Issues have not changed. Thank you very very much for your response. Please find the posts below:
OTL logfile created on: 5/26/2012 9:57:56 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pwest\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.48% Memory free
20.19 Gb Paging File | 17.04 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): c:\pagefile.sys 12500 13000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.71 Gb Total Space | 671.01 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 1018.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 70.00 Gb Total Space | 10.06 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive R: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive U: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive V: | 99.90 Gb Total Space | 41.10 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
Drive Y: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Computer Name: PWOFFICEHP | User Name: pwest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/26 09:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
PRC - [2012/05/01 12:55:50 | 026,646,368 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\pwest\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe
PRC - [2011/10/12 12:31:36 | 001,627,504 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
PRC - [2011/10/12 12:28:54 | 002,804,312 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
PRC - [2011/10/12 12:28:36 | 000,181,616 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
PRC - [2010/11/23 10:02:44 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [1999/12/31 17:00:00 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
========== Modules (No Company Name) ========== MOD - [2012/05/23 11:30:21 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3d86888a0b8d944d0234009495e8ad6f\IAStorUtil.ni.dll
MOD - [2012/05/11 03:29:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:29:20 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:29:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 03:29:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:29:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:29:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:28:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2012/05/22 07:16:11 | 008,412,160 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware3rd\mysql\5_0_51-64\bin\mysqld-nt.exe -- (MySQL)
SRV:
64bit: - [2012/05/22 07:12:26 | 000,078,336 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\synergy\tomcat-6.0.32\bin\native\windows\x64\tomcat6.exe -- (Synergy)
SRV:
64bit: - [2012/05/22 07:10:00 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\NETGEAR\NETGEAR ProSafe NMS200\oware\bin\owprocman.exe -- (OWProcMan)
SRV:
64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:
64bit: - [2011/04/07 21:35:02 | 000,057,344 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup Catalog\Veeam.Backup.CatalogDataService.exe -- (Veeam Backup Catalog Data Service)
SRV:
64bit: - [2011/04/07 21:33:58 | 000,249,856 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\Veeam.Backup.Service.exe -- (Veeam Backup and Replication Service)
SRV:
64bit: - [2011/04/07 20:42:48 | 000,876,544 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files\Veeam\Backup and Replication\VeeamNFSSvc.exe -- (VeeamNfsSvc)
SRV:
64bit: - [2011/01/26 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:
64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:
64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:
64bit: - [2009/03/02 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/20 11:12:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 17:42:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/11 10:41:08 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/11 10:41:02 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/09 22:51:20 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptagentservice.exe -- (QuestNmsAgent)
SRV - [2012/05/09 22:51:18 | 000,381,784 | ---- | M] (Quest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Quest Software\Foglight NMS\ptserverservice.exe -- (QuestNmsServer)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/13 09:57:54 | 000,045,704 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\Toolset\SWBrowserIntegration.exe -- (SWBrowserIntegration)
SRV - [2012/02/06 10:34:22 | 000,058,880 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2011/12/27 05:21:02 | 000,031,744 | ---- | M] (SolarWinds) [Disabled | Stopped] -- C:\Program Files (x86)\SolarWinds\SftpServer\SolarWindsSftpServer.exe -- (SolarWinds SFTP Server)
SRV - [2011/11/18 21:08:48 | 000,456,048 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE Business\EnterpriseService.exe -- (VIPRE Business Service)
SRV - [2011/10/12 12:28:54 | 002,804,312 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/12 12:28:36 | 000,181,616 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/01 13:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Disabled | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/23 21:48:20 | 000,028,672 | ---- | M] (Veeam Software) [Disabled | Stopped] -- C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe -- (VeeamBackupService.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1999/12/31 17:00:00 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/05/25 16:20:36 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:
64bit: - [2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Unknown] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:
64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:
64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:
64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:
64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:
64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:
64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:
64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:
64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:
64bit: - [2011/12/14 13:43:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:
64bit: - [2011/09/09 14:46:30 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:
64bit: - [2011/08/30 06:56:24 | 000,071,288 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:
64bit: - [2011/08/30 06:56:24 | 000,055,416 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:
64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2011/06/01 13:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:
64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/02/22 10:00:28 | 000,382,024 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:
64bit: - [2011/01/26 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2011/01/17 22:22:36 | 000,125,552 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:
64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:
64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:
64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/06/08 20:29:42 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:
64bit: - [2009/06/08 20:29:36 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COH_Mon.sys -- (COH_Mon)
DRV:
64bit: - [1999/12/31 17:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [1999/12/31 17:00:00 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/08/30 06:56:24 | 000,101,624 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" =
http://search.ask.co...&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{5BE16D09-ADA9-4B05-8E1C-55ABFF135617}: "URL" =
http://www.amazon.co...s={searchTerms}IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" =
http://search.yahoo....psg&type=HPDTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia....h={searchTerms}IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.co...w={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://sharepoint/ht...lserver/reports [binary data]
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.spradsrv.com/IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\SearchScopes,DefaultScope = {DA677D0A-6753-4D18-B7E4-E641EE14E57C}
IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\SearchScopes\{DA677D0A-6753-4D18-B7E4-E641EE14E57C}: "URL" =
http://www.google.co...Encoding?}&rlz=IE - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://g.msn.com/HPDSK/1IE - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK/1 ========== FireFox ========== FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/05 17:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 17:42:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/01/19 11:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Extensions
[2012/05/07 09:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pwest\AppData\Roaming\mozilla\Firefox\Profiles\1hupbap2.default\extensions
[2012/05/22 19:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/18 17:42:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/10 15:38:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/10 15:38:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\pwest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:
64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:
64bit: - HKLM..\Run: [CANON DR3010C SVC] C:\Windows\SysNative\DR301SVC.dll (Canon Electronics)
O4:
64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pwest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3156778762-1450392035-3758449630-1144\..Trusted Domains: sites ([]https in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405}
http://sqlserver/rep...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spradsreno.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA309A65-07BE-4F2F-ADBB-32858216A714}: NameServer = 192.168.1.25,192.168.1.2
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/03/27 11:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3bc044b-d373-11e0-a866-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2012/05/26 09:43:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
[2012/05/26 09:14:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\pwest\Desktop\aswMBR.exe
[2012/05/25 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn
[2012/05/25 19:23:29 | 000,034,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/05/25 19:23:28 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/25 19:23:28 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/05/25 19:23:26 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/25 16:22:11 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{32E9D1E5-5E50-4323-B7FE-BE9FEFCC7B81}
[2012/05/25 16:21:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{13CB36CE-D3E5-4DEC-A3DB-27F0F8E318FE}
[2012/05/25 16:21:28 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{23739CE0-032F-4D89-8801-4F216F13BCCC}
[2012/05/25 16:21:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2743037A-3346-4BD2-A35D-3ECC7F0F5504}
[2012/05/25 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D581C1E4-5448-4728-9983-C0621891BF10}
[2012/05/25 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1C138033-3286-48A2-8CF9-14E429462123}
[2012/05/23 11:32:34 | 000,685,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/05/23 11:32:34 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2012/05/23 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2012/05/23 11:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2012/05/23 11:29:37 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/23 11:29:36 | 000,558,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/05/23 11:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/23 11:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/05/23 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/23 11:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/23 11:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/23 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/05/23 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/05/23 11:26:27 | 000,000,000 | ---D | C] -- C:\AMD
[2012/05/23 11:12:40 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/05/23 11:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/05/23 11:08:10 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SlimWare Utilities Inc
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/05/23 11:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/05/23 11:08:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/23 10:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/23 10:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/23 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Malwarebytes
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/23 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/23 10:47:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/22 22:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/05/22 22:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 22:18:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/22 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/22 21:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/22 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/22 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/05/22 21:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HELP
[2012/05/22 20:17:21 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\LogMeIn Rescue Applet
[2012/05/22 19:51:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{27A5929E-A7D7-49FD-8F20-58D051718F42}
[2012/05/22 19:47:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3D34A5B4-A900-489B-A2F4-E50705D1B71B}
[2012/05/22 19:15:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A0B13B96-FCF9-4207-9BB1-08D28A069F51}
[2012/05/22 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{A1F6ECFE-734C-4BA6-9670-E301A0E4BC49}
[2012/05/22 18:59:59 | 000,000,000 | ---D | C] -- C:\.jmsn
[2012/05/22 18:31:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\vlc
[2012/05/22 18:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/05/22 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/05/22 07:11:36 | 000,000,000 | ---D | C] -- C:\tmp
[2012/05/22 07:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2012/05/22 06:40:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/05/21 18:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Netgear
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartControlCenter
[2012/05/21 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netgear
[2012/05/21 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Downloaded Installations
[2012/05/21 00:59:49 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{FF059468-5730-4B73-9070-07636A5B45F3}
[2012/05/20 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1D0BF810-B874-438B-8FEA-97D2F41B7D3D}
[2012/05/20 13:00:16 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{14553E54-DA10-4E60-BC4A-B5E260A603B3}
[2012/05/20 13:00:04 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{21B57ABA-FE8F-477E-9735-2B9C625771B3}
[2012/05/20 12:59:41 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2A8E396-F8B2-4E22-AB58-D5B8AD3ABC4D}
[2012/05/20 12:51:03 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/05/20 12:51:02 | 000,055,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/05/20 12:51:02 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/05/20 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{017EACDF-0BA0-4B92-AFE4-2AC54FA6B67A}
[2012/05/20 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{CD3DC2FF-4DB8-4B72-8CF0-9529BBF64C4F}
[2012/05/20 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{EB674406-3C7E-4388-A317-5000DD241F64}
[2012/05/20 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F1521E2-4F01-444A-B14F-F8D3F39A8BF4}
[2012/05/20 12:10:27 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2012/05/20 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/05/20 12:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/05/20 12:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/05/20 12:09:01 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\GFI Software
[2012/05/20 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9A0BBA22-176A-429E-8230-9B5191A584F0}
[2012/05/20 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D6606C1B-D8FA-48D7-804E-6948309DC612}
[2012/05/20 11:16:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 11:05:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\SolarWinds
[2012/05/20 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Engineer's Toolset
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\TFTP-Root
[2012/05/20 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarWinds TFTP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds SFTP & SCP Server
[2012/05/20 11:04:07 | 000,000,000 | ---D | C] -- C:\SFTP_Root
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarWinds
[2012/05/20 10:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolarWinds
[2012/05/20 10:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SolarWinds
[2012/05/20 10:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2012/05/20 10:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/20 10:44:55 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/20 10:44:55 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/20 10:39:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BA7ECEC8-6186-4D2D-A9A4-11FF1F20A19D}
[2012/05/20 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DBFA99B5-3A70-4F33-9C02-4475F7A50969}
[2012/05/20 10:38:48 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{73EFA2FB-D846-4FF1-B845-18ED91D68490}
[2012/05/20 10:38:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{F08E4116-8A00-4A35-AAE2-1B673BA3EE09}
[2012/05/20 04:50:37 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{489AFB3A-3284-45E4-887D-6EA8E5E92145}
[2012/05/19 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{B7F6A0CF-B30B-4779-9705-085F9FBCFEC5}
[2012/05/19 04:50:26 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5C774870-8A32-4479-AC3A-C48DA33A8D1E}
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/18 17:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\PassMark
[2012/05/18 17:24:28 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\PassMark
[2012/05/18 17:24:16 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/05/18 17:24:16 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/05/18 17:24:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/05/18 17:24:15 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest (64-bit)
[2012/05/18 17:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2012/05/18 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/18 16:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/18 16:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/18 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{C0350EC2-C70A-45A6-B615-5BC86A25D51B}
[2012/05/18 16:49:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{900A64F7-0074-4018-BAFB-8D1EA5E33DE4}
[2012/05/18 16:49:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{958684CF-6128-44CA-922F-517655679F96}
[2012/05/18 07:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{3AF404FC-EE87-408F-A1EC-026306BD5533}
[2012/05/17 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{11B5813E-D883-4110-9F34-25CD8F58B810}
[2012/05/17 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7596955E-87DD-431F-A451-8DD242BCD334}
[2012/05/16 19:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{179CAAA8-2345-40B5-9382-CDF7DCA1D2BC}
[2012/05/16 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5DD9E869-7399-422F-BACD-69E6CC4CA6C8}
[2012/05/15 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{79854B3E-AFE3-4606-9CA0-ABF8B4ECA2E9}
[2012/05/15 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\pwest\Desktop\Downloads
[2012/05/15 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/15 09:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Quest Software
[2012/05/15 09:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quest Software
[2012/05/15 09:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quest Software
[2012/05/15 07:36:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D8164721-71D3-4818-BDDE-DD9CE69A7039}
[2012/05/15 07:36:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{045B0D45-8B8E-4502-90FD-D13010657C25}
[2012/05/15 07:36:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Network Monitor 3
[2012/05/15 07:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012/05/15 07:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012/05/15 07:02:07 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DE20D033-C368-4B06-9A9C-B8569C431322}
[2012/05/15 07:01:57 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{51553046-B2CA-4D15-9AD5-33DB42211ACE}
[2012/05/15 07:01:47 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{369A94D8-CE7F-4EAB-B485-B26C254EDF5F}
[2012/05/15 07:01:13 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BD177050-0832-44FA-B4EB-BCCFDC8E58EA}
[2012/05/14 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52CCB422-EC36-4A32-8654-23DF8E11EA2B}
[2012/05/14 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{7B97CF99-FDD3-4DF1-BADF-38D3E72A1303}
[2012/05/14 07:39:46 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{567DDEFA-B165-4053-85E8-FF3B905C42C0}
[2012/05/14 07:39:35 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{E84BB5F2-8853-44B2-B1BB-565742886110}
[2012/05/14 07:39:23 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{D2792BD1-A69F-4A6E-8AFA-C65069BF0494}
[2012/05/14 07:38:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{74453914-5AB6-40D4-B8B0-6E60D49C9F1C}
[2012/05/14 07:38:34 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{52489DDE-B577-4AB6-9373-D685D44B4CCE}
[2012/05/11 04:06:50 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9F2B8EB4-6A3D-4B85-8377-EB041DF9E70E}
[2012/05/11 04:06:40 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{1F9DA91E-BFB9-4980-9FE6-5886C95C5434}
[2012/05/11 04:06:30 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{34652E6F-A053-4022-B542-C0E54A1B87AE}
[2012/05/11 04:06:17 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{251A0AAE-FC5A-4CDC-89C2-AE2F4311984F}
[2012/05/10 23:03:30 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 23:03:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 23:03:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 23:03:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{9B49DD72-03B2-4569-B6C0-4A593BCB139C}
[2012/05/09 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{BBC509B2-1B59-42B9-8FA4-2A8CF00C9C97}
[2012/05/09 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{AFEFD075-376F-49A4-BDF4-404155322031}
[2012/05/09 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{DAFE321C-4ECB-48AE-9E15-E3ACB1BBA8B6}
[2012/05/09 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{8F931505-BEE8-40E7-B4BE-AE93C77B98C1}
[2012/04/29 07:33:05 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{5D8AFC2A-D9BF-48C3-B465-4682417E5371}
[2012/04/29 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\{2F678186-B9A4-4EF6-AD6E-5BAC504B9C36}
[2012/04/26 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2012/04/26 16:47:00 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2012/04/26 16:46:29 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2012/04/26 16:45:59 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2012/04/26 16:45:25 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2012/04/26 16:44:55 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\Documents\Wondershare Video Converter Ultimate
[2012/04/26 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/04/26 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\pwest\AppData\Local\Wondershare
[2012/04/26 16:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/04/26 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/04/26 16:43:23 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/04/26 16:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetASFStream
[2012/04/26 15:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\GetASFStream
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/05/26 09:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 09:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 09:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pwest\Desktop\OTL(2).exe
[2012/05/26 09:40:17 | 000,000,512 | ---- | M] () -- C:\Users\pwest\Desktop\MBR.dat
[2012/05/26 09:13:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\pwest\Desktop\aswMBR.exe
[2012/05/25 19:30:35 | 000,012,647 | ---- | M] () -- C:\Windows\SETSCAN.INI
[2012/05/25 19:23:25 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/25 16:27:00 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 16:27:00 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/25 16:23:48 | 000,949,926 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/25 16:23:48 | 000,780,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/25 16:23:48 | 000,166,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/25 16:21:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/25 16:20:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 16:20:36 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/25 16:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/25 16:18:43 | 2131,972,095 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 17:55:53 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/23 11:12:40 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:01 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | M] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | M] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:36:02 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | M] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:12:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/20 11:12:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/20 11:04:45 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:04:45 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:04:45 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/20 10:44:39 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/20 10:44:39 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/18 17:53:17 | 000,000,017 | ---- | M] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/18 17:48:27 | 000,963,584 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/18 16:47:38 | 000,000,816 | RHS- | M] () -- C:\Users\pwest\ntuser.pol
[2012/05/17 11:43:11 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/05/12 06:56:07 | 000,001,998 | -H-- | M] () -- C:\Users\pwest\Documents\Default.rdp
[2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/11 10:41:22 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/05/11 10:41:20 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/11 03:27:29 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpwest.job
[2012/05/11 03:27:22 | 000,419,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 04:59:06 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/05/26 09:40:17 | 000,000,512 | ---- | C] () -- C:\Users\pwest\Desktop\MBR.dat
[2012/05/25 19:23:17 | 000,001,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/05/25 16:11:51 | 000,001,003 | ---- | C] () -- C:\Users\pwest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/23 11:12:40 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/23 11:08:12 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/23 11:08:11 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/23 11:08:01 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012/05/23 10:51:34 | 000,001,330 | ---- | C] () -- C:\Users\pwest\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/23 10:51:34 | 000,001,306 | ---- | C] () -- C:\Users\pwest\Desktop\Spybot - Search & Destroy.lnk
[2012/05/23 10:47:58 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 22:37:44 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 21:40:24 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 21:35:05 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\HELP.lnk
[2012/05/22 19:00:26 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/05/22 18:31:28 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/05/22 07:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\vpd.properties
[2012/05/21 12:57:06 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SmartControlCenterManager.lnk
[2012/05/20 12:10:16 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Business.lnk
[2012/05/20 11:01:31 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\IP Network Browser.lnk
[2012/05/20 11:01:31 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Workspace Studio.lnk
[2012/05/20 11:01:31 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Network Performance Monitor.lnk
[2012/05/18 17:53:17 | 000,000,017 | ---- | C] () -- C:\Users\pwest\AppData\Local\resmon.resmoncfg
[2012/05/18 17:48:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/17 11:43:11 | 000,002,639 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpradsRVAdmin.lnk
[2012/05/17 11:43:11 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\SpradsRVAdmin.lnk
[2012/05/15 10:24:01 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Quest Free Network Tools.lnk
[2012/05/15 09:58:18 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Quest Foglight NMS Studio.lnk
[2012/05/15 07:35:17 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/04/26 16:43:23 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/04/26 16:43:23 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/05 13:03:32 | 000,565,248 | ---- | C] () -- C:\Windows\SysWow64\RemoteConfig.dll
[2012/01/05 13:03:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DataLink3.dll
[2012/01/05 12:56:20 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\Ntlcc.dll
[2012/01/05 12:56:20 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\Zmodnt.dll
[2012/01/05 12:56:16 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\SH22W16.DLL
[2012/01/05 12:56:15 | 000,147,968 | ---- | C] () -- C:\Windows\SysWow64\AL21FVB.DLL
[2012/01/05 12:56:11 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\DataLink2.dll
[2012/01/05 12:56:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\fsplit.dll
[2012/01/05 12:56:10 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[2012/01/05 12:56:01 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\Al21mfc.dll
[2011/09/22 10:47:45 | 000,012,647 | ---- | C] () -- C:\Windows\SETSCAN.INI
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/06 12:28:29 | 000,044,388 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 17:10:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 10:15:43 | 000,963,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
========== LOP Check ========== [2012/05/23 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\.oit
[2011/09/22 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Canon Electronics
[2012/05/26 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Dropbox
[2012/05/22 22:49:05 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\FileZilla
[2012/05/15 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GetRightToGo
[2012/05/20 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\GFI Software
[2011/09/27 19:13:02 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Ilium Software
[2011/09/25 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\IrfanView
[2011/09/22 10:53:35 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\ISIS Drivers
[2012/01/07 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Key Metric Software
[2011/09/18 07:35:03 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Microsys
[2012/05/22 06:40:37 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\SmartControlCenter.9E9F443B107A0AE9BF8ABBD6D62A07F000B6C252.1
[2012/02/24 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Telerik
[2011/09/14 08:40:30 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\WinBatch
[2011/09/22 14:03:36 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Live Writer
[2011/09/06 11:34:58 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Windows Small Business Server
[2012/04/26 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\pwest\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/05/20 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\spradsadmin\AppData\Roaming\Windows Small Business Server
[2009/07/13 22:08:49 | 000,015,898 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/25 16:21:06 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SVCHOST.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BA309A65-07BE-4F2F-ADBB-32858216A714}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 05 01 02 01 01 01 04 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/21 03:21:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/18 17:42:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/18 17:42:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/21 03:21:17 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/03/21 03:21:18 | 000,748,336 | ---- | M] (Microsoft Corporation)
< C:\Windows\assembly\tmp\U\*.* /s > < C:\Program Files\Common Files\ComObjects\*.* /s > < C:\windows\*. /RP /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < type c:\diskreport.txt /c >Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: PWOFFICEHP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E NM200 CDFS DVD-ROM 1019 MB Healthy
Volume 1 Partition 100 MB Healthy Offline
Volume 2 C OS NTFS Partition 1385 GB Healthy Boot
Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy
Volume 4 Partition 687 GB Healthy Offline
Volume 5 Partition 11 GB Healthy Offline
Volume 6 F Removable 0 B No Media
Volume 7 G Removable 0 B No Media
Volume 8 H Removable 0 B No Media
Volume 9 I Removable 0 B No Media
< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 09:14:36
-----------------------------
09:14:36.909 OS Version: Windows x64 6.1.7601 Service Pack 1
09:14:36.909 Number of processors: 4 586 0x2A07
09:14:36.910 ComputerName: PWOFFICEHP UserName: pwest
09:14:39.838 Initialize success
09:15:27.539 AVAST engine defs: 12052600
09:15:37.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
09:15:37.532 Disk 0 Vendor: Intel___ 1.0. Size: 1430797MB BusType: 8
09:15:37.534 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
09:15:37.538 Disk 1 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
09:15:37.561 Disk 0 MBR read successfully
09:15:37.565 Disk 0 MBR scan
09:15:37.571 Disk 0 unknown MBR code
09:15:37.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:15:37.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1418970 MB offset 206848
09:15:37.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11725 MB offset 2906257408
09:15:37.651 Disk 0 scanning C:\Windows\system32\drivers
09:15:51.104 Service scanning
09:16:15.252 Modules scanning
09:16:15.267 Disk 0 trace - called modules:
09:16:15.280 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:16:15.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a060060]
09:16:15.287 3 CLASSPNP.SYS[fffff88001da943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008db5050]
09:16:17.117 AVAST engine scan C:\Windows
09:16:19.591 AVAST engine scan C:\Windows\system32
09:24:34.147 AVAST engine scan C:\Windows\system32\drivers
09:24:51.052 AVAST engine scan C:\Users\pwest
09:37:24.621 AVAST engine scan C:\ProgramData
09:38:53.990 Scan finished successfully
09:40:17.687 Disk 0 MBR has been saved successfully to "C:\Users\pwest\Desktop\MBR.dat"
09:40:17.689 The log file has been saved successfully to "C:\Users\pwest\Desktop\aswMBR.txt"
OTL Extras logfile created on: 5/26/2012 9:57:57 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pwest\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.48% Memory free
20.19 Gb Paging File | 17.04 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): c:\pagefile.sys 12500 13000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.71 Gb Total Space | 671.01 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 1018.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 70.00 Gb Total Space | 10.06 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive R: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive S: | 100.00 Gb Total Space | 12.41 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive U: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive V: | 99.90 Gb Total Space | 41.10 Gb Free Space | 41.14% Space Free | Partition Type: NTFS
Drive Y: | 99.90 Gb Total Space | 69.29 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Computer Name: PWOFFICEHP | User Name: pwest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Easy Media Player\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|
[email protected],-25110|
[email protected],-25112|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|
[email protected],-25251|
[email protected],-25257|
[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|
[email protected],-25301|
[email protected],-25303|
[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|
[email protected],-25376|
[email protected],-25382|
[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|
[email protected],-25351|
[email protected],-25357|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|
[email protected],-25082|
[email protected],-25088|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|
[email protected],-25061|
[email protected],-25067|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|
[email protected],-25068|
[email protected],-25074|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|
[email protected],-25075|
[email protected],-25081|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|
[email protected],-25026|
[email protected],-25032|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|
[email protected],-25019|
[email protected],-25025|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|
[email protected],-25001|
[email protected],-25007|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|
[email protected],-25116|
[email protected],-25118|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|
[email protected],-25012|
[email protected],-25018|
[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|
[email protected],-25326|
[email protected],-25332|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|
[email protected],-25113|
[email protected],-25115|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|
[email protected],-25111|
[email protected],-25112|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|
[email protected],-25252|
[email protected],-25257|
[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|
[email protected],-25302|
[email protected],-25303|
[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|
[email protected],-25377|
[email protected],-25382|
[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|
[email protected],-25352|
[email protected],-25357|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|
[email protected],-25083|
[email protected],-25088|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|
[email protected],-25062|
[email protected],-25067|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|
[email protected],-25069|
[email protected],-25074|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|
[email protected],-25076|
[email protected],-25081|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|
[email protected],-25027|
[email protected],-25032|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|
[email protected],-25020|
[email protected],-25025|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|
[email protected],-25002|
[email protected],-25007|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|
[email protected],-25117|
[email protected],-25118|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|
[email protected],-25013|
[email protected],-25018|
[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|
[email protected],-25327|
[email protected],-25333|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|
[email protected],-25114|
[email protected],-25115|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|
[email protected],-25407|
[email protected],-25408|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|
[email protected],-25403|
[email protected],-25404|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|
[email protected],-25401|
[email protected],-25401|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|
[email protected],-25008|
[email protected],-25011|
[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|
[email protected],-25405|
[email protected],-25406|
[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|
[email protected],-28543|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|
[email protected],-28545|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|
[email protected],-28527|
[email protected],-28530|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|
[email protected],-28519|
[email protected],-28522|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|
[email protected],-28503|
[email protected],-28506|
[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|
[email protected],-28511|
[email protected],-28514|
[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|
[email protected],-28535|
[email protected],-28538|
[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|
[email protected],-28539|
[email protected],-28542|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|
[email protected],-28544|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|
[email protected],-28546|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|
[email protected],-28531|
[email protected],-28534|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|
[email protected],-28523|
[email protected],-28526|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|
[email protected],-28507|
[email protected],-28510|
[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|
[email protected],-28515|
[email protected],-28518|
[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|
[email protected],-33035|
[email protected],-33036|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|
[email protected],-33027|
[email protected],-33030|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|
[email protected],-33019|
[email protected],-33022|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|
[email protected],-33003|
[email protected],-33006|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|
[email protected],-33011|
[email protected],-33014|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|
[email protected],-33031|
[email protected],-33034|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|
[email protected],-33037|
[email protected],-33038|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|
[email protected],-33023|
[email protected],-33026|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|
[email protected],-33007|
[email protected],-33010|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|
[email protected],-33015|
[email protected],-33018|
[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|
[email protected],-28753|
[email protected],-28756|
[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|
[email protected],-34256|
[email protected],-34257|
[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|
[email protected],-34252|
[email protected],-34253|
[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|
[email protected],-34254|
[email protected],-34255|
[email protected],-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|
[email protected],-25110|
[email protected],-25112|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|
[email protected],-25251|
[email protected],-25257|
[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|
[email protected],-25301|
[email protected],-25303|
[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|
[email protected],-25376|
[email protected],-25382|
[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|
[email protected],-25351|
[email protected],-25357|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|
[email protected],-25082|
[email protected],-25088|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|
[email protected],-25061|
[email protected],-25067|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|
[email protected],-25068|
[email protected],-25074|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|
[email protected],-25075|
[email protected],-25081|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|
[email protected],-25026|
[email protected],-25032|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|
[email protected],-25019|
[email protected],-25025|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|
[email protected],-25001|
[email protected],-25007|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|
[email protected],-25116|
[email protected],-25118|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|
[email protected],-25012|
[email protected],-25018|
[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|
[email protected],-25326|
[email protected],-25332|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|
[email protected],-25113|
[email protected],-25115|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|
[email protected],-25111|
[email protected],-25112|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|
[email protected],-25252|
[email protected],-25257|
[email protected],-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|
[email protected],-25302|
[email protected],-25303|
[email protected],-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|
[email protected],-25377|
[email protected],-25382|
[email protected],-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|
[email protected],-25352|
[email protected],-25357|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|
[email protected],-25083|
[email protected],-25088|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|
[email protected],-25062|
[email protected],-25067|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|
[email protected],-25069|
[email protected],-25074|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|
[email protected],-25076|
[email protected],-25081|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|
[email protected],-25027|
[email protected],-25032|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|
[email protected],-25020|
[email protected],-25025|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|
[email protected],-25002|
[email protected],-25007|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|
[email protected],-25117|
[email protected],-25118|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|
[email protected],-25013|
[email protected],-25018|
[email protected],-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|
[email protected],-25327|
[email protected],-25333|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|
[email protected],-25114|
[email protected],-25115|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|
[email protected],-25407|
[email protected],-25408|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|
[email protected],-25403|
[email protected],-25404|
[email protected],-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|
[email protected],-25401|
[email protected],-25401|
[email protected],-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|
[email protected],-25008|
[email protected],-25011|
[email protected],-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|
[email protected],-25405|
[email protected],-25406|
[email protected],-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|
[email protected],-28543|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|
[email protected],-28545|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|
[email protected],-28527|
[email protected],-28530|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|
[email protected],-28519|
[email protected],-28522|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|
[email protected],-28503|
[email protected],-28506|
[email protected],-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|
[email protected],-28511|
[email protected],-28514|
[email protected],-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|
[email protected],-28535|
[email protected],-28538|
[email protected],-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|
[email protected],-28539|
[email protected],-28542|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|
[email protected],-28544|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|
[email protected],-28546|
[email protected],-28547|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|
[email protected],-28531|
[email protected],-28534|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|
[email protected],-28523|
[email protected],-28526|
[email protected],-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|
[email protected],-28507|
[email protected],-28510|
[email protected],-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|
[email protected],-28515|
[email protected],-28518|
[email protected],-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|
[email protected],-33035|
[email protected],-33036|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|
[email protected],-33027|
[email protected],-33030|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|
[email protected],-33019|
[email protected],-33022|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|
[email protected],-33003|
[email protected],-33006|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|
[email protected],-33011|
[email protected],-33014|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|
[email protected],-33031|
[email protected],-33034|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|
[email protected],-33037|
[email protected],-33038|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|
[email protected],-33023|
[email protected],-33026|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|
[email protected],-33007|
[email protected],-33010|
[email protected],-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|
[email protected],-33015|
[email protected],-33018|
[email protected],-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|
[email protected],-28753|
[email protected],-28756|
[email protected],-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|
[email protected],-34256|
[email protected],-34257|
[email protected],-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|
[email protected],-34252|
[email protected],-34253|
[email protected],-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|
[email protected],-34254|
[email protected],-34255|
[email protected],-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B5D85A-6F75-4877-9AB8-F388A9BA8025}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AA9819C-195B-4D19-9046-C86FB1414B5F}" = lport=5053 | protocol=6 | dir=in | name=quest foglight nms https server port |
"{0FA6EA1E-E0A9-4DAB-B01F-83126B2EDD05}" = lport=9392 | protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeam.backup.service.exe |
"{154AD6C9-EB9F-426C-B191-48568880B2F8}" = lport=69 | protocol=17 | dir=in | name=quest foglight nms tftp server |
"{17C6C143-925B-4BCF-86A6-5AC3F4CDFB71}" = lport=5055 | protocol=6 | dir=in | name=quest foglight nms tunnel port |
"{1CDB5930-3D70-43FE-80F9-788D8B958016}" = lport=514 | protocol=17 | dir=in | name=quest foglight nms syslog server |
"{256EDE74-09E9-46F9-B26B-1C2F92278CD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{25D390AA-A550-46BC-8897-855453EAED1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C65A9D7-10EB-443E-902C-287F79826104}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3239C080-F818-4750-832C-6E52E90550A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D747E3E-7F00-4A59-BE9E-6A89711FD9BE}" = lport=9555 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 2 |
"{4FD8DA14-834E-4E73-A354-C88D56D9C934}" = lport=137 | protocol=17 | dir=in | app=system |
"{54480C3A-5A00-4A70-9586-1A37A1A0630C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E4E68F1-A0AE-4230-8A31-E76A224B3A98}" = lport=2055 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 1 |
"{5E8733BA-4EA8-49C8-A0DE-8B1302086618}" = rport=137 | protocol=17 | dir=out | app=system |
"{71903487-3B03-4B13-9B8D-77859CB56239}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A31B69B-6109-4C0C-804B-588368481591}" = lport=9995 | protocol=17 | dir=in | name=quest foglight nms netflow listener port 3 |
"{827CE689-A7F6-40EA-B56C-F6C407028D7F}" = lport=6343 | protocol=17 | dir=in | name=quest foglight nms sflow |
"{84EF5A93-0945-42B4-8777-531FA4E9E183}" = lport=5054 | protocol=6 | dir=in | name=quest foglight nms server port |
"{8A2CF5F9-86F2-46CB-9733-ACF1B92F8048}" = lport=9393 | protocol=6 | dir=in | app=c:\program files\veeam\backup catalog\veeam.backup.catalogdataservice.exe |
"{8D2C3E84-3780-463F-891C-2AFFCF9CD6D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{952BC428-C38E-4BF2-A6BB-C879F18F52D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{953551B4-4EE0-47C8-BEF1-8795B52120A3}" = lport=162 | protocol=17 | dir=in | name=quest foglight nms snmp traps port |
"{9E3D6BB0-4BEE-4856-8412-70F546FC9846}" = lport=139 | protocol=6 | dir=in | app=system |
"{A180B314-BEC2-4A33-9490-22A16BEF45A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2D69D27-CEE5-4B3C-A756-C6CECA5EF45D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A95F9234-733A-4771-B844-6B9208650E01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B30EB9DB-2A1F-4731-9598-E3E8BF547223}" = lport=9392 | protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeam.backup.service.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B60DAB96-3798-46C2-94D7-CC2C81089B86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA35A4D3-72DF-45C7-84DD-33C1F11937B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C084C561-395B-4184-A154-C545C1A77DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C1B7EABF-D799-428E-BE99-C29EFB408932}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2E8DB52-2357-4C91-81DD-1D71E109C293}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D26AA8FD-E4F1-48F2-A236-764909AACAD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D47452D4-1B76-416F-B831-B9EF7F1DF68F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5365C9B-1BB5-4B8C-8222-B574B8867870}" = lport=9393 | protocol=6 | dir=out | app=c:\program files\veeam\backup catalog\veeam.backup.catalogdataservice.exe |
"{D5C01D96-1A4D-4EF4-9367-5C97A35A5B3A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD2665F0-C497-4031-A090-CC4E5DB806AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE5AF1CF-1880-4386-8275-DE7154B13B67}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067214B5-222D-4446-A848-39484CACFD64}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{0CEF947D-1747-4DDB-B2DE-EEA88AC0ADC0}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{101CE925-DEED-4E3E-A25B-C0F3C850AF8D}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{1B757B9E-6088-441E-BB5B-2A9D846080F5}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{1C7C51A3-CD8E-40F1-8C4B-870465EAA15C}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{2008A7C8-9EDF-464C-93F3-6DA5DCAD1B2E}" = protocol=1 | dir=out |
[email protected],-28544 |
"{209150F4-7F93-406A-9E66-82DEBB167563}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{21DF171F-DE42-4F51-9268-B30FABBBDDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{22C69243-4A41-4FA8-A8F3-869A657F0ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{24DB361B-8073-4A32-B071-021F6AB4F3B1}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{278BEA2B-7828-4839-879A-1DA111808D2A}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{2EE41BB4-963D-4306-9BB0-334D614287EE}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{321AD5B1-B991-40C2-9B78-B9C613A99044}" = protocol=1 | dir=in |
[email protected],-28543 |
"{3946D3EE-DB38-4CA2-A2DF-4C789AB18806}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{3F3503B7-3DCE-4B78-8856-FF8A46BC7181}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{43881A8C-5AB3-4DCA-AF30-3E30DB0E46F1}" = protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeamnfssvc.exe |
"{4715A9B2-36C0-4D58-96E5-A473277416C2}" = protocol=58 | dir=out |
[email protected],-28546 |
"{4B501E2E-DAA9-4E39-AEA2-A8A89F014CD7}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{4DFB226E-35BB-4EFB-9F1C-EBC343E7449E}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{4EF9B829-0BB8-4643-98E0-095482545195}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{4F725F7F-8A76-450E-B748-F6A5C2C68671}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{53BE7930-C405-4CAE-9221-888A0FA561BA}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{54DF61EF-7DBF-45DF-96CC-2EAE7905F390}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{56E3537E-8CC0-4970-815B-82DBC9D689C3}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{57716274-B9BF-4CD1-A945-0C7DCADBB460}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{59B46AD2-5638-4754-90DC-29C8AAB0DA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{5A9F8BFD-3DAA-4A5B-976A-143F3E49C4EB}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{5CC3BF7F-573B-4BEA-9738-862EBF9E20C7}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{5D436434-A356-4997-85C1-A41EF2896372}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{5E7D6C7F-3382-45C4-8C8D-8CBAF078B42E}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{5FDA2FB0-8F68-400A-88CA-F00BD4C38AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{601E2CA6-51F6-4612-B840-E5AC11DA2A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{6197A6D7-BFD7-4F39-8C75-C165BDBB2CC3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{625940B6-98A8-4E10-A450-F21281190408}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{654E6482-AA2E-488E-94C3-69ADEED9A86D}" = protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeamagent.exe |
"{6701CA8F-45AC-4E9D-AAB0-3D082C76865B}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{67EBB4D3-1340-46BE-88A6-4F9100385749}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{6BAE6D3B-587E-484B-AD2C-F8E4A0646743}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{6C0FDA7F-E896-4816-876B-7EBA3312CCEF}" = protocol=58 | dir=in |
[email protected],-28545 |
"{6ED26F95-1F5C-4FD7-8502-06B90C3ACDF8}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{70C5790B-D412-4C80-A279-23A943C6D7B7}" = protocol=6 | dir=in | app=c:\users\pwest\appdata\roaming\dropbox\bin\dropbox.exe |
"{70CEB015-EC96-4C69-934B-E203AF6433F6}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{73D4F76C-5402-45DF-BEEA-AAA78ACA21A6}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{74F90CC0-1D60-4F66-BEEC-79270B4B6ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{7561EBAB-ABFB-4567-9736-A6EEBC94E3DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7638D6F5-E258-41E2-81C1-51CCD0C6123C}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{7EAFEF41-6505-4B6A-AF06-DA8B9665F93F}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{814DC346-3806-4968-8508-1A18315DB602}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{82FE4FD4-270B-406A-A549-020A32647041}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{840D6E85-B3FD-4A2F-A0D8-31B38617D4A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{89AB7CAB-EFB6-45F3-807B-DF6CFC90614E}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{950D7629-115B-4F52-A2FB-CD7B880D5BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseservice.exe |
"{998F8246-CCDE-4DCE-9518-0386C7BE0121}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverservice.exe |
"{9B4EED84-B56E-4767-A180-F35701F8C3CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{9D1E5E5D-368F-4478-8E8B-00BF07357DAB}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{9E018F0A-30C8-4AA5-B9A4-5F1B94DECDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{9EFEAA93-0E26-49D4-B585-C14A9CD072E0}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{A4BCED2B-25EB-4E33-9C30-D28F1C8485F4}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{A97A2F2F-0442-40CC-A84A-F5F5CC5674B8}" = protocol=6 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{AD014C6D-1B63-423C-BD23-CEBAD9F17D99}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{AE2E5AA2-F30B-49A8-94BA-D0EBF42C9365}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{AEAD6A5D-B793-4F28-9537-BD2EE1612D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{B1491EE7-4FBD-451B-8EB2-537F8EB7A1CC}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{B47B2A06-21F7-4DE9-8FAA-60AAB581CA80}" = protocol=6 | dir=out | app=c:\program files\veeam\backup and replication\veeamnfssvc.exe |
"{B4C373F0-1720-4F79-AE1A-89A890F920EF}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterprisereportviewer.exe |
"{BB6D007F-D977-4333-A9D2-2080EBEFF224}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{BD28C401-C155-4D4A-AECA-8AC8EE7E00B4}" = protocol=17 | dir=out | app=c:\program files (x86)\quest software\foglight nms\ptstudio.exe |
"{C35442BC-B758-4AA1-8899-B29878EC3F16}" = protocol=17 | dir=in | app=c:\program files (x86)\gfi software\vipre business\enterpriseconsole.exe |
"{C687E1EA-26BA-473A-BFAB-3CD9D5DB362A}" = protocol=6 | dir=in | app=c:\program files\veeam\backup and replication\veeamagent.exe |
"{C80C775A-3980-4EC6-B9DD-45DAF91E845F}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\free network tools\toolkit.exe |
"{CC927389-FB7D-44C8-86A3-9FF6969E68E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CED8BDED-1308-4A07-85AF-AE599DD53EE5}" = protocol=6 | dir=in | app=c:\program files\veeam\backup catalog\veeamagent.exe |
"{D140E342-D28C-41CA-935F-D61190086168}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\gfiagent\sbamsvc.exe |
"{DBF98F34-C5FA-4863-9D64-573F48BE6D24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3C431F4-5CE0-4E5B-90DE-D76C7CF6BB3A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E467E1B3-A904-4E62-AADC-A2A26B4E7D11}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentservice.exe |
"{E719E21A-AE82-4254-A02C-B597C8ECB175}" = protocol=17 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptagentconfig.exe |
"{E94FED9D-25AC-4A1B-9186-7782459E7668}" = protocol=6 | dir=out | app=c:\program files\veeam\backup catalog\veeamagent.exe |
"{E9A61C50-C892-4040-897D-8EA5A5D40914}" = protocol=17 | dir=in | app=c:\users\pwest\appdata\roaming\dropbox\bin\dropbox.exe |
"{EAAE0686-E215-40AA-8B39-4BF48C82C073}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{ED227C13-484D-44DB-B2FD-537BA247CCD1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED924D2E-35E0-4165-9093-2B3E0CFB0AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"{F7954C5E-9C03-47B9-A761-E4EB3D7BFA16}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{FA869D27-D279-4BCA-983A-A4B108ECB6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\quest software\foglight nms\ptserverconfig.exe |
"{FEC697D2-34D2-4B7E-A63D-78C961918D28}" = protocol=6 | dir=in | app=c:\program files (x86)\gfi software\deployment\microinstaller.exe |
"TCP Query User{1276F1C8-2043-45E9-A88D-CBD89F3D7B1B}C:\program files (x86)\smartcontrolcenter\sccd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smartcontrolcenter\sccd.exe |
"TCP Query User{12D9F5CF-4E3F-4A55-9F7E-7697CECE41DE}C:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe |
"TCP Query User{1B197C35-1402-41E8-9FFE-D539EC03B60D}C:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe |
"TCP Query User{33919718-D59D-4A6E-B12B-EF49ED50C2DF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5A978307-638B-4609-9C00-9A877C31FE97}C:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe" = protocol=6 | dir=in | app=c:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe |
"TCP Query User{6DCF8301-DEDC-4A6C-8480-1B366AFF36B7}C:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe |
"TCP Query User{92A0DC82-DF4C-4F10-BF0C-1260B7E86D36}C:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe" = protocol=6 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe |
"TCP Query User{A2A4A7D4-42F8-4655-92F0-A6586A673D86}C:\program files (x86)\logmein rescue calling card\callingcard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logmein rescue calling card\callingcard.exe |
"UDP Query User{0937389A-26B9-43E8-A8EA-A1777CCB4085}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0E13D5CD-8EF8-4C85-8FA1-D13E48D17C02}C:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veeam\veeam backup and fastscp\veeamagent.exe |
"UDP Query User{1111D394-D6F7-46EF-A6A8-D87F11CDEA3E}C:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe" = protocol=17 | dir=in | app=c:\program files (x86)\telerik\radcontrols for asp.net ajax q2 2011 sp1\live demos\startexamples.exe |
"UDP Query User{39AEA9E1-0923-4224-9BD0-A3B34234EFE6}C:\program files (x86)\smartcontrolcenter\sccd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smartcontrolcenter\sccd.exe |
"UDP Query User{563DFB5F-B89C-4964-A338-1183AD72CB2A}C:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\110\tools\binn\managementstudio\ssms.exe |
"UDP Query User{575A594A-0663-4C21-ACBC-4817A4937318}C:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0005.tmp\lmi_instantchat.exe |
"UDP Query User{C8007F5F-49E7-4116-8F90-A41AE20B119C}C:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe" = protocol=17 | dir=in | app=c:\users\pwest\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_instantchat.exe |
"UDP Query User{E8E5D040-0755-4286-9000-FFB1C6FEFA31}C:\program files (x86)\logmein rescue calling card\callingcard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logmein rescue calling card\callingcard.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{08FA11B6-EE24-4BEE-BC82-889E7DC84111}" = Veeam Backup and Replication
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{22BCA430-2A68-4678-9824-184F3839948F}" = SQL Server 2012 Integration Services
"{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}" = SQL Server 2012 Management Studio
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{36BF5D42-BF68-4E0C-A165-A4C6E9841F4A}" = SQL Server 2012 Integration Services
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5DDC2234-4B37-45BC-AD33-41F1469B4D83}" = Microsoft SQL Server 2012 Setup (English)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{656E214E-B73F-458C-AD64-ED316F008207}" = SQL Server 2012 BI Development Studio
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}" = SQL Server 2012 Client Tools
"{7272DF1C-2F88-43AC-A481-84DD67DF9746}" = SQL Server 2012 Documentation Components
"{7842C220-6E9A-4D5A-AE70-0E138271F883}" = SQL Server 2012 Client Tools
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F9F1A27-9A76-4D69-BE6C-728F933AEA0D}" = FolderSizes 5
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}" = SQL Server 2012 Documentation Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B766AE7C-72FB-4FBD-937B-DA7A0766B6C7}" = Veeam Backup Catalog
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}" = Microsoft SQL Server 2012 T-SQL Language Service
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CECA0188-BD7A-43EF-B1F7-DDF719099C46}" = SQL Server 2012 Documentation Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D307B5CF-D1F0-48A4-8DA3-54765F535208}" = SQL Server 2012 SQL Data Quality Common
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4FF4DF1-F99C-49AC-B398-BE0887432846}" = Windows Small Business Server 2008 ClientAgent
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}" = SQL Server 2012 BI Development Studio
"{F14401A9-F0A0-33CC-8444-F60823A60DEB}" = Microsoft Visual Studio Tools for Applications x64 Runtime 3.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5E5D7CA-0F94-41A3-8106-66473C2F3728}" = Windows Small Business Server 2008 Desktop Links Gadget
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012D26C3-E12A-3BDA-8ECE-DF14E721A507}" = Microsoft Visual Studio 2010 Shell (Integrated) - ENU
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0DC88E1B-1CCB-42CE-91F0-7017180E5FE8}" = Veeam Backup and FastSCP
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{14FA267F-0A8B-4de9-A8DD-28899318ABB8}" = SolarWinds Toolset v10.8
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{191A6F65-6878-398D-A272-EF011B80F371}" = Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VEEAM)
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{322D9C84-358B-4ADF-B290-AE1346DABF3E}" = Sprad's Web Admin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D5C133-DBDF-4B44-AE94-DAA20EF4A359}" = Fortis Workstation
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51B45305-3996-490B-BE32-6F9800CD43C5}" = LogMeIn Rescue Calling Card
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}" = Microsoft Visual Studio Tools for Applications Design-Time 3.0
"{5B14FB02-EE91-40FB-A35D-79AC90253C8E}" = Telerik RadControls for ASP.NET AJAX Q2 2011 SP1
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2011-11 for Microsoft Office 2010
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{63CE935C-03E3-4EB4-B194-792CB2F91C87}" = SmartControlCenter
"{63FBED9C-D995-47DC-A12D-843C570377DC}" = SlimDrivers
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B4F7ED-8579-44FC-9E11-3904897F75E5}" = Quest Free Network Tools
"{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76D1AA2B-A434-4D63-BE2C-80286F23C223}" = Microsoft Interop Forms Redistributable Package 2.0a
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884337FC-C49E-4644-A6A1-88DC6DEB5B13}" = SolarWinds SCP Server
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PUBLISHERR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{9D544611-F437-4153-913E-91CE036583CC}" = GFI Business Agent
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0D1A2F2-D43A-4C44-95A9-D108AE68878D}" = Quest Foglight NMS
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8F4ACBD-D2F0-4BB3-BEE7-3FA58DC0B354}" = Canon DR-3010C Driver
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = GFI Business Agent
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DAF51B0D-9AE1-4D7A-B077-4A227AAA257A}" = SpradsRVAdminSetup
"{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}" = Microsoft SQL Server 2012 Policies
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6FC04A-AEE9-4263-9A64-B638277E777D}" = DR-3010C Job Tool
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EE13DB71-7643-4DB3-9927-88F4C088382C}" = VIPRE Business
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3BBC56F-2282-4464-952F-A89772181F30}" = Microsoft SQL Server Data Tools – Database Projects – Web installer entry point
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3847AF65E1464F11AFF894E36C0E10D8_is1" = A1 Sitemap Generator
"Adobe AIR" = Adobe AIR
"CSS3 Menu" = CSS3 Menu
"dff7e170e6a4187719f92ab0e9558056" = NMS200 NETGEAR ProSafe Network Management Software
"Easy Media Player" = Easy Media Player 1.1.12
"FileZilla Client" = FileZilla Client 3.5.1
"FolderSizes 5 5.6.52" = FolderSizes 5
"Google Chrome" = Google Chrome
"Ilium Software eWallet_is1" = eWallet 7.2 for Windows PCs
"InstallShield_{14FA267F-0A8B-4de9-A8DD-28899318ABB8}" = SolarWinds Toolset v10.8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6D2EFF3B-B191-4B1F-8ABF-C4A8028DB8CF}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Inter_Tel 5000 DB Programming 1.2.5.114" = Inter-Tel 5000 DB Programming 1.2.5.114
"Inter_Tel 5000 DB Programming 3.2.4.59" = Mitel 5000 DB Programming 3.2.4.59
"Inter_Tel 5000 DB Programming AVDAP Monitor" = Mitel 5000 DB Programming AVDAP Monitor
"Inter_Tel 5000 DB Programming DB Test" = Mitel 5000 DB Programming DB Test
"Inter_Tel 5000 DB Programming Diagnostics Monitor" = Mitel 5000 DB Programming Diagnostics Monitor
"Inter_Tel 5000 DB Programming MOH Converter Utility" = Mitel 5000 DB Programming MOH Converter Utility
"Inter_Tel 5000 DB Programming Upload Utility" = Mitel 5000 DB Programming Upload Utility
"Inter_Tel DB Programming DB Test" = Inter-Tel DB Programming DB Test
"Inter_Tel DB Programming Upload Utility" = Inter-Tel DB Programming Upload Utility
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PDF Complete" = PDF Complete Special Edition
"SendToKindle" = Amazon Send to Kindle
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.5.4)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3156778762-1450392035-3758449630-1144\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"JoinMe" = join.me
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/7/2012 4:30:20 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 3/9/2012 4:33:31 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 3/10/2012 2:21:56 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = MsiInstaller | ID = 11500
Description =
Error - 3/10/2012 2:21:57 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = MsiInstaller | ID = 11500
Description =
Error - 3/10/2012 2:30:33 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = WinMgmt | ID = 10
Description =
Error - 3/11/2012 4:33:07 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 3/13/2012 3:32:23 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 3/14/2012 6:29:34 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = WinMgmt | ID = 10
Description =
Error - 3/14/2012 2:31:44 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Application Hang | ID = 1002
Description = The program devenv.exe version 10.0.30319.413 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 544 Start
Time: 01cd01f7337600e5 Termination Time: 0 Application Path: c:\Program Files (x86)\Microsoft
Visual Studio 10.0\Common7\IDE\devenv.exe Report Id: e9fc9af8-6e03-11e1-a740-e06995f9c1db
Error - 3/15/2012 3:33:23 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
[ Hewlett-Packard Events ]
Error - 9/7/2011 11:21:45 AM | Computer Name = PWOfficeHP.spradsreno.local | Source = Hewlett-Packard | ID = 0
Description =
Error - 5/16/2012 4:02:44 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8172 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)
[ System Events ]
Error - 2/13/2012 12:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 1:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 2:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 3:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 4:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 5:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 6:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 7:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 8:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
Error - 2/13/2012 9:03:22 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Service Control Manager | ID = 7000
Description = The COH_Mon service failed to start due to the following error: %%1275
[ Veeam Backup Events ]
Error - 9/14/2011 6:12:25 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SBSSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
cb3cc6c7-263b-416b-a9b4-6bf81a13098f
Error - 9/14/2011 6:12:27 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
4718ddea-338c-4660-babd-e5e508f9f062
Error - 9/14/2011 6:12:29 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (ACCTSERVER) VM backup job "Daily Backup" is stopped with failed
ID:
5e88c83f-3c70-46ce-a783-d97186c12875
Error - 9/14/2011 6:12:30 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 0
Description = Session Daily Backup (Full) has been completed.
Error - 9/14/2011 8:28:00 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "VM Copy Job 1" is stopped with failed
ID:
edd4e85b-6613-4b9c-b361-78891fc99ea5
Error - 9/14/2011 8:28:00 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 0
Description = Session VM Copy Job 1 has been completed.
Error - 9/14/2011 8:35:41 PM | Computer Name = PWOfficeHP.spradsreno.local | Source = Veeam Backup | ID = 2
Description = VM (SQLSERVER) VM backup job "VM Copy Job 1" is stopped with failed
ID:
a65e1769-2067-4f63-9dc1-872f9805de2b
< End of report >