OTL Extras logfile created on: 5/2/2012 12:44:12 PM - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\^Dave\My Backup Files 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.58% Memory free 11.96 Gb Paging File | 10.11 Gb Available in Paging File | 84.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.66 Gb Total Space | 857.22 Gb Free Space | 93.52% Space Free | Partition Type: NTFS Computer Name: DAVE-PC | User Name: ^Dave | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = ComFile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F2F2B79-DAAB-4B87-B2EC-384E681585E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1368170D-9329-4E22-A9A0-4B41D85D8FCE}" = lport=137 | protocol=17 | dir=in | app=system | "{19E26DBD-086A-4B10-AFD9-45DB133542A5}" = lport=445 | protocol=6 | dir=in | app=system | "{363CD239-4A47-4550-8DD9-0AEDB5B56C2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3842B51F-BC7C-4314-9B35-3C29FDB421E5}" = lport=138 | protocol=17 | dir=in | app=system | "{3AB81333-1C6D-4C64-99EA-F14FDDB065B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B771488-F899-414E-90A8-7BF3D5805B54}" = lport=10243 | protocol=6 | dir=in | app=system | "{4570DD3E-A675-496A-86F3-D71A8C493AF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53241BA7-B524-40A9-B3DA-AF9CAE49DCCA}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{58B93D3E-3EEB-4F2F-B519-8AEC745841C8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{5AD3E1B0-2016-40DB-A371-542680A3F9EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67FCE282-E283-4EF8-BAE9-174032DE3ED8}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{6E6E5A64-B2D2-4286-AF82-88D3E4109063}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7266124C-B725-4785-B746-174172367F22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{75FBE619-76BB-4DB0-B2F3-5A204E31E82A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8D9C11DE-5AD6-441F-927A-9318AF183EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{917E3C21-D99B-45B8-8376-68FD4E8A37A3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{9A00073E-1095-4C5D-96E0-5F11BD3DF4A4}" = lport=2869 | protocol=6 | dir=in | app=system | "{A9CE1450-2AD4-49D0-AC14-6A26FC8DA8B0}" = rport=139 | protocol=6 | dir=out | app=system | "{B117C941-8C25-4CAD-9E31-94A4EACB1033}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B1654130-DF58-44EB-9E7B-A12A5EB59478}" = lport=139 | protocol=6 | dir=in | app=system | "{B669AD78-9873-402E-9202-B8C2692B2032}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C1EDA0E3-A32C-4681-8174-D2D39079F349}" = rport=10243 | protocol=6 | dir=out | app=system | "{C8C9CF1D-69F9-412C-B865-A4BE61AC7557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD3F95A3-B8BA-4798-A71C-E01EC3560B4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{CE0051B0-6081-4EA6-8318-478D17C1685E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CF5FF0F1-2942-442D-B6DA-B1C3654F2F20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D677177E-8109-4EAA-A707-DAA75B767204}" = rport=445 | protocol=6 | dir=out | app=system | "{D6EEC17E-6A9B-42DC-9A3C-0B5FB01A0A76}" = rport=137 | protocol=17 | dir=out | app=system | "{DDD03459-6103-4DE2-AC28-76EF85B15AFF}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06B600F4-ACC5-4704-A34B-44792EACF44B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{0830774A-5E6F-43FD-9FEA-709914BE3BE4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{115E6C0A-A877-44B5-AB87-8340C9FF3DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{12D92A47-405F-48AA-ABEE-95447516434C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{14706ED5-8D61-42E6-A949-ED19AE9B081E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{155A10EB-A837-43BF-9EFD-2FA4E295FAAE}" = protocol=6 | dir=out | app=system | "{17E68408-E122-42EE-AB14-BDEF5448FF34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{19CC4A4A-8C06-4D6A-B069-356E8F2C2CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe | "{1F1F5A75-523A-44B5-BDFB-8258FD37DA42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{215FACD8-285A-4EA3-AE68-5D3B28E25A9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{260CED61-3D65-4308-94BB-25FD0068D587}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3EC547FF-6BE0-466C-8F6B-EEFC1AD5D82E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{44B4262E-9B25-4631-B427-E7ADC96B3CC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{54BD184E-E867-4BBF-98B1-F7166866D653}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{56AB8CAA-DB61-4A28-863C-574B760FE140}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5B5B2415-D9F9-4806-A80F-6617285FAB96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5F99DC08-5E93-40D1-8077-23839B450B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\aclient\bin\xclistener.exe | "{63198CF3-0A6F-4812-AE07-C3F7933C8908}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{91AD978E-E470-401F-BAB3-835C7FD6B423}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{99859BA1-5E9A-4E18-9379-9B38E780D168}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A2525F30-6570-469D-977A-D653DEB39DE3}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{A764D8D7-C8E3-4870-9716-309B4A80C08C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A83F2509-E7A9-4BD9-9F08-C42BCC6037D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B9DC9C40-46BF-444D-B0D7-D98ABC6CCE3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BA62EAA5-E767-4117-ADB4-426842510AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BE880D9E-93F9-4E78-B43C-36A2374FB4BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C1449D64-0E79-48AF-B21E-5B48230812DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CBFF7005-6B67-444E-825D-A158729CC00B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D11344E6-3DC9-43D6-9E50-B9FDAC781D84}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{D45A1148-48E1-40B2-A3F2-82EA7FCB0607}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "{D69C73FA-F6A0-4796-A5D2-60398CDD8A07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D970A00F-9315-4484-8210-B6C329C245D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DCCB983C-46E9-47F5-A6D4-FD254C8A7428}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DE38B7B2-8493-478E-9D94-B87F7E756AA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DE68538E-BC52-4EFD-A969-A216019AB3E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{EA56D250-E03C-436F-B536-E4372CEDF57A}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{EC71657A-65C2-48CB-BAF9-9959E203813C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F145EF72-BB4F-44DD-916B-A3E59CF53F86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F28970A1-2C30-467F-9400-A0B0DA62A530}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F875EE9B-6D3D-4224-A9ED-EE7CD9905DE2}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{F8B516FE-C8ED-4C48-8CEE-931168452043}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FC0A4A01-DDDD-4DFD-B20A-CA0ED422FD8F}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "TCP Query User{0BFDEB93-053D-4B4D-9B4A-7FB65204BFDE}C:\transwin\lv90\lifescripter\en\lifescripter.exe" = protocol=6 | dir=in | app=c:\transwin\lv90\lifescripter\en\lifescripter.exe | "TCP Query User{A520CEAC-0F9A-42DE-A5D8-BA7F52A405FD}C:\transwin\lv90\lifeview.exe" = protocol=6 | dir=in | app=c:\transwin\lv90\lifeview.exe | "UDP Query User{7B43778C-B2CF-4925-A14A-13CB88754D96}C:\transwin\lv90\lifeview.exe" = protocol=17 | dir=in | app=c:\transwin\lv90\lifeview.exe | "UDP Query User{CE550F6F-5697-4771-A500-32BBF588DF49}C:\transwin\lv90\lifescripter\en\lifescripter.exe" = protocol=17 | dir=in | app=c:\transwin\lv90\lifescripter\en\lifescripter.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager "{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "Dell Support Center" = Dell Support Center "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Win2PDF_is1" = Win2PDF 7 "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0867AFE1-3469-11D7-8193-0010B5BCE08C}" = ABF / FNA "{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion "{09064D50-FF4A-407C-9B13-15B9D231EBA2}" = RegimeRetraiteIndividuel "{0AE17B00-31FA-11D6-BED9-000629F77048}" = Avantage d'Or / Golden Edge "{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CE2215D-156E-42E0-A57B-EC5BE5E70771}" = GWL Illustrator Par "{10895847-3460-11D7-8193-0010B5BCE08C}" = Zone retraite / Retirement zone "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek "{1794A506-0DBB-425D-B7E2-66610C2FAA04}" = Manulife - Concept slideshows "{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FA6F88D-18AF-4A13-92FB-0A88D9D8D2CB}" = Manulife - Performax Gold - Performax Or - MLPG "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{205AA014-DD62-4641-A071-6ADCC6E5F6CD}" = Interface "{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish "{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{25E6F187-81BE-4C7C-BA2A-245DD24933F1}" = GWL Illustrator Config "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian "{2CFAE816-9CEA-4A3D-9E6D-499706CC967A}" = GWL Illustrator Term "{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard "{2E3751B1-F545-4682-AD4C-FF7A8115DCF9}" = Canada Life Reference Material 13.0 "{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish "{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts "{3E35E63A-CC9D-45B8-B599-4DA774BFC74C}" = Transamerica - Five-for-Life 2.1 "{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish "{410A820B-D1EF-4996-9BE4-2B771178F966}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire "{489A6419-A122-4334-BFDE-4C8AFA375476}" = Manulife Financial - Health and Dental "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB014FF-A82F-45F1-BEA6-D740E2B4456B}" = Manulife - Synergy / Manuvie - Synergie "{4F71D22E-A653-49BB-968E-E62106215C11}" = Manulife - Universal Life "{4F937EE8-09DA-40D7-BDE2-1AC842160809}" = Lanceur d'installsheild "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51E31FD8-54AC-40B4-9386-EAD5BF25995A}" = GWL Illustrator "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{56C36E37-F072-4BAC-99EA-ABA692BA4B7A}" = Equitable Sales Illustrations System "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59889460-69A6-4549-AEE6-F2448682C6B3}" = GWL Illustrator Term Config "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5D95EE8F-0063-4239-8B12-DF3BD6E5E775}" = Interface Suite - Industrial Alliance Pacific "{647A210B-F86A-45AB-B7B0-F44369CBE900}" = Manulife - Term "{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{693C3C76-B3A8-4496-A21A-B474A71C220A}" = ZoomExpressKeyview13.0 "{698C92A9-66A7-11D6-8178-0010B5BCE08C}" = Presentations "{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7F308127-EB7D-4114-A25D-FB7232CB397B}" = Interface "{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{862DF386-A8E7-4E3D-8724-7798C68D72C6}" = Concourse 1.2 - Content "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88EFE047-67E7-4194-92E6-9B79A563BAA0}" = Assumption-Online-Insurance-Solutions "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B705ED7-A86B-4895-9955-BA80E0B3F40B}" = Calculatrice Financière / Invest "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{956BE19D-1540-4B0E-B3FA-855BD4AC0DC8}" = FNCInstaller "{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech "{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB8F410A-B430-4844-9AC5-DF36BA66CB5D}" = Manulife - UltraVision "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All "{AE01DCC9-C319-43C5-90F0-BC3E779D678F}" = Manulife - Personal Accident/Personal Accident "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}" = Concepts "{C005D056-1F74-45EA-B3F1-7F95FCF81556}" = Manulife - Living Benefits "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID "{C2C319F6-3DED-4EAC-B580-33C3A4E51967}" = Interface "{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C90973A2-0C25-4EBF-9BDC-D058D0437044}" = GWL Illustrator Par Config "{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese "{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF09D056-3FFA-11D6-8171-0010B5BCE08C}" = Solo "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE1C9316-54DD-4A50-972F-47BE5C817AA8}" = Interface "{DE723887-712F-499D-8B82-5A1EC8F46062}" = SetupCrystalReports "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian "{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}" = Sommum / Pace / Traditionnel "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian "{F55C10AB-CBAA-4F11-ADB4-34E9794B5789}" = Manulife - Launcher "{F66A2A34-1246-4064-996F-C023B6E100B7}" = Interface "{F8F5EC48-CA0B-46CB-BABF-6BDA991A32FC}" = Manulife - Performax Gold - Performax Or - MLPG "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1 "{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static "{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Afaria Client" = Afaria Client "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CPP Illustration" = CPP Illustration "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Foresters Life - V7.0" = Foresters Life - V7.0 "GoToAssist" = GoToAssist 8.0.0.514 "InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "LifeView - VisionVie 8.1" = LifeView - VisionVie 8.1 "LifeView - VisionVie 9.0" = LifeView - VisionVie 9.0 "LifeView - VisionVie 9.1" = LifeView - VisionVie 9.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "RBC Illustrations System 3.4" = RBC Illustrations System 3.4 "RBC Illustrations System 3.5" = RBC Illustrations System 3.5 "Speed Dial Utility" = Canon Speed Dial Utility "SSTChannel" = SST Channel - Canada Life (CL) "The_World_of_Wawanesa_3.0" = Wawanesa 14.0 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.0 "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe Connect Add-in" = Adobe Connect Add-in [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/30/2011 5:07:02 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4992 Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6006 Error - 12/30/2011 5:07:03 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6006 Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7004 Error - 12/30/2011 5:07:04 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7004 Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8003 Error - 12/30/2011 5:07:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8003 [ System Events ] Error - 5/2/2012 2:44:48 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: luafv Error - 5/2/2012 2:44:48 PM | Computer Name = Dave-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 5/2/2012 2:44:53 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7024 Description = The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error - 5/2/2012 3:21:28 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/2/2012 3:22:52 PM | Computer Name = Dave-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 5/2/2012 3:23:41 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/2/2012 3:23:45 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 5/2/2012 3:24:43 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 5/2/2012 3:24:54 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: luafv Error - 5/2/2012 3:36:48 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: luafv < End of report >