3-8550-28D1F03EA00B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D24441E5-8A53-48BE-B086-48AAA318CF72}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D26B43A4-C102-484C-B55F-54724391FD94}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D33B9444-09B3-448C-BF54-4876F6AA0F79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D45A9850-421E-40A8-B35D-63FC650697FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D471E069-AF0F-45D9-A61A-40AAC856152A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D4EA4FCF-6EC9-48F9-AB87-F3309DF59E28}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D4F73208-B4E9-4A45-ABC8-773F6418A2F2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D67C629B-0DD3-4C08-83C2-837727ED7A77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D7BD4759-D97D-43FB-A928-73B4E5CEB50E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D7EC7159-2F3F-48D2-9C30-758B58ECA69C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D8953179-25F7-4CAD-BEC0-489E47885944}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D8F21867-078C-40BB-A950-370718B21533}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D9A1B232-7A75-447B-8A9C-485ED9353C51}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DA4FBA9F-ECD7-45CF-9935-CEA5BBEB055E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DA67DA66-C89E-4E31-BFF9-DFE025122CFC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DA6B881D-2914-4A7C-B777-1A7735F01063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DC19C966-992B-421A-A888-43B397EE9570}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DC357C6C-21C4-449E-B015-043BF7DCDCD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DC71EF7A-9EEF-4483-8113-DDB36166B668}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DC8F71C0-9A39-4B13-9E82-FEB7076CD946}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DCBDFD43-B9F5-4C75-BE7C-D5912164F7DB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DD5D753B-BA63-41FC-AD29-99E1741A8B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DDA2CF78-9786-4F84-ABCA-129D5A05E354}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DE7BFD6A-4773-476A-9AB7-7AFA0C5D5CF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DE7D3B9E-6B2C-45BE-9771-C68E2B5BE52A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DED1434F-74D3-44A8-AF9A-BEF4DF4498C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DF4A61C3-1BF7-4D76-8C26-BA4AD34E9373}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DF6BAD91-1BDC-49D1-BB89-8E87870BB63B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DF82B287-B26E-472C-AEFA-CB0E6B46A05F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DF9679F1-71B3-42E1-AF96-E4D26A069D73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E00E21AE-4512-4BAF-84BF-F6977CE2AC77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E0333C7A-5392-4EDB-82F6-B28C4FE436CE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E04FC467-B749-4F5A-B885-8B861FAFB9B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E0723464-2570-4ED0-BC9F-EB379822D82E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E13CC9A2-DFCF-48BD-AF97-4C593BC393C0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E1EBB387-EE5F-4AFA-8EF4-B54FE9B1E12C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E204F5F7-9205-4541-B308-E49950E45A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E2987BC1-7D1B-4595-89B6-7672797A446A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E2BC3268-853D-4F9D-BA9B-CD128B499F4E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E2D33EF0-6583-4011-9F15-A2D3628B4973}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E3079663-6427-4F33-83D6-E57936C7DA3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E30F6D0E-9CD5-47F7-BD5E-DE9774B1E001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E3570E7B-8525-4673-9AE0-B47264921A4C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E3923674-3C08-4556-A291-84E1C44E771F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E43F815C-8753-4395-B6AE-5AC43244A95D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E4ADBC88-B3AB-4267-B0E1-DBD6A058184B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E511CBD3-809B-427C-885C-6A3B8D82B10F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E516FDC7-6910-4F4B-96A0-DD1118B2BC9A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E52CC900-6796-40E6-9E73-246986410DE1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E580F687-604D-4EA1-9ECA-0A52B6AD1868}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E5C74071-8E2B-4A4E-99AD-A501687287DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E5D79EB4-3661-43F2-8BD6-CABD6912D297}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E60CE4CA-C539-4A18-8161-46BC682F3B01}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E66DEEE7-5D73-4EE2-AADD-64F850AF65B1}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E6B89963-F7AB-4C97-B275-D5B41E49CE6D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E6C62C53-3C89-4EA2-B90D-97E476FDCE07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E770E8A5-32B1-4029-BACA-8B9DF588E2DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E77114E8-5AF9-4370-9E7A-F5B6CD16293F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E842BE2F-FC04-4155-AFA6-482A735E079D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E8E1A8FF-6F01-4FEF-BBB4-9155323263AF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{E8E346E7-A1A6-40B5-8604-E88227BA34B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E902DDD5-337B-47E2-BE35-8AD50E5075ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E90ED353-6E3F-458B-9E35-D59F47F75972}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E9600AF9-FC99-4109-A65B-C7253EA1DC2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EA04E9C5-7761-43F1-855F-FE9128CD5729}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EA5E89CE-904F-4A63-8237-54D1B8A34D84}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EAC3B71F-395C-497A-9086-3FAD3A0603DC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EB337E9A-D998-471A-A582-9E5F60226EC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EB60CEBD-83EE-4F58-8266-E5EFC79A718D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EB7F9293-DD8B-42FC-B871-90FC22A813E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{ECBEF817-BAA4-4B42-9B58-A1C3F10E73A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{ED9636E7-7F02-48DE-ADAC-AE55FD5941D2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EDA2257D-BEAB-4C98-9D18-F509D325D36D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EEFF3B09-5F42-44B3-BBC2-A08B18181A74}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EF027728-2A1D-4A1E-BE18-F1DD7010ACF0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EF1AED37-D179-45BD-BA57-6B5A756AE914}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EF3B56BD-89C7-4237-AA9B-6D208647BB3B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F00389EA-607E-407E-87AF-44960B8CF08A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F03FD9CA-1681-440F-A108-F54484602FA3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F04DE8FC-17C2-46D2-A4BD-B02271FBF9DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F0CC7C44-4D13-43B3-86CD-6D8256BDF9B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F12DED11-FB8B-42E6-B3C6-3059269071AB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{F134C840-B352-4817-A679-AD3A1C4943E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F207346D-8DDC-4ADD-A0C7-5D5F5BFAE5FD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{F298FE63-7DAC-4254-8D1B-F8C85C842099}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F29F03AA-5DC7-478F-BB2D-C4423A497952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F2D4D441-5CA0-42C6-A98D-BF7809BED72F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F3979EFC-65D9-473B-BE32-4A880483B7B2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F3C6F009-D90D-46C3-A159-8816669432DB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F3F6981A-6B81-4422-A502-334E8E88E1A4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F4169747-DDE0-4085-81B8-F40705AA538B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F47DCE17-303F-4649-A021-0CAB44F580A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F4840168-98E0-40D9-8801-2A2EE8017E45}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F4B42848-8C6D-4059-9E85-1F61B2C9A45C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{F4CBC3BE-D7DC-4A79-A027-69CAC94D1356}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F4E2FFAA-A220-49F5-883C-4CB4152917B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F536F210-6836-4387-B91F-B52128281301}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F5533D31-A99E-4C85-BD72-0CAFEA4491D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F5536A44-F448-4BB2-AC59-E6B47959FDC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F5980AF1-ED93-4AF1-9C66-B24D3B4561E7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F5AC169A-AC69-489A-BBA0-2E1A383DB180}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F5AE852C-2B24-40A3-85FB-8A71C5E02045}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F5FE7ED6-9B9B-417B-A35D-B86683A71706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F6079992-692C-4FF2-BE46-031A8EEDDE47}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F64D1BA5-C75B-4190-9D13-8D4446A126C0}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F75D1544-4B24-4831-8FA4-05EC96658FB4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F7E49173-794F-4ECF-A00D-A19DE5C11A1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F841F350-A22D-4370-B934-3951A532B9BB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F846965E-C1F1-4E9C-A0E7-94F8DC5A6C71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F847FD2F-B81A-4C25-BEA1-AD9F057D738E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F854AA9E-2C73-48CC-BE28-88F040207A14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F8C1E065-00EE-4030-89BD-C86E668FA811}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F97DEA89-ABD5-4678-94F4-ED61B6C3AC31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{F9CB208C-3838-4E77-8656-8D3637F9868D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F9FABCF8-57A8-49F1-B9EB-94222D592ECA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F9FF0206-5A93-46BF-B60B-70190C3066F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FA4A6651-2803-42A6-9A41-37D48FEDF654}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FA839F11-EE47-4AE9-ADF0-924E6AD6D1CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FC2CB173-7DFC-4507-9C75-DA012508765D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FCA1A6E3-264C-4E10-A3DA-48286A3900FF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FCE4ABE7-3333-440D-8500-2CEDDDA0C4AD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FD98005C-67A7-4B8F-9DB9-775A9EFAEBD3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FD9B895F-3F5A-479E-8FC5-5EEA53AF677B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FD9F1922-438F-4CBB-94B5-3B91AA4E5055}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FDB6845E-A48F-49D4-A95E-EB9E2593F6E3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FDE96FAA-972A-4360-84A2-C45DA42DF6D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FE479B6B-1284-42BB-808F-DBC519C53B82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FE75C543-51AE-4414-8C3C-91E964955512}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FEC17E02-7CF4-4985-A302-92BBAF43633F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FEE67303-AB30-4C4D-8C29-06C003059B45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

c

Share this post


Link to post
Share on other sites

(have to split the file between three posts. 2/3)

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{013CE5FA-4EE6-4B82-B629-9C9A93BD4463}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{01C68942-AB83-4731-AE5F-2E5C09CDA6B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{01E35A92-A97C-45B7-A4FF-09B43519A355}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{01FA6893-35A2-45A8-AB47-765EDA354204}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{027B72B5-4BCA-4D60-AFE1-8A144B7D9888}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{038E1022-6F61-4BA9-81F7-998B17625ACA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{03BA1633-9179-4CF6-9B3A-74D7F4F44F53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{03CAD785-7A2B-481E-85EE-4E6E3BB2C938}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{03EDBA16-E385-4C79-A0A7-EA3FA4044768}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{045B40A0-05F9-4835-BBDD-6D7CA1641290}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{04F8FF8E-4D2B-4CC1-8DF5-0179B4C1E231}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{057CDB76-B4A8-40BF-91E9-89E4D9BEA2FD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{057D18AE-8E02-46C7-9852-45314594B4F1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{062B1BB6-81B8-4373-AD63-501BFA5E1867}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{066B9D0A-6C1B-4939-995F-A68DF501C016}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{066BCDA3-60E1-47D2-A7B2-D1E2D9777363}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{06BE93E6-1709-4F1A-AFFA-6011F6367043}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{06CDDA96-B329-4128-BC9C-61AA4F35F962}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{07845E6D-817F-43A7-9E2B-800D005710EE}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{0857999D-04DD-43AD-8441-DA70172F8733}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0894B95B-365B-4F0A-86D0-0888F07768DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{08F51DF3-6F21-431B-9F62-8357ACDB3F25}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0921BD7E-45F6-44C8-ABE8-D7DA674075C3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0946C538-97A6-430B-A1E7-93C576372F29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0975F4B9-6D09-4605-8CDF-51122AAE4495}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0ABBAFDA-5E93-4BE9-8E56-004031C44605}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0B1CB750-83A6-41F8-A091-86AAAC744B22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0BCA776A-B1ED-4DDB-AAB5-8FE4553499D2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0BD7903B-068D-4D6D-AC9A-40392D5F2C45}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0D812C1E-79AB-4BD4-9ADD-639BB91E42ED}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0DC8D1A0-DC6D-4376-B89C-88CAD72F6A9A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0E209997-A863-4466-9A76-E34457E1EE75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0EBEE4FF-9FAA-49AA-A600-FA236C9D4593}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0F2DD6E3-6863-4B36-A035-157412FE946C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{0F389424-E7F0-472C-8119-CC3B28C519B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0F3B65AE-379F-4F12-BF5E-19EC7806DCAE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0F69346A-BB8D-4727-A103-B0EF54A81DA5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0F70E8AF-2ADC-4F38-8877-2E6A2A250820}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0F814222-E91A-416C-87A0-798F6B7A86C5}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{0FE5BCAF-E8BA-462D-941C-38DEB6463F7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{101AAAE4-9838-4A12-A2AE-FB64E2B5F0D0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{105A46CB-D558-4E54-A2C9-990C6971D0A2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{113F4DFD-2FA3-49A5-AECC-D06D6919D784}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{11820D19-014B-4386-A4A6-C517E233E556}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{12699D55-9C24-4D1B-B0E1-F10D8A6696BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{12941FD4-294C-4F5C-B7AC-5FA27DF93DEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{133C6C11-7CE7-49F2-8B5E-C368BBE950F8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{136C46D2-648A-46C1-9E58-21BBA338B162}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{13ABEFD0-7C02-4F52-A893-2A02F34A7EEF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{14B2F168-F3D6-4A69-9C7A-1134E4787AF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{14CC06E3-A28C-48AC-9D00-6F1A6F92F029}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{150AF66F-3CF7-4801-9EA9-A3DAF9226A63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1510A71A-5EBC-4F91-A1F0-286C00AD0078}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{16AC91F1-5025-47F6-A969-0B782DA439F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{16FAD95F-A379-49C4-B8CA-4D4CC92955FD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1720A6B1-229D-470D-8BFD-3FC08F841E51}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{1842E4E4-BD01-4661-AF60-26110D7F5BCD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{186008B2-D33A-4475-A1B0-636AEE4E6523}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{19B22DA9-C669-4C69-A07A-F235A9BD56B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{19F5B2C2-681B-4846-AF75-7B072E7DAAE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1ADB786F-1FC9-4C0B-B913-8A4966B4DC61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1B51BEE4-F5BF-4355-B48A-46CD06BBF16C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1BD0813F-0D49-40FC-BB30-7917E7889DF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1C0BF9BD-001A-4F80-8797-F5C9221DCF45}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1C1F91CC-416A-448C-A63E-B57B6538EE6F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1CECC3AD-4AD7-4A9F-9D01-48351CAB33E1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{1D38DD10-658D-46F8-AC50-241DB87B80F5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{1D4248B5-5344-4F39-8876-682D2DCBA9BA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{1DAE0B67-69F8-4E51-B9C1-2E12683567A7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{1DC286BA-B9BE-45F9-9F1E-1B793271BAFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1E46CB9B-F197-404A-A511-2662C5433706}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1EED001C-3A4A-449D-A05D-5D90F6F335C7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1F46E461-74F2-47F2-B7D8-9559DB9F15C0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{1F91A765-BBB8-4EA3-ACCC-EFCD1D71CC1B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{20E6B4EC-A75D-4DDE-8E70-4099B599636D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{21A7810C-BB25-4B2F-84AC-2117CF5D6C76}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{21A7B800-D52C-4645-AACB-028756FB9209}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{21C34225-4836-4CEB-88A5-A6228D3E7B9F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{21C7145E-BE07-4518-9A06-0A5AE8C31F26}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{21C84390-C396-4F60-A35C-637B859526C5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{21D7ABDF-9758-48C9-A878-1DB6A47CFD9B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{220D67AC-CA59-4224-A63B-DE2001034B8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{231A3575-B9DC-416B-B657-910C668EA139}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{231BE246-F9D9-49AE-9856-17620D27264D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{23BB2758-6694-4C89-AE08-B1303C539E98}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{23EE425D-1763-4111-A4B3-60AE5A85CDB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{24AD1B6E-4EEC-44C1-A7C7-49676A97DA90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{24B28D30-3A3C-4E94-80E6-BF70171CEB86}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2521F9F0-EEE9-4D19-ABEB-6116632051B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{25BDB604-591B-4CA0-A598-850E2107A25C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{262AAB33-A257-494A-8369-BEF58C228D45}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{263D8AEE-5E71-4602-99AB-7EF5AA90E581}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{266CEE67-AA05-410F-BCFB-A6B4BCC4DAC3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{273D75F5-ADF4-47FB-AEE1-66AE0B2E03E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{27684F9F-5B02-4154-B619-72E42820A562}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{27DA44A0-D054-442E-9496-2EE86DEC51F9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{27EA1BB4-E792-4862-A0EF-96F178152A8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2827CECF-5FDC-48CB-BE94-242FCE7A145B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{283252A0-7949-418A-B350-D3020B1A1E46}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{289EFCDB-CD3F-4E04-8BCD-6F6A2E66BF62}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2930A5D6-A09B-404D-83B7-B7110FE9EFAE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2964439A-88E5-478F-97CA-04CEDC1E02DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{29B466B3-8918-4776-8C22-202BF3B8C8A6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{29BD8E45-DB44-4347-A8D0-C0DE24D80849}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{29DB01ED-EC6B-419B-90FC-A81A8D0A1C7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{29E44FEC-918C-4B21-8826-E89F0553ADA7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2A59158E-4528-4554-95E6-B90D516E8E0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2B363570-23D4-4390-870C-DB201304C9CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2BA08BE8-93D3-465D-9FF9-F463B27F4182}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2C1472D3-98E1-4E40-B908-85DCE7C2D6B6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2C731B6E-5CBE-4DDB-81D2-A24EDB04690E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2C89DD7C-6959-4C55-A129-F7776B496708}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2CA7A77F-F93A-40E0-B49F-468DAD390EC0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2CF7EEAA-B2C6-413C-84C0-5E048B94170E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2E7EA5FF-2BF0-4324-B460-E54490EE1B44}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2EDB2609-BD88-4AA5-BDBC-849F15770B96}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{2F293EAE-6C38-4C63-8083-7E6D12B14857}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2F98B7C7-561E-4789-ACE7-0E7FFE6473BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2FA2FECE-974D-44B9-89C7-F01E21B5E168}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{301CC090-DFA8-4DA4-AECE-87073E975218}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{309B1CF9-DAB3-4226-8745-ADCD2EB1F654}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{30C09EA0-9F50-469E-A285-24CE2E8ACBD8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{30E3EEE9-B815-448F-9734-89B5D583E724}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{31040072-4B9B-42AB-8C46-BB97FF69D7E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{31448164-532D-4EB9-B942-38FF49BB7F00}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3180A440-EE76-4B89-942D-7918FE70996E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{31C68CD8-D5D1-4305-B4D5-27CCE91C8899}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{321E9112-D163-4276-9A7A-2EF4E2D23F0E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3268E000-F8B3-4DF2-BFF2-078D55740399}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{32F21D71-A686-4D57-8A73-C5809D3CA9F7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{32F7AE7B-8DD4-4009-823E-599B082642E3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{333F33D4-4134-40AA-8335-F7608E47F65D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{33DC35ED-F72C-493A-9560-FF806EE76A58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{34D4805C-1F04-4D75-86A4-E6F7A8472889}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{34DCDA91-7B8E-44C2-A21F-A170BE3F2B19}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3515D83A-9369-412F-B4EE-669D1CABA1D8}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{353000F6-B815-40A4-A544-2D647EFA6056}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{355BE47D-FC4D-4A12-B495-C3598A44220E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{357E8237-5B44-4211-AB41-5F2B05B6A93A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3596CB8D-8A1E-4CAE-AB59-F3E168F13B3B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{35A454A3-E587-4C4A-8A7A-B02CE3BA981A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{35AB4FD2-DB3E-437A-8C87-9BB7FA9E40CC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{3644513F-B30A-49FE-B8AE-C2F2CE8AF5E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{36743C4A-5B9A-4D4F-9A3C-F1F9D8B7685F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{368BCE16-0083-431F-BA03-D4AB9EE12485}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{36DE69DA-CC0E-4FFE-8973-F24B6BEE599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{378223DE-FDF8-421B-BD60-AF29F3B7BDDD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{37B46DE7-219F-4177-98CC-211E01153BF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3809F363-8787-49AB-8240-8B2D1EA9DBCF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{381609A3-F2DC-4BC8-9308-EDBF1CCD873B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{386DB7D4-3658-4964-8638-F50AA845AFD5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{387EB8E1-0884-44EA-A137-E1A6930930F0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{389D13A2-5F8A-445C-81B8-896538AC647B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{38BEA5E0-3705-4705-8E6D-183F33E75B59}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{38D40455-7F8C-4154-A624-9013B7BEA2DA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{391FC5CF-DC45-43A2-990E-40E09213DF48}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3973AC95-83AC-489C-A227-1BEE29AC176B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3991827D-3D4A-4902-82C3-8758E16F6431}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{39D7F73D-E102-4FF2-AA2F-758EF1CFE29B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3A9F1F2A-8F97-4E00-B3C5-CE01294F0373}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3ABCB1C5-FAEC-4887-9963-007F7C6C90E1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3AE37C39-D7CA-4896-82A5-12F6114D3FA0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3B1C18EF-66DA-4596-97AB-D3DD181A7FB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3B378831-86DC-444B-8064-857E94BF85A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3B6171C9-4548-44EA-89DA-DA3B582A696F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3BCF3133-C128-42F9-9AFC-9FF64A60EDA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3C7721DB-2141-40E2-ABCC-15EA09FECF90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3C8B2776-C016-4FED-8C50-FC9B9142D06D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3C8E1660-704D-498B-B267-29404B7B35C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3CF84159-F23E-4FC6-8E72-9C6ADE35F817}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3D38D15B-4485-459C-8485-E21C177A9C90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3D42F350-B661-4772-B983-F01BB0A3E2B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3D69737F-E113-47C3-A67A-491C712108F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3DBF51C3-5747-4883-B7FC-C9BC93A940F4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3E0CE89D-6717-44D6-B98A-C816222EF633}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3E15276A-ACA7-4041-97BA-C55C22D76A02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3E63EFD5-68F1-4E62-9F3B-8F589D5F0265}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3EDB2DC0-D0B7-45A5-B360-016CBFB6B599}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3EE5938B-1066-4483-8F81-2450A0BAE2BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{3EEA2684-1A76-48DC-9EDB-7A8786189922}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3F3FF9A1-F7F0-4D48-A158-279DFDBE75AD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{3FC4A397-0C1E-4BBD-8DC5-2C6FAE131A5C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4047B207-A768-42A8-92CD-BF8098A00257}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{40827834-F41C-4674-AAEE-08BF68823352}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{40A5A945-9BFF-4014-8ABF-D8ABB941D8D8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{41498729-44D0-4C23-91F3-C76E2CC0CD55}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{415BCB78-F0D6-4172-AA2C-5D4DC441ABFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{41701472-D98D-4D7C-96D6-B72A291CD3DC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4196E6AB-78AD-4E65-8A0D-D41572E42FCE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{41C1C1D3-3B32-4711-A88F-1E43CF3F267A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{424B03FA-1016-4EA0-9429-0F16285D93E2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{424D0A13-099C-4BBE-B190-517ECB32EAB2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{42C45820-861C-4D48-84A2-6A25F4788AE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{430F8999-9836-4998-A732-27A887B2E93F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{432740EE-1BAF-4F0D-9404-CDA838B6960F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{435F5ED1-5DE0-40F9-82CE-142DF37C45AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{43A45517-455E-4201-8932-B3771CA9EB8F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{43A713AA-84A5-452E-9C15-78A7C6922255}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{43B6B467-D553-49B9-943A-BE7ED73751F5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{447D5EC1-FD36-4EDC-BC49-3AC8FDA3D36B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{44B40E6E-2A9E-45B8-BC2F-EC03CFAEEDA5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{44CA17CA-DEE9-492B-90A8-93817F830897}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4568D26C-FA6F-473E-BC44-90D473BC2B65}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{45CE3DB5-95AA-4358-8E7E-F4FFE80F1680}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{45FFA859-341B-414A-AFFD-15D205E926ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{466BD808-7529-4496-957E-4E5D350E3935}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{479B00B1-8CC6-450C-B604-B5CDCAEAEB28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{47A2F75C-E13F-48E1-A196-B100EBEAD354}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{47A48136-F7AA-488D-88D3-B7AC2FA6F085}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{480BFCDC-FCA7-4AB2-98E8-BCFF52E5A44C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{481B1FF2-F7F2-4B45-8894-8EFD134B5530}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{48F0642F-7971-4426-ACED-819F5D7C17CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{49292BC5-9655-4FE1-9FA2-B3D43047A391}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{494B1BB6-E809-43BA-94B6-D852C95185F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{49514B1A-964C-40BD-9269-4ABDBEE99818}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4954DABD-D58E-4013-B7C5-CCA0012AAAF5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{49A77FE8-9002-4AA9-99E0-A56450085E73}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{49BA53E5-A2FD-4D57-B0E2-B2751B9DB48D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4BC969FC-3D19-4EDA-86C9-C5183FCA31BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4C7AAB04-4110-4D6F-93E0-0AD399A43E1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4CFE7490-4DF6-4A03-A56C-1809CA5351A9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4D8221A9-3D1C-4D2E-98F8-0BBCFCDDE0CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4DECD01F-F652-4C5E-B198-B4C44A6F4AE1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4E79C249-DC40-47CA-BA1C-BA675355AF04}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4EA9E806-A3C9-4D64-9233-190FBF8FFF54}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4EC3D1F9-AD5E-4187-B277-0E7C747258E2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4F37F5E0-8950-4A8F-85C3-78501AF529DE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{4F440FE6-8A09-4535-9F07-CFD26778A215}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{4FF088CB-799E-404D-9A5D-2833B6102925}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5007317F-E5BB-4FEE-BF62-607C841D09E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{50087AAF-8A35-45E7-AB50-EEC0A859F532}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{50089821-2121-4D0F-8598-85D68D2D5EEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{515A6742-054D-42DC-89E8-B40008FF1160}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{515E471F-B6B0-443F-9315-F35C6FDD10A8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{51DA556D-91FF-4416-AA41-12451F3F0396}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{52160E36-206C-4CF5-B14F-AE41B200B7A1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{522BF8BE-1D17-4363-9CD7-BB8ED5252B3E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{52796029-735B-4CDB-9FC5-E742DE525E93}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{52DF366A-9FE0-4EB3-AF22-DFB7A8915375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{53101066-3565-49F2-A4A6-5A3928B2F24E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{53CDCBBD-CF2A-437B-A08D-06553B1F3077}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{54F7C0F9-0F07-4758-A826-FA416F5A9247}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{54FA9196-AED8-4E99-8B69-EB5B419F0201}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{555ABE28-100E-4E19-9607-470DB7B6213C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{557836D8-2702-4EDB-89D2-34A3B813CD60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{559C1667-570B-4F7A-BBBD-06E112C397D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{55E0460E-3D2A-401A-80B2-4D5CA4870E04}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{569DCF3F-67D0-4DA7-A39F-474A54D3CD04}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{56BADA7D-B9BD-4613-9CEF-C13DD1972D3A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{57177419-4825-4D09-9B4C-AF43866D148D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5733FD7A-53D0-41A9-9253-7D8AEFD59C6D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{574B5E3F-D1D5-494A-AD98-A0E2E06E8C62}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5796A5C8-71FE-4204-8061-33A0EC87C801}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{57B122EB-041F-4A17-B6F0-77C60F756CE4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5836D59D-CECA-4EB9-BA82-0ABBEFFDA537}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{58B7D9EA-A396-4963-AE39-7D3EF11812CA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{59311E2C-B5EC-4AB3-ABFF-A3E0C6380DB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5932D47D-332C-4C5C-9026-AE85DC69322F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5B31C887-2D2C-40F7-8075-A21D13E0B3C7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5B545A7A-20D1-4D3D-88B7-DD662011FD36}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5B65B743-1818-4273-BD62-3E305009B3A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5BB50B29-B7C5-4543-9AEF-BF632B47FB92}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5CFEEEA9-B669-4D7D-943A-3868EC1DC4BE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5D287823-6CF5-4D4D-B62B-6F1A616D6D27}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5DFC4BE9-5AAD-4001-8FC4-918ADBDCD563}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5E6FAA7A-361C-48D3-ACFE-DCD8F3FF63D8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5EDB9CE6-A46B-401B-B27D-38CBF864BB85}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5F614B58-0BE2-481D-A05A-1C47C7FFCD74}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5F7AF810-3E97-4029-9808-A2DA65448315}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6070FA1A-780E-43D5-B980-3121CEA0B08C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{614D54DD-DF44-413F-82F7-4C1A94542B03}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{62995E45-5829-4A1A-A3CA-ED0BE5601156}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{62FA4439-1C55-4D5E-8C93-5F7739F4E445}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{63009448-A7DF-456C-A38D-636FF0A2171D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{63668141-E02D-4F39-B566-4F16E408E341}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{638597A8-EABA-4234-84D3-E71A7DD1147C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{64C0BE00-AFE0-4227-96B2-2A20F401758C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{64CF3DC5-15D0-402E-8410-EEAA6D38DAF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{64F6C120-DC73-4B4C-AA9C-E4117AFBAE09}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{654BE732-DCE2-48CF-9907-A4332573672A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6593BA4E-39C1-4F62-A4E6-BF7C04CC34F5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6626D8A8-EEC2-4071-BEA0-EE739CDC5004}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6648FF78-679B-45E5-A9FD-B526883F5EA8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6659B37E-9982-48A8-B29E-8C0B0C94D042}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{66995A75-FA7A-4994-B8C6-13356C3A647E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{66C810AF-D5D1-417D-9FBF-61D3D40B55A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{66D5305D-3E5A-4852-9A6B-870F7D7B79EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{67409CE8-CC70-4658-9992-DD8BBEC727D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{678BF996-91EF-4C3C-BF7F-8288A119E20C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{687DBBF1-D0C4-4D48-B883-7E334ED0D514}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{688DD35E-049B-493B-96CA-59E71D63AD85}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{68EAD58F-960F-47A9-800E-4E735500E590}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6A04DE58-DD07-4490-A0BD-3C87E1A53BF1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6A36E88A-2E68-47A9-8C86-7583A440BCC7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6A79C0D8-36E9-4670-89BC-FA950BA6FEE8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6BD9A5EC-998B-4FF9-89ED-D49A391971D5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{6C480A3B-F4B1-40CD-B550-D59996222AD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6CD66741-5975-467F-9124-55AA3FB37D26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6CDBB4C8-1DF5-4FE5-9C99-8E70EB418E23}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{6F18E882-DD26-44A5-B110-3F611A9A3813}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{701D0796-1E94-40CD-8EE4-F689E7F98963}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{70BCFA52-F476-4037-AD01-B542C297FAAB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{712770FC-779C-44CE-879A-F3B68C7F2B6E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7165AFC9-B980-4D5A-8534-EBF6AD4C464D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{716AD920-2A4D-4707-97F7-42949997A614}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{72630DAD-729B-47B0-AA1B-B3D2A938C78B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{73087881-12EC-4432-BF4D-9D9D253337FE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{73897D95-439E-46AE-9535-51CED6C28DF6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{73A748A7-75F5-4276-8AB3-E7A7F6D27774}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{74082B7B-3B31-4DA5-947F-14549009E568}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{754BA16D-2CFB-4D5A-AF98-57AA61850FA6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{755ADFFE-879C-4E8C-99D2-E9009F7080A9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{756399B1-2179-4C7E-98A0-5F7666DE5127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{756DAC90-3CC0-4FD1-BED0-4F3DAD1DFA81}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{75DD86D8-CE55-4E68-87CC-5B37A57DDB55}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{767A3C10-3FE4-4E58-A1CA-230D6168F404}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7689F074-D0E5-4D99-A7CE-8A6EAE5B6887}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7731F7EC-0027-4965-B912-4D7586240E91}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{77FB3797-A966-4187-8E0C-DE64328B95A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{77FD3308-52DF-4D08-A04C-BA24970B63D2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{784A71F6-4851-45DE-8ECD-1E53AF9F7D0F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{79020E63-2509-46B9-A5A0-842E401611A9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7931A7DB-6760-4F8B-8036-91EAE3342E18}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{79454855-7D2A-4515-921F-3180B3333AA7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7948720B-B498-40A9-BA08-E506F0A960C5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{79717CF2-D06C-4651-8ADE-B41D70121F36}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{79D6AC39-3FBD-4D55-979B-F42632867C9F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{79E2F021-1825-4A2C-9A63-6AEAAD57C1BC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{79F0D542-9C74-4F09-8238-4B71017B3EA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7A14136D-719A-4FEE-840D-06858F483F29}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7A9DDF33-DCD3-4544-89C6-20F3383831DE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7AFD2B60-D148-45CD-A597-188C2B5E4BFA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7B1B72FA-E582-445A-858B-2E36AA392F3C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7B2B1158-CE4B-4EB0-8B56-A993C82CA73E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7B43E890-B376-4EA2-923C-49BA8C29BD16}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7B94DE47-66B7-4B8D-A43C-82DC71473189}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7C128397-1B31-4DF5-82EB-9A96DE728D87}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7C7B1A3E-0398-4ECD-9F4C-B4A2271473D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7CBED824-6804-477B-9BAB-C1936EC5ECAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7CC4BF97-D90E-4AD7-BC59-BD7126E6E6F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7CCA933C-69F0-44C8-BE8A-40F60C32FC85}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7D335219-FC97-4F68-A78E-B8D97566385A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7D76540F-DB8C-4D1E-A6D9-2C59F9B58A3E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7D9EBA78-CF26-4B67-B81F-681563B49650}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7E44727F-77B5-4360-8639-FE759BC87E17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7E8D1E69-148E-4F14-A2FF-6FDABBFFF45A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7EE3B1FB-BB43-4992-910A-B89CD86F5D98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7F5E2595-C5BE-4001-A618-9DCE8F8D6A05}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{7F710A04-465E-42EF-A417-3A3B3D73806A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{7F7E8A9B-60C6-4D76-B48F-024DCB7B6DFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7F9761DB-7196-4EA4-B86B-E4D9D9E55912}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{803CC179-7C31-40E6-ADE0-1107C5270D26}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{813D3E37-A2FF-4818-9ADE-FC7083D87AB7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{81A9C2ED-60B0-4428-8F8D-B1F4A0631D5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{81EDA079-37B3-48C4-9D06-89A3E95B2816}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{820569D3-C6B1-4CBF-B634-0C2341362A5E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8282319B-7DD3-43C3-B7A6-206849171915}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{82895CAD-10B1-4DF6-BF49-E4EBF4B24F0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{829441CA-F26F-4145-8EAC-A78698B0B9B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{82D32839-06B1-4B6C-BB75-9F6376F94E2B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{837F46E4-2388-4B11-A4DC-BC5353251148}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{83D23B22-F760-46E5-99A4-D3135262D42C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{83FA1941-1171-4CA0-BEC6-04D6CD5FD03C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8446235A-3DA7-41ED-9EA3-DF510C8377FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8506739C-83CD-497F-9878-AA4C38B4EFAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{859B5DDF-0FFB-4108-BC7C-40E2863C8BD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{85C3C3B8-2D3C-4CA0-A468-8752C9C48338}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{863A4D37-A096-47A2-AF43-CBB3007ED074}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{86412331-3197-4F79-AA37-11F1D79E3E9A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{86A397A9-CEDC-4E39-9482-4F2466AAB726}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{87255E49-739D-4A2E-B465-99D51A2578B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8729D20C-A6BC-4B27-9E59-517B74D4A904}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{880EB8B3-818B-4FB3-924B-EC61C2DA3B7C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{88C2CCC8-5802-4865-B963-50CC9FC871ED}" = protocol=6 | dir=out | app=system |

"{88C52BBD-67FE-44EE-8F23-60F8E89E9E66}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{890EA745-0046-46C7-9CB6-37A3BBEAA0B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{899F04EB-6979-4B40-8FCE-C79B583888AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{89E8DEAD-9D1C-4C45-8B7C-19A7B7BAD5D4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8A2059DB-1A7E-460C-8826-CB339A566B7F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8A87504A-EA01-46CB-AB08-6005C2290A82}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8AEEAE98-5626-4738-8968-6D2C9DCF368E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8AF93F81-2A46-4A58-A548-78063D312129}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8C73476E-0DA2-4842-84AB-58C666E41278}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8D21F53D-2C68-413A-8307-4714BEA537FD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8E23E56B-0649-48B9-82C9-226EE8C55A54}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8E2E2355-A104-4B6B-B67D-98E053E13A27}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{8E3EE357-3FDA-4215-BF69-91112F1C3564}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8E59B5DC-42B0-4840-A32F-1E14D9DF4328}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8F055D5B-79D5-4165-96A0-0C04B65C3BAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8F5C3E82-A523-42E4-9521-9CC0634CDABE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{8F65B49C-4584-4821-BB7F-9459261D5465}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9013EAF2-9C22-4D5C-B507-12EB80C5F13A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{904F1680-6D7C-4E46-84F1-DF24A64DEC5A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{90AC1C8A-818F-4995-A0A5-BF4DF5A921BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{91B69041-CF8F-4D55-B715-9329FA45B166}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{92D2855E-4257-42EA-9B2D-B5B32EBEA8A8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{92FAA65D-BAC6-4EB4-8B4F-C960423960DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{93225DAE-EE5B-4A9A-8082-DC3F7C37F850}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{934149E5-A805-4BDF-BB6B-52A6CB6D3BA7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{934F65E5-0AA6-420F-931B-B85E10B24392}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{94035FB9-F6C3-4691-9341-65352A0F1D17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9527E798-8577-4F77-8A17-284CB124657B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{95600C6B-326E-42EF-A369-2ED2FED1692A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9563E755-714C-4B1B-8D0E-C2AE57253738}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{956CE4F2-2D09-4330-B376-ED2A65E87C86}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{967D240A-6629-4AC3-84ED-8ABEC96A303B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{97C541AD-F7F4-4CDA-9D53-C6BE622450E0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{97D07F2F-447F-4E08-8102-7F68578DE9F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{985C69E1-034F-4D8A-A988-10438128552E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{98755564-978B-4CF3-B999-19F41CF246E9}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{98789323-DA93-49F6-BC45-AD66CC51C8B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{98FD6ED0-50F3-4A6C-A817-01A54011485A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9946E382-EB61-465A-A066-54659DC1D85F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{99887089-E7D6-418E-A716-070D2375C95E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9A41FC42-80D1-4FD1-9504-ED5417C6753F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9A480B44-267C-4A61-98CF-B8E25D0C6EF5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9AC0928A-9CBD-4955-89D9-CE9B204268FF}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |

"{9BB8389C-431B-4712-B3CD-AF57A6EACE6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9C22A4BB-D31A-4A7F-B6F0-E7FC31F06C88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9C4FF6ED-3D59-49DC-954B-B3A94FC7C981}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9CFF3EB5-0063-45C1-993A-5F4A6F8FDC30}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9DB08251-134C-462F-B8A4-149930848654}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9DDE777A-3D78-4DCE-85C4-6A31B295751E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9DE625FA-E5F8-4EFA-983B-2D6817C7B795}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9E070A08-0CB8-49B9-99E1-FA04698C10FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9E37E330-5D41-40C1-9701-61FD422C9435}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{9F347059-31D5-4288-BB57-BEF99C5F4E98}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9F40F50D-6C70-4DAD-8572-C6FA74F21C65}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9F61EE88-E960-45F9-A903-231035CE3B00}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{9F9DF9C9-BD7E-4D0D-A934-5CD906A957BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9FEA0FF1-35F4-4E06-B83B-71066B9EA72E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A011CB2F-E416-4AFD-AB9D-81E5847F4FDA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A036A77F-EA31-4497-A495-5CB8AA739FA5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A0914240-0ED0-4D27-A295-8A5C7E937962}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A0CD893A-6DD6-43B2-ACCD-4AB6BF1009A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A1843F09-BE26-4A5A-BE37-86914A1AAE74}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A2198B76-50F6-4B10-8B39-2821AE035346}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A255DBBA-3B83-4F51-8D9B-571E59D950A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A2875CCD-206E-47CD-836F-DC671F0E15B2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A2CF4D84-2667-475D-B299-D39370A1F67A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A2F5D435-D66B-4941-A02E-4E7748F82D9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A31C52F9-14E9-42DF-AAF7-0970A9BD26B1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A39E709F-2FE4-4E58-822F-7A91064DACB0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A443A25B-7840-418E-8AA3-99CA8319E9ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A4B48C02-6108-4DD6-8D79-935F3446EC31}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A6D2657F-F560-41D5-94A2-FC236CB8AB30}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A7059C6D-723F-44D7-BA66-87FD09F3D381}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A7A3870C-5B20-43F3-8AC2-056A5EE7C7BA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A7C1D37A-2077-4D50-AD9C-821AD759D2BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A7E1B8BF-0B25-4D60-9882-64D57E288EA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A830A27B-C978-4D2F-A66D-1F3B60DA11C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A842AF95-7D61-40DA-920F-8F32BB558B44}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A8EBD7FC-48BD-4715-832D-3314C309C650}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A8FB3AD5-33BC-4A59-927B-0960DB846482}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A9247DF5-928E-4403-B9E2-85C83418441A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{A93DF62A-C940-40FD-BAD2-EEC5C232D8BF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A959C501-C7BF-4DFC-B159-0C854889C33C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A9E49A0E-66EF-4077-A74E-690E8715EF8C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{A9EEC307-4708-4367-930A-FC13D540FC97}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AAC62241-57F1-43DF-A590-41B46065B643}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{AB157121-5D80-4DEF-B939-E92C832DF376}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{AB80395A-5CBA-4FEC-956F-8A119BD5D38A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AC0DBF72-46AC-4818-BE3E-D45BAB3D1BDC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AC3D4FFC-9F16-46E7-B5D7-BB247C6E29ED}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AC44FA07-7A66-408C-ACB7-98B2420E8939}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{AC7010B4-6499-458D-BF86-B6325ADAFB56}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{AD54F755-18EA-494B-9812-BCE5C1B407AD}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{ADA2F2AA-EDD6-48A3-B56A-B98BD70D198B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{ADFA5D04-F426-40B8-BCC2-971537D3D2F0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AE68ED99-8182-4ACF-A254-8981EA8ADF9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AE7C24B7-389A-455E-BD84-8D6788F7889B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{AE7C8A31-7AC9-4F35-9FB8-15F594AA2137}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{AEF2A3DC-F52F-4798-A6CA-05967E918130}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B118C5B7-C4EC-4B9D-8A2C-6DE328B7652A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B1495794-A7F6-4335-87BB-B041F36E8763}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B15E5A90-2D6F-4C18-9BF0-BA6F81077FF9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B1694290-A8E8-4B4E-832D-6D4E3AC1881F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B170254B-1523-44F5-9A7C-0F4948C41A3E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B263FFC0-D187-4AFF-83C4-8E5E6288954C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B2D8C924-B17A-4F0C-A6B3-743A66BEC4EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B2F63A7D-A309-41DE-9A48-729985352A60}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{B3229891-BA7B-4B14-9354-835A05868DC5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B4AEA005-0320-4B8F-A242-A40148EF9958}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B668E4C3-DA04-4E32-9E6A-7A83B25D4449}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{B751A5EA-71E9-4417-A7EB-F2261708E0B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B7819357-2812-4716-AEE6-7EFFA5854BFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B80C6800-3081-479E-9EC6-DCDBB34927C3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{B821F929-35EE-4E11-8A73-C01F6F6BFF7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B824D924-E524-43C0-AA4B-320A171089CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B90B8155-CB08-475B-B953-890100B8CDF5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BA13B216-8B8C-4827-ACF4-CF9985AA24F1}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{BA4CC969-FF67-446E-AB35-07B4434BDCFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BABBE597-7F99-442A-9330-4C8D6A7310D7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BB6F548F-13FE-4CB8-860C-02746ABC5F0D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BBA0ADF7-F6A8-4DD4-8508-2AE9B557C47A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BBF450EB-8765-45F4-9DF5-EE0E09F3C226}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BC0F7E2F-13FB-43A8-85D3-3E27DFFFD3B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BC9B602D-C7AD-4769-9D58-5CC93CEE5C39}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BCD9FBA8-7F13-4DB6-96C5-FC3B7E606281}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BD69D384-F0B8-4578-8D21-3BC50681EEE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BD925FE1-B08D-4A1B-AD99-E195C9B01A58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BDA6BE0C-7134-4087-999C-9841263AF9CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BE0750BC-C402-41B9-87B9-CF2FD505239F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BEBD95DA-5BC8-4219-8F34-7A4BAE78AA3F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BEDD7CA0-4556-4079-9323-1AA613DAC5C6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C103E2F4-C6C7-41AE-ACEA-84C9EA916B23}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C10539B5-97D7-4356-BE37-D1D96632E85F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C1B56FBD-D92D-4FE6-9545-08017AB16F64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C1F0F1C0-B758-4043-A760-C41957FC9EB1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C1F210A1-B9FE-464D-A37A-346E1CC2A8AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C228130C-98F2-41A4-B3F5-77E342402D9D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C2DD0E89-FBFA-4A1F-B7BA-ABE96F9B412B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{C332A631-D05A-4099-AEE4-5117915B019D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{C336735C-936D-4162-8D42-34E72EF2170D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C3462B06-FCB5-4F02-9394-BACC4720C221}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C4478D99-ADF0-45C3-B659-A4E123FD719D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{C492B772-A33F-449D-8543-EBB3898C0E47}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C4AD57DD-9858-4B3B-9F55-240089425590}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C56C4948-1647-4926-8D3D-537677504073}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C5A817E6-AC22-489A-8CB5-D4109FAB5CF0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C620D9D9-3464-4795-8AC0-D563841186E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C64E30D9-17CD-4366-A6AA-08865E19C3A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C65011EA-6F6B-48FF-8BFE-B0D480E9E4A9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C6543501-956B-4B50-9FEF-96AA029C0724}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C6D772FE-38F4-4D7B-B83D-7C58730166BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C721B1D7-0183-4955-A3DE-457278101249}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C726775F-68B4-4D43-AC94-550AB80526F5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C785DEE3-87CC-4BDD-893B-EDC7734A610F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C7DD662E-387D-478C-AEBF-483F1C3834BE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C818DFFA-10E2-45B3-BC8D-960A70B83626}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C8208947-04F9-4B8E-9CDF-6F95B40455BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C96C4504-5CB5-4372-88AB-792355246D46}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CA34340C-DE8D-46B5-A415-5D6EF1E891AE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CA75F524-6D1B-4CC4-922C-158A994B18A4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CAA9CC3C-3C6D-4FC1-BE22-0B827DAA03D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CB07AB47-4ACC-45BE-AEE2-C76574718736}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CB150B6D-1B5C-472A-B30A-C2C414317333}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CB46FABA-EE5E-4742-B3F5-E90EA150E20B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{CB4877DA-9FF9-4B1A-A233-55B9F22AE4E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CB4D5583-8FA2-4F9F-9815-A3691CC75952}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CB6140DC-39EE-4BED-ACD8-54E7C2519A15}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{CBA492D0-5809-4AD0-B116-DC6F974FFF8F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CBB462E1-445A-47A0-A819-9EFF609DD44E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CC181AA5-CCD0-42CC-BB93-588252DB3E15}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CCB80BF2-0C72-44CB-BA5A-FF8E33A668FD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CCD56807-2074-49A2-9A2C-23D1882FBA63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CDBF1F23-1A1D-4DDB-8E95-398B25ABD933}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CDDFE6C7-12EA-4080-BA2F-E22A80DDC208}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CE0B7A4F-5B35-49F3-B067-CD5CE799CC93}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CE12FAED-BC63-4E6C-8CA6-2F78C61460EA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CE8A99EF-2AE5-49DD-BEB9-3FD578A39525}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CEE80D79-D162-4645-B5C9-48C2CAE19A62}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CF078A9C-5D11-443F-A488-D5FBC69CD4E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CF5F2260-769A-49D0-A184-E938A2468213}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CF97740C-C139-4136-9118-7B5EA646DA5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{CF98024D-0885-4E46-ACB5-0BBC94BA0648}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{CFE13791-E4C2-4A79-AE6B-18BDE4FBB597}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D0774684-7374-426A-8967-CD5030FCD21B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D18757F0-94C8-4A09-87AA-85B60279F277}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D1B1165D-9199-4044-B997-7F3E3A604E20}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D2173E19-D6FA-4FC4-A040-ED3F9CC10E79}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D2808498-5713-4279-9B04-F70B2FD55BAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D29D0601-AF35-4188-87F5-4EAAB1CC1C3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D2A0E972-529C-4FC9-85AC-A415148A1259}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D2F71959-CEE0-432B-AD1F-301169334E14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D528BCE1-C33E-4DCE-8152-FCC76AD777A4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D564C677-92CB-48A0-BABE-0252082C4325}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D56655E1-E7C3-4BC5-91CA-664C7FFF22CA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D59367C2-E0DE-4D15-8069-05319079DA4A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D641B1D0-4E7F-436C-8176-DD8A13724A6D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D6AD1525-1280-4C7C-83E4-79F7AD572ED2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D6E86DC7-C507-4C5E-B805-6BFCACE2C83A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D730B179-5FF7-4331-8190-3B8FA70150C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D7A471B2-16EE-48BD-868B-5B1B09EFC5C7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D8C33E1D-F928-4FEB-9785-090C3A437E5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D8D64DAA-F006-422C-8025-9089DB245DEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D9301D2E-08CA-49DA-8FEB-0660B0D4B554}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{D97F7EBF-F916-4DAE-ADF2-A47B81E62046}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DA178025-E3A6-499A-846E-C45685C07253}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DA252872-7838-4A1C-9878-62786BB81332}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DA445712-290B-4DBD-9461-EBAE9489952C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DA6A0178-3A7F-4731-A878-37AF08A1A520}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DA80FF0E-67C2-4096-A07A-F65BDFCE570E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DA8E4C0E-9128-415E-874B-281D9A49BA45}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DB063CE6-930A-4CB7-8792-6305D6199D14}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DB1977D8-8853-449F-A7F1-0CA378402C4B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DB81C98E-D47C-4D84-858A-00336A1A9C8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DBEE0007-73E2-48E0-B083-11DD480FC9BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DC51596D-30CF-4678-9597-5BD199BB45BE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DD04C91D-9497-4E8F-BB1A-766F66DCE399}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DD5AC9DE-6A2E-4820-8442-9AF8FCEC9B30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DD7558F6-E2FB-48F5-BAD5-7C9A8071184A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DE3FA0FF-2719-4E85-8748-A6F538E48C7F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DE7F3CAE-93F2-4EC8-85A3-FBB180D7422B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{DEB6A0DF-7216-4DBF-A10D-CF2897D367A9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{DF6D5EE1-2C08-4A5E-9017-6C9862D2D6E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{DF9FDE7B-B486-4F6A-AF0F-76798E830192}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E04F90CC-A179-4A9F-836C-C969DD83D61C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E092E52A-BA94-4C6F-B2ED-3BE89F393DF8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E0B63C75-BAF8-4426-BB92-CEB7B82419CB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E16D0F99-0315-4473-B031-72F71696135A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E1EB5419-BD25-4A19-8571-394726A362B2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E2513D4C-C18B-4B09-8124-616EFD0336B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E2BF9B9E-066F-44CE-877D-F7E0FFD54E6D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E2F42A35-20FB-4E35-92F2-906E2F4A5DC6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{E3AD73D0-1F69-4584-8E68-931A219412C7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E3FC11CA-91C6-473F-8969-2D8FABECD93A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E4244000-93A5-4501-91D9-9224057C78B8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E4535832-4586-4919-B327-5390D83D8645}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E4BA15CC-8CC6-4347-A8B9-3942D5C80446}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E5B15EE9-11A6-4F10-BE6C-2ED17F838FE8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E5D14987-53B8-42E4-ABF6-E3E8A5FD5D5A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E6016B17-EBCD-4A5C-AE28-17B708BE0C04}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E8739B1A-F376-460C-9C08-0BA57FAD01AE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E89C0A76-E239-48D8-B0D7-86566806A7CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E8C2A895-8841-462A-80D2-1A3D12B94F19}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E8D7E2B6-1828-4591-8020-1B2BA8BED408}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E8DAE72E-0218-444C-9F87-6254187AB5F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E9A8AE82-AB11-4471-BFF7-BC6CA56B0515}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{E9FBFDCC-96D4-4320-93A9-273B54323ED0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EA0A5D4E-73FB-4F88-83D8-0B5CF89DCEBF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{EA32AA2A-3CF4-48DC-B0EB-C3BB9F13FBE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EB6FBEB5-D68F-4C8B-BD43-660F570670B0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{ECE996C3-3B46-4153-84D2-561D362D5EC2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{ECFDB8A0-08F1-4524-B097-0AC7A1864F3E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{EE6638B6-A755-497E-AD41-C3506BC123BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{EF4854EE-BE34-4A21-93F6-C7FFBDB8DA54}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F0114E2B-90AD-427B-B115-60E70028716E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F0268506-BEC1-40A9-A65F-E53765E50D8F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F0AFCF1F-289C-43BA-AF72-2DE3143407A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F0C37FB7-53B2-4560-924A-73A37EB6A0F0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F0DD14F5-01C6-4D77-9269-577DE0DC3C6F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F1AE2A58-BC4C-4F26-802E-785E4D011E02}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F1DDEB0A-98F1-45BB-AD3B-2312448B7886}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F31B2392-675C-40DA-A4D2-63FDD26C4DF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{F4C17446-3AC2-4F56-AF50-A3C55DF65AF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F501E7F8-173A-473F-B8D0-3BCEB9AA542B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F599CBC2-FC2F-4780-AD32-5FF5927A1DA6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F5E7E6AB-78A0-4287-9BF3-630C4EC9DED1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F5F715F3-E66E-44D1-BEEC-D8E8FC9EC144}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F60D6E3A-B497-4507-A9D6-FBA08822EB27}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F6549662-FCA2-44F7-8F57-6FBA759EE00C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F66C26DD-E6B1-4DB5-9A0A-F1CCB2C44271}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F679AACE-7D0C-493A-83A4-024C1F695529}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F6881900-F11C-49BE-B700-9D949A025905}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{F6AAB56C-33A2-4496-9F32-10313AFD296D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F6F21F07-99A7-4D9A-A2FC-36528A750D74}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F705A675-1C18-49A3-8EE7-163D730EB16A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F74992A1-9CD6-4ECF-B951-3FFA44A562AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F78B7D72-B350-4F85-A770-61C0FEC847D2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F7C0C268-AD48-44F3-AD48-3185195F3AAB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{F85C99A0-4EBE-42F7-95A3-8E478FFDC001}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F866D4CF-5077-418D-9A4D-D08F06AAFBBB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F8BE0FB7-0D13-4EA6-B859-B6DE1C0D44D5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F8CF1B5D-3CFB-480D-B75D-E6DE7BE6C350}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F8E42AB1-AAEF-4600-AE26-C4F586D70D6E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F9388BB9-240A-4EB8-BA81-579C3B3D4F5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{F94D2C2A-F75B-4C25-9C47-C1FAEEB6321D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F9989943-612D-42C4-B3A8-BFA463B7EB02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FA736308-0102-43F8-8618-6E3394DF5E55}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FB274747-F9B1-47C4-9936-6FC890047B80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FB3A47A7-41F6-4CD9-AD82-B9693554F33C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FB9B751B-E4BB-4DCE-89AD-8027F7ECF472}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FBE996EB-DDC3-40CD-8018-50FEB0E2A5AF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FC0D0097-D419-4B82-9AE4-0CE6ED0995C0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FC80E93B-8552-4F7B-9D9A-A63DC0F17BF8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FCEBE0C0-57F3-4FB7-805A-C1D682CD655A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FD166B20-D471-4752-9A54-BD6F144A2F06}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FD84F75C-B8F1-4603-9BB5-87F0EB69E52E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{FDDF833F-907D-4294-98AD-AE19C7A170C0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FE2A593A-FABC-4B3E-BF1B-1E7C4FDAB579}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FEB2812E-32A6-4526-A9CE-3D7A98D4DAC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FED38C7A-8C8C-4513-B3AC-DD0CD039D8D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{FEE8DEE6-27DD-4B7F-BAF8-0E1DBF1DDDB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FFB3A32E-16A5-40BF-8569-AE5BB7F7E60A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FFEB1997-7CAB-477F-9FD3-90279D13EE9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"TCP Query User{0D6B09DE-EEC3-45D6-9677-B0AF351E4B1A}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |

"TCP Query User{23DCF824-35A4-46D4-9EA2-978C5F07BEAB}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |

"TCP Query User{2A6DF430-AC18-4AEB-AFDA-7F530376F7AD}C:\users\marc\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{54490AB5-0BCD-4031-AE34-E3FD7C4EB23D}C:\program files\simple ftp client\ftpclient.exe" = protocol=6 | dir=in | app=c:\program files\simple ftp client\ftpclient.exe |

"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{3A62014C-6998-4DC3-9B1E-3356AA2769FA}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

"UDP Query User{5A4CB2C2-82F8-4E79-87AD-50F3847EC273}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

"UDP Query User{940C3E7B-B97E-49D4-BE33-66E542744BE3}C:\users\marc\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{A493CEB5-2319-47F1-A2E9-26E1DA927CC1}C:\program files\simple ftp client\ftpclient.exe" = protocol=17 | dir=in | app=c:\program files\simple ftp client\ftpclient.exe |

"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

Share this post


Link to post
Share on other sites

(had to split the file between three posts. 3/3)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant

"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{07EA0F88-8E8F-11D9-8BDE-F66BAD1E3F3A}" = BrickStore

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33BDCB7F-7686-41EE-B745-89CFFAEF3147}" = Python 2.6 pygame-1.8.1

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E400F5-422B-4540-A14F-B0739D71FEE7}" = Microsoft Reader Text-to-Speech for English

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CDisplay_is1" = CDisplay 1.8

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Digital Editions" = Adobe Digital Editions

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HDMI" = Intel® Graphics Media Accelerator Driver

"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"New LEGO Digital Designer" = LEGO Digital Designer

"Notepad++" = Notepad++

"PDF Info_is1" = PDF Info 1.0

"Picasa 3" = Picasa 3

"PROSet" = Intel® Network Connections Drivers

"Simple FTP Client_is1" = Simple FTP Client 1.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"UnityWebPlayer" = Unity Web Player (All users)

"Visual Basic 6.0 Working Model Edition" = Microsoft Visual Basic 6.0 Working Model Edition

"VLC media player" = VideoLAN VLC media player 0.8.6d

"WebPost" = Microsoft Web Publishing Wizard 1.53

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"Free Realms Installer" = Free Realms Installer

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 31/05/2012 10:49:30 PM | Computer Name = Marc_Laptop | Source = MsiInstaller | ID = 1013

Description =

Error - 01/06/2012 1:51:08 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010

Description =

Error - 01/06/2012 1:51:21 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008

Description =

Error - 02/06/2012 6:49:47 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010

Description =

Error - 02/06/2012 6:49:50 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008

Description =

Error - 02/06/2012 9:58:39 PM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 17d4 Start Time: 01cd4111eafc0460 Termination Time: 220

Error - 03/06/2012 11:55:01 AM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002

Description = The program chrome.exe version 19.0.1084.52 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 3d8 Start Time: 01cd419ec1a5067d Termination Time: 279

Error - 03/06/2012 9:38:03 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010

Description =

Error - 03/06/2012 9:38:04 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008

Description =

Error - 04/06/2012 9:38:27 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010

Description =

[ Media Center Events ]

Error - 20/02/2008 4:54:17 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 11:04:03 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/02/2009 8:32:46 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 09/06/2009 8:09:42 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 14/08/2009 1:33:02 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 26/09/2009 1:32:55 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/10/2009 4:49:15 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 06/05/2011 7:15:59 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401

Description =

Error - 06/05/2011 7:16:33 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401

Description =

Error - 22/11/2011 11:39:47 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 405

Description =

[ System Events ]

Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another

installation is already in progress. Complete that installation before proceeding

with this install.

Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:

Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another

installation is already in progress. Complete that installation before proceeding

with this install.

Error - 03/06/2012 12:56:41 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source

Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine

Version: Previous Engine Version: Error code: 0x80070652 Error description: Another

installation is already in progress. Complete that installation before proceeding

with this install.

Error - 03/06/2012 9:38:05 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010

Description =

Error - 03/06/2012 9:42:02 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000

Description =

Error - 03/06/2012 9:48:56 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022

Description =

Error - 03/06/2012 11:22:06 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010

Description =

Error - 03/06/2012 11:28:20 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000

Description =

Error - 03/06/2012 11:36:04 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022

Description =

Error - 04/06/2012 2:44:40 PM | Computer Name = Marc_Laptop | Source = WMPNetworkSvc | ID = 866333

Description =

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\SearchScopes\{DA6977C3-D42C-4398-A009-620D94BFBE7B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKCU\..\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
    [2012/05/27 22:45:45 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

First time I ran the fix, it crashed after it appeared to be finished. May have been an error on my part, because when I pasted in the required text, the line breaks didn't come through.

Anyway, I ran again and it appeared to go through without problems.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.

Folder C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 43005397 bytes

->Java cache emptied: 25556713 bytes

->Flash cache emptied: 39252 bytes

User: Marc

->Temp folder emptied: 1612364846 bytes

->Temporary Internet Files folder emptied: 772741505 bytes

->Java cache emptied: 107296408 bytes

->Google Chrome cache emptied: 247948680 bytes

->Apple Safari cache emptied: 14011392 bytes

->Flash cache emptied: 714707 bytes

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 154229 bytes

->Flash cache emptied: 56502 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 129811 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255306508 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2673597296 bytes

Total Files Cleaned = 5,486.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.0 log created on 06122012_122818

Files\Folders moved on Reboot...

C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully.

C:\Windows\temp\TMP000000052B1A2E322E68DB09 moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

It seems the first time was successful.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

After starting the scan, I get an "unexpected error" message.

--

Marc.

Share this post


Link to post
Share on other sites

Run ESET Online Scanner again and this time select the following options:

Scan potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology

Share this post


Link to post
Share on other sites

That log is pretty minimal, so I'm not sure if something went wrong. (It did appear to run properly. It was an hour or so in, at 24%, when I went to bed last night. The computer had rebooted when I got up this morning.

log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

It ran for over 8 hours ... and no detected threats.

Normally, that would be good news, but Chrome is still completely unusable. =(

--

Marc.

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Any tips on how to disable Microsoft Security Essentials for this? I cannot find a way to do so.

--

Marc.

Share this post


Link to post
Share on other sites

There is information in:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

]We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.

Share this post


Link to post
Share on other sites

ComboFix 12-06-16.02 - Marc 18/06/2012 22:32:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.193 [GMT -4:00]

Running from: c:\users\Marc\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Marc\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Marc\ia_remove.sh6793.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 02:52 . 2012-06-19 02:59 -------- d-----w- c:\users\Marc\AppData\Local\temp

2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-06-18 09:22 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED5B0DC-3FE0-494C-83B7-E31ADB0E275D}\mpengine.dll

2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab

2012-06-14 07:10 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-14 07:10 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-14 07:10 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-14 07:10 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-14 07:10 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-14 07:10 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-14 07:10 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-14 07:10 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll

2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET

2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox

2012-06-12 21:33 . 2012-06-19 00:13 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox

2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL

2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp

2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com

2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes

2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes

2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps

2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment

2012-05-28 02:57 . 2012-05-28 02:57 -------- d-----w- c:\program files\Conduit

2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE

2012-05-28 02:40 . 2012-06-01 02:39 -------- d-----w- c:\users\Marc\AppData\Local\Conduit

2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung

2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung

2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny

2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung

2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung

2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll

2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-17 22:45 . 2012-06-14 07:10 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:24 . 2012-06-14 07:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll

2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-21 07:05 . 2012-03-21 07:05 161792 ----a-w- c:\windows\system32\msls31.dll

2012-03-21 07:05 . 2012-03-21 07:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-21 07:05 . 2012-03-21 07:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-21 07:05 . 2012-03-21 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-21 07:05 . 2012-03-21 07:05 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-21 07:05 . 2012-03-21 07:05 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-03-21 07:05 . 2012-03-21 07:05 367104 ----a-w- c:\windows\system32\html.iec

2012-03-21 07:04 . 2012-03-21 07:04 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-03-21 07:04 . 2012-03-21 07:04 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-21 07:04 . 2012-03-21 07:04 152064 ----a-w- c:\windows\system32\wextract.exe

2012-03-21 07:04 . 2012-03-21 07:04 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-03-21 07:04 . 2012-03-21 07:04 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-03-21 07:04 . 2012-03-21 07:04 11776 ----a-w- c:\windows\system32\mshta.exe

2012-03-21 07:04 . 2012-03-21 07:04 101888 ----a-w- c:\windows\system32\admparse.dll

2012-03-21 07:04 . 2012-03-21 07:04 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-03-21 07:04 . 2012-03-21 07:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]

KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.ca/

mStart Page = hxxp://sympatico.ca

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe

HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3756)

c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-06-18 23:25:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 03:17

.

Pre-Run: 10,335,768,576 bytes free

Post-Run: 11,020,685,312 bytes free

.

- - End Of File - - FF9368C46A102A140B051454A4521D36

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\Conduit
c:\users\Marc\AppData\Local\Conduit

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-06-16.02 - Marc 19/06/2012 21:10:44.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.224 [GMT -4:00]

Running from: c:\users\Marc\Desktop\ComboFix.exe

Command switches used :: c:\users\Marc\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\users\Marc\AppData\Local\Conduit

.

.

((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))

.

.

2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 03:47 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55E3F586-B1C8-4AA6-8A85-860BB27F87C3}\mpengine.dll

2012-06-19 03:26 . 2012-06-20 01:34 -------- d-----w- c:\users\Marc\AppData\Local\temp

2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab

2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll

2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET

2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox

2012-06-12 21:33 . 2012-06-19 03:55 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox

2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL

2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp

2012-06-06 03:29 . 2012-06-06 03:29 -------- d-----w- c:\windows\system32\System32

2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com

2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes

2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes

2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps

2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment

2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE

2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung

2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung

2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2012-05-25 18:11 . 2011-03-02 11:58 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny

2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung

2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung

2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll

2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll

2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]

KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]

.

2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.ca/

mStart Page = hxxp://sympatico.ca

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(760)

c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\SUPERAntiSpyware\SASCTXMN.DLL

c:\program files\Ipswitch\WS_FTP 12\wsftpsi.dll

c:\program files\Ipswitch\WS_FTP 12\wsftplib.dll

c:\program files\Ipswitch\WS_FTP 12\LIBEAY32.dll

c:\program files\Ipswitch\WS_FTP 12\wsftpext.dll

c:\program files\Ipswitch\WS_FTP 12\SSLEAY32.dll

c:\program files\Ipswitch\WS_FTP 12\ipspgp.dll

c:\program files\Ipswitch\WS_FTP 12\sslsvc.dll

c:\program files\Ipswitch\WS_FTP 12\wsfirscr.dll

c:\program files\Ipswitch\WS_FTP 12\wshosts.dll

c:\program files\WinRAR\rarext.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Microsoft Security Client\MpCmdRun.exe

c:\program files\Microsoft Security Client\MpCmdRun.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-06-19 22:01:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-20 01:52

ComboFix2.txt 2012-06-19 03:25

.

Pre-Run: 11,080,810,496 bytes free

Post-Run: 10,955,976,704 bytes free

.

- - End Of File - - 8B70AF4F36BB7847C4ACD2762A2C3E37

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.