Last Friday I was browsing the internet and I end up getting infected with some fake antivirus program. Constantly running fake "scans". I have McAfee Enterprise + AntiSpyware Enterprise 8.8 installed and the on access scanner begins to go crazy stating that it found multiple files and deleted them. I immediately shut down my computer and boot into safe mode with networking, download the latest edition of malwarebytes and do a full scan. Malwarebytes came up with between 3-7 infected files, quarantined said files, and subsequently deleted them. I then run a full scan with McAfee and it yielded no threats or malicious files.
Since then, however, any search item I click through google.com gets redirected first to www.pronetfeed.com and then another randomly selected advertisment site. I've tried running kasperky's TDSS removal tool, with no results. I've tried ADWcleaner by Xplode, with no results. I've tried running malwarebytes using chameleon, with no results.
This has become really frustrating and I have yet to figure out if this Google redirect issue is the only remnant of the fake antivirus program. Any help would greatly be appreciated.
Moe
This post has been edited to include the OTL Quick Scan Log:
OTL logfile created on: 4/16/2013 3:33:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkawasmi\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.96 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.23% Memory free
3.91 Gb Paging File | 2.26 Gb Available in Paging File | 57.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.24 Gb Total Space | 35.79 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Computer Name: PC048453 | User Name: MKawasmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/16 15:32:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkawasmi\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 16:12:56 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2012/08/14 20:08:00 | 000,215,656 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2012/08/14 20:08:00 | 000,033,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/09/14 21:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2011/02/01 17:48:50 | 000,604,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/10/22 10:27:28 | 000,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2005/12/27 13:44:06 | 000,172,098 | ---- | M] () -- C:\Windows\SysWOW64\UTLite33.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/26 14:00:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/02/26 13:37:51 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/26 13:37:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/26 13:37:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/26 13:36:38 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/02/26 13:36:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/26 13:36:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/26 13:36:27 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll
MOD - [2013/02/26 13:36:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/26 13:36:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/26 13:35:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/26 13:35:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2009/10/22 10:26:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
MOD - [2009/10/22 10:26:26 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
MOD - [2009/10/22 10:26:14 | 000,840,192 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
MOD - [2009/10/22 10:26:14 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2009/10/22 10:26:12 | 000,674,816 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll
MOD - [2009/10/22 10:26:12 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2009/10/22 10:26:10 | 000,130,560 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
MOD - [2009/10/22 10:26:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2009/10/22 10:26:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/10/15 09:25:30 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
MOD - [2005/12/27 13:44:06 | 000,172,098 | ---- | M] () -- C:\Windows\SysWOW64\UTLite33.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/04/02 12:31:58 | 000,170,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/02 12:31:55 | 000,201,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/07/13 17:49:04 | 002,457,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\noveap.dll -- (NovEAP)
SRV:64bit: - [2012/07/13 17:49:04 | 000,020,096 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV:64bit: - [2012/04/25 15:55:12 | 000,055,296 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\SysNative\iprntsrv.exe -- (iprntsrv)
SRV:64bit: - [2012/01/16 15:45:52 | 000,222,144 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe -- (dcevt64)
SRV:64bit: - [2012/01/16 15:45:34 | 000,293,824 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe -- (dcstor64)
SRV:64bit: - [2009/10/23 15:13:00 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/23 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/22 13:45:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 17:49:06 | 001,832,576 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\noveap.dll -- (NovEAP)
SRV - [2011/09/14 21:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/02/01 17:48:50 | 000,604,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 15:13:00 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe -- (STacSV)
SRV - [2009/10/23 15:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe -- (AESTFilters)
SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/01 10:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/04/02 12:31:58 | 000,303,464 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/02 12:31:58 | 000,101,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/04/02 12:31:57 | 000,665,768 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/02 12:31:57 | 000,274,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/02 12:31:56 | 000,160,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/26 16:12:56 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/07/13 17:49:04 | 000,119,936 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV:64bit: - [2012/07/13 17:49:04 | 000,112,256 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncfilter.sys -- (NCFilter)
DRV:64bit: - [2012/07/13 17:49:04 | 000,108,672 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV:64bit: - [2012/07/13 17:49:04 | 000,090,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV:64bit: - [2012/07/13 17:49:04 | 000,083,584 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV:64bit: - [2012/07/13 17:49:04 | 000,080,000 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV:64bit: - [2012/07/13 17:49:04 | 000,078,976 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV:64bit: - [2012/07/13 17:49:04 | 000,059,520 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV:64bit: - [2012/07/13 17:49:04 | 000,055,936 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV:64bit: - [2012/07/13 17:49:04 | 000,049,280 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV:64bit: - [2012/07/13 17:49:04 | 000,039,040 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV:64bit: - [2012/07/13 17:49:04 | 000,036,992 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV:64bit: - [2012/07/13 17:49:04 | 000,035,968 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV:64bit: - [2012/07/13 17:49:04 | 000,031,360 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV:64bit: - [2012/07/13 17:49:04 | 000,026,240 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV:64bit: - [2012/07/13 17:49:04 | 000,025,216 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV:64bit: - [2012/07/13 17:49:04 | 000,019,584 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV:64bit: - [2012/05/15 07:55:40 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/01 17:33:39 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 07:33:38 | 000,038,472 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dcdbas64.sys -- (dcdbas)
DRV:64bit: - [2009/10/23 15:13:14 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/10/23 15:13:12 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/23 15:13:10 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/23 15:13:10 | 000,017,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcm.sys -- (tcm)
DRV:64bit: - [2009/10/23 15:13:08 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/10/23 15:13:06 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/10/23 15:13:06 | 000,285,240 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WQ_hwa.sys -- (WQ_USBHWA)
DRV:64bit: - [2009/10/23 15:13:06 | 000,186,936 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WQ_dwa.sys -- (WQ_USBDWA)
DRV:64bit: - [2009/10/23 15:13:06 | 000,136,248 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WQ_rci.sys -- (WQ_USBRCI)
DRV:64bit: - [2009/10/23 15:13:06 | 000,055,352 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WQ_ldr.sys -- (WQ_USBLOAD)
DRV:64bit: - [2009/10/23 15:13:06 | 000,055,352 | ---- | M] (WiQuest Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WQ_cba.sys -- (WQ_USBCBAF)
DRV:64bit: - [2009/10/23 15:13:04 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/23 15:13:02 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/23 15:13:02 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/10/23 15:13:02 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/10/23 15:13:02 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/10/23 15:13:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/10/23 15:13:02 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/10/23 15:13:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 22:27:26 | 000,026,112 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\omci.sys -- (omci)
DRV - [2009/09/18 05:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7140B5DF-DD07-4F68-BC14-7F64F692F0F4}: "URL" = http://www.google.co...age={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{7140B5DF-DD07-4F68-BC14-7F64F692F0F4}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.tceq.state.tx.us/internal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tceq.state.tx.us/internal
IE - HKCU\..\SearchScopes,DefaultScope = {7140B5DF-DD07-4F68-BC14-7F64F692F0F4}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\Windows\SysWOW64 [2013/04/16 10:05:29 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3012: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3070: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1830: C:\Program Files (x86)\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/02/27 09:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/04/03 06:52:34 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2013/03/05 14:14:44 | 000,000,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 172.21.60.26 TCEQLASERJET
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130402123258.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130402123258.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] TERSRV.EXE "HP COLOR LASERJET CM2320 MFP SERIES FAX" File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [iPrint Event Monitor] .EXE File not found
O4:64bit: - HKLM..\Run: [iPrint Tray] TCTL.EXE TRAY_ICON File not found
O4:64bit: - HKLM..\Run: [NWTRAY] WTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cisco User Tracking] C:\Windows\SysWOW64\UTLite33.exe ()
O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [logiosk] rundll32 "C:\Windows\regikmgr.dll",CreateProcessNotify File not found
O4 - HKCU..\Run: [MRINonce] rundll32 "C:\Windows\system32\regikmgr64.dll",CreateProcessNotify File not found
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ReportControllerMissing = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: state.tx.us ([reportsprd.tceq] http in Trusted sites)
O15 - HKCU\..Trusted Domains: state.tx.us ([*.tceq] http in Trusted sites)
O15 - HKCU\..Trusted Domains: state.tx.us ([*.tnrcc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: state.tx.us ([mx7prd.tceq] http in Trusted sites)
O15 - HKCU\..Trusted Domains: state.tx.us ([tceq-aav-mpegp1.tceq] * in Trusted sites)
O15 - HKCU\..Trusted Domains: texas.gov ([bodev.tceq] * in Local intranet)
O15 - HKCU\..Trusted Domains: texas.gov ([boprd.tceq] * in Local intranet)
O15 - HKCU\..Trusted Domains: texas.gov ([botst.tceq] * in Local intranet)
O15 - HKCU\..Trusted Domains: texas.gov ([tceq-aav-mpegp1.tceq] * in Trusted sites)
O15 - HKCU\..Trusted Domains: texas.gov ([vpn.tceq] https in Trusted sites)
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} http://reportsprd.tc...tiveXViewer.cab (Crystal ActiveX Report Viewer Control 11.5)
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} http://mscesys1/crys...tiveXViewer.cab (Crystal ActiveX Report Viewer Control 10.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ms.tnrcc.state.tx.us
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C09ACFBD-A651-4852-86B2-593172DB76AA}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF47AD1-D080-4114-AB83-A98F4A5752B4}: DhcpNameServer = 163.234.36.253 163.234.36.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\NovEapLogn: DllName - (Noveap.dll) - C:\Windows\SysNative\noveap.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/16 15:32:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mkawasmi\Desktop\OTL.exe
[2013/04/12 15:43:17 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Roaming\Malwarebytes
[2013/04/12 15:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/12 15:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/12 15:42:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/12 15:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/12 14:51:37 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Local\Programs
[2013/04/12 13:28:49 | 000,000,000 | ---D | C] -- C:\Quarantine
[2013/04/12 13:28:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/04/02 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Local\CutePDF Writer
[2013/04/01 12:55:54 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Roaming\vlc
[2013/03/28 10:28:11 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\Desktop\Housing
[2013/03/19 16:53:46 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Roaming\HpUpdate
[2013/03/19 16:53:40 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013/03/19 08:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/03/19 08:31:30 | 000,000,000 | ---D | C] -- C:\Users\mkawasmi\AppData\Roaming\Yahoo!
========== Files - Modified Within 30 Days ==========
[2013/04/16 15:32:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkawasmi\Desktop\OTL.exe
[2013/04/16 15:11:20 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 15:11:20 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 15:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 15:02:00 | 000,000,392 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2013/04/16 14:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 14:56:45 | 1575,333,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 10:05:29 | 000,799,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/16 10:05:29 | 000,665,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/16 10:05:29 | 000,122,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/12 17:19:25 | 000,026,683 | ---- | M] () -- C:\Users\mkawasmi\Desktop\a3.pdf
[2013/04/12 17:19:02 | 000,026,658 | ---- | M] () -- C:\Users\mkawasmi\Desktop\a2.pdf
[2013/04/12 13:29:17 | 000,071,168 | -H-- | M] () -- C:\Windows\SysNative\regikmgr64.dll
[2013/04/05 08:48:18 | 000,676,287 | ---- | M] () -- C:\Users\mkawasmi\Documents\License_R04100 Amendment 19.pdf
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/03 14:43:15 | 000,781,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/03 11:27:52 | 000,954,444 | ---- | M] () -- C:\Users\mkawasmi\Desktop\Sample.pdf
[2013/04/02 12:31:58 | 000,303,464 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2013/04/02 12:31:58 | 000,170,440 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/04/02 12:31:58 | 000,101,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2013/04/02 12:31:58 | 000,099,352 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\MfeOtlkAddin.dll
[2013/04/02 12:31:57 | 000,665,768 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2013/04/02 12:31:57 | 000,274,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2013/04/02 12:31:57 | 000,010,288 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2013/04/02 12:31:56 | 000,160,952 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2013/04/02 12:31:50 | 000,075,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\MfeOtlkAddin.dll
[2013/04/02 12:31:50 | 000,023,112 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\MFEOtlk.dll
[2013/04/02 12:26:48 | 000,344,454 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/22 09:26:49 | 000,436,125 | ---- | M] () -- C:\Users\mkawasmi\Desktop\Waste Shipment RW-13-001.pdf
[2013/03/20 11:35:31 | 000,173,362 | ---- | M] () -- C:\Users\mkawasmi\Desktop\Attendance Form.pdf
[2013/03/19 10:42:24 | 000,168,791 | ---- | M] () -- C:\Users\mkawasmi\Desktop\Receipt.pdf
========== Files Created - No Company Name ==========
[2013/04/12 17:19:25 | 000,026,683 | ---- | C] () -- C:\Users\mkawasmi\Desktop\a3.pdf
[2013/04/12 17:19:02 | 000,026,658 | ---- | C] () -- C:\Users\mkawasmi\Desktop\a2.pdf
[2013/04/12 13:29:17 | 000,071,168 | -H-- | C] () -- C:\Windows\SysNative\regikmgr64.dll
[2013/04/05 08:48:18 | 000,676,287 | ---- | C] () -- C:\Users\mkawasmi\Documents\License_R04100 Amendment 19.pdf
[2013/04/03 11:28:26 | 000,954,444 | ---- | C] () -- C:\Users\mkawasmi\Desktop\Sample.pdf
[2013/03/22 09:27:13 | 000,436,125 | ---- | C] () -- C:\Users\mkawasmi\Desktop\Waste Shipment RW-13-001.pdf
[2013/03/20 11:35:44 | 000,173,362 | ---- | C] () -- C:\Users\mkawasmi\Desktop\Attendance Form.pdf
[2013/03/19 10:42:44 | 000,168,791 | ---- | C] () -- C:\Users\mkawasmi\Desktop\Receipt.pdf
[2013/03/05 15:27:47 | 000,177,010 | ---- | C] () -- C:\Windows\hppins12.dat.temp
[2013/03/05 14:13:53 | 000,000,794 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2013/03/05 14:06:48 | 000,172,379 | ---- | C] () -- C:\Windows\hppins12.dat
[2013/03/05 14:06:47 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2013/02/22 14:23:35 | 000,019,732 | RHS- | C] () -- C:\Users\mkawasmi\ntuser.pol
[2013/02/22 14:22:18 | 000,344,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/22 13:49:56 | 000,254,352 | ---- | C] () -- C:\Windows\SysWow64\npnipp.dll
[2013/02/22 13:39:17 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/10/01 20:11:52 | 001,832,576 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll
[2012/10/01 20:11:52 | 000,909,440 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll
[2012/10/01 20:11:52 | 000,230,528 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll
[2012/10/01 20:11:52 | 000,156,800 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll
[2012/10/01 20:11:52 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\slpinfo.exe
[2012/10/01 20:11:50 | 000,666,752 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll
[2012/10/01 20:11:50 | 000,187,520 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll
[2012/10/01 20:11:50 | 000,092,800 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll
[2012/10/01 20:11:50 | 000,026,240 | ---- | C] () -- C:\Windows\SysWow64\loginw32.exe
[2012/08/29 22:34:37 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/08/29 22:34:36 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012/08/29 22:34:36 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/08/29 22:34:34 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/08/01 09:01:25 | 000,799,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/01 08:59:34 | 000,000,392 | ---- | C] () -- C:\Windows\SMSCFG.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-734690479-1344892132-312552118-34155\$5315fe5ab433554d17e13e2f34f1edf9\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/02/27 11:15:13 | 000,000,000 | ---D | M] -- C:\Users\mkawasmi\AppData\Roaming\TrueCrypt
========== Purity Check ==========
< End of report >
Edited yet again to include the Extras text file:
OTL Extras logfile created on: 4/16/2013 3:33:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkawasmi\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.96 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.23% Memory free
3.91 Gb Paging File | 2.26 Gb Available in Paging File | 57.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.24 Gb Total Space | 35.79 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Computer Name: PC048453 | User Name: MKawasmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [rCmdHere] -- C:\Windows\system32\cmd.exe /k cd /d "%1" (Microsoft Corporation)
Directory [runas] -- C:\Windows\system32\cmd.exe /k cd /d "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [rCmdHere] -- C:\Windows\system32\cmd.exe /k cd /d "%1" (Microsoft Corporation)
Directory [runas] -- C:\Windows\system32\cmd.exe /k cd /d "%1" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 532
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"Sharp AutoConfiguration Module" = C:\Windows\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"Sharp AutoConfiguration Module M453N" = C:\Windows\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"Sharp AutoConfiguration Module M455" = C:\Windows\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"Sharp AutoConfiguration Module M550" = C:\Windows\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"Sharp AutoConfiguration Module M620" = C:\Windows\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"Sharp AutoConfiguration Module M700" = C:\Windows\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"Sharp AutoConfiguration Module M850" = C:\Windows\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module" = %windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"%windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N" = %windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"%windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455" = %windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"%windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550" = %windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"%windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620" = %windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"%windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700" = %windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"%windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850" = %windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance" = %windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance
"%ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise
"%ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:SCCM Remote Tools" = 135:TCP:*:Enabled:SCCM Remote Tools
"2701:TCP:*:Enabled:SCCM Remote Tools" = 2701:TCP:*:Enabled:SCCM Remote Tools
"2702:TCP:*:Enabled:SCCM Remote Tools" = 2702:TCP:*:Enabled:SCCM Remote Tools
"161:UDP:*:Enabled:Dell OMCI" = 161:UDP:*:Enabled:Dell OMCI
"162:UDP:*:Enabled:Dell OMCI" = 162:UDP:*:Enabled:Dell OMCI
"6389:TCP:*:Enabled:Dell OMCI" = 6389:TCP:*:Enabled:Dell OMCI
"443:TCP:*:Enabled:Dell OMCI" = 443:TCP:*:Enabled:Dell OMCI
"3389:TCP:*:Enabled:Remote Assistance" = 3389:TCP:*:Enabled:Remote Assistance
"8081:TCP:*:Enabled:McAfee Agent Logging" = 8081:TCP:*:Enabled:McAfee Agent Logging
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log -- ()
"LogFileSize" = 16384
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-DHCP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|
"CoreNet-DHCPV6-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-SSDPSrv-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-DCOM-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|
"RemoteAssistance-RAServer-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-In-TCP-EdgeScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|
"WMI-WINMGMT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"WMI-WINMGMT-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"RemoteAssistance-PnrpSvc-UDP-OUT-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-TCP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|
"RemoteAssistance-Out-TCP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-OUT" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"RemoteAssistance-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteDesktop-UserMode-In-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28776|[email protected],-28777|[email protected],-28752|
"RemoteDesktop-UserMode-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28775|[email protected],-28756|[email protected],-28752|
"FPS-LLMNR-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
"FPS-ICMP6-ERQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-NB_Name-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-SMB-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Session-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"FPS-ICMP6-ERQ-Out-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-NB_Name-Out-UDP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-SMB-Out-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Session-Out-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"{ED2BFF76-380D-4A47-A73D-75A172E6DAD8}" = v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|App=%ProgramFiles% (x86)\Internet Explorer\iexplore.exe|Name=Internet Explorer|
"{1C5A8952-AEC5-4356-B516-B7FD6DD12E60}" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RPort=8081|Name=McAfee Agent Logging|
"{B264B256-BCBA-4DDE-A687-C60A8101484A}" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=8081|Name=McAfee Agent Logging|
"CoreNet-IPv6-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|
"CoreNet-IPHTTPS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|
"CoreNet-Teredo-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|
"CoreNet-IGMP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|
"CoreNet-ICMP6-LD-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP6-LR2-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LR-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LQ-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-RS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-RA-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-NDA-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|
"CoreNet-GP-LSASS-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|
"CoreNet-DNS-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|
"CoreNet-GP-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|
"CoreNet-GP-NP-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|
"CoreNet-IPv6-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|
"CoreNet-IPHTTPS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|
"CoreNet-Teredo-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|
"CoreNet-DHCPV6-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|
"CoreNet-DHCP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|
"CoreNet-IGMP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|
"CoreNet-ICMP6-LD-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP6-LR2-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LR-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-RS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|[email protected],-25008|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-RA-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|[email protected],-25013|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-NDA-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|
"CoreNet-ICMP6-NDS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|
"CoreNet-ICMP6-PP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|
"CoreNet-ICMP6-TE-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|
"CoreNet-ICMP6-PTB-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|
"RemoteEventLogSvc-RPCSS-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"WINRM-HTTP-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30267|
"WINRM-HTTP-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30267|
"WINRM-HTTP-Compat-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
"WINRM-HTTP-Compat-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogDroppedPackets" = 1
"LogFilePath" = C:\Windows\system32\logfiles\firewall\pfirewall.log -- ()
"LogFileSize" = 16384
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogDroppedPackets" = 1
"LogFilePath" = C:\Windows\system32\logfiles\firewall\pfirewall.log -- ()
"LogFileSize" = 16384
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"Sharp AutoConfiguration Module" = C:\Windows\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"Sharp AutoConfiguration Module M453N" = C:\Windows\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"Sharp AutoConfiguration Module M455" = C:\Windows\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"Sharp AutoConfiguration Module M550" = C:\Windows\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"Sharp AutoConfiguration Module M620" = C:\Windows\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"Sharp AutoConfiguration Module M700" = C:\Windows\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"Sharp AutoConfiguration Module M850" = C:\Windows\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module" = %windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"%windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N" = %windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"%windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455" = %windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"%windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550" = %windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"%windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620" = %windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"%windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700" = %windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"%windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850" = %windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance" = %windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance
"%ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise
"%ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:SCCM Remote Tools" = 135:TCP:*:Enabled:SCCM Remote Tools
"2701:TCP:*:Enabled:SCCM Remote Tools" = 2701:TCP:*:Enabled:SCCM Remote Tools
"2702:TCP:*:Enabled:SCCM Remote Tools" = 2702:TCP:*:Enabled:SCCM Remote Tools
"3389:TCP:*:Enabled:Remote Assistance" = 3389:TCP:*:Enabled:Remote Assistance
"8081:TCP:*:Enabled:McAfee Agent Logging" = 8081:TCP:*:Enabled:McAfee Agent Logging
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log -- ()
"LogFileSize" = 16384
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 532
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"Sharp AutoConfiguration Module" = C:\Windows\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"Sharp AutoConfiguration Module M453N" = C:\Windows\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"Sharp AutoConfiguration Module M455" = C:\Windows\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"Sharp AutoConfiguration Module M550" = C:\Windows\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"Sharp AutoConfiguration Module M620" = C:\Windows\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"Sharp AutoConfiguration Module M700" = C:\Windows\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"Sharp AutoConfiguration Module M850" = C:\Windows\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module" = %windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"%windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N" = %windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"%windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455" = %windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"%windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550" = %windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"%windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620" = %windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"%windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700" = %windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"%windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850" = %windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance" = %windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance
"%ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:SCCM Remote Tools" = 135:TCP:*:Enabled:SCCM Remote Tools
"2701:TCP:*:Enabled:SCCM Remote Tools" = 2701:TCP:*:Enabled:SCCM Remote Tools
"2702:TCP:*:Enabled:SCCM Remote Tools" = 2702:TCP:*:Enabled:SCCM Remote Tools
"161:UDP:*:Enabled:Dell OMCI" = 161:UDP:*:Enabled:Dell OMCI
"162:UDP:*:Enabled:Dell OMCI" = 162:UDP:*:Enabled:Dell OMCI
"6389:TCP:*:Enabled:Dell OMCI" = 6389:TCP:*:Enabled:Dell OMCI
"443:TCP:*:Enabled:Dell OMCI" = 443:TCP:*:Enabled:Dell OMCI
"3389:TCP:*:Enabled:Remote Assistance" = 3389:TCP:*:Enabled:Remote Assistance
"8081:TCP:*:Enabled:McAfee Agent Logging" = 8081:TCP:*:Enabled:McAfee Agent Logging
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log
"LogFileSize" = 16384
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-DHCP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|
"CoreNet-DHCPV6-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-SSDPSrv-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-DCOM-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|
"RemoteAssistance-RAServer-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-In-TCP-EdgeScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|
"WMI-WINMGMT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"WMI-WINMGMT-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"RemoteAssistance-PnrpSvc-UDP-OUT-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-TCP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|
"RemoteAssistance-Out-TCP-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-OUT" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"RemoteAssistance-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteDesktop-UserMode-In-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28776|[email protected],-28777|[email protected],-28752|
"RemoteDesktop-UserMode-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28775|[email protected],-28756|[email protected],-28752|
"FPS-LLMNR-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
"FPS-ICMP6-ERQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-NB_Name-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-SMB-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Session-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"FPS-ICMP6-ERQ-Out-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-NB_Name-Out-UDP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-SMB-Out-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Session-Out-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"{ED2BFF76-380D-4A47-A73D-75A172E6DAD8}" = v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|App=%ProgramFiles% (x86)\Internet Explorer\iexplore.exe|Name=Internet Explorer|
"{1C5A8952-AEC5-4356-B516-B7FD6DD12E60}" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RPort=8081|Name=McAfee Agent Logging|
"{B264B256-BCBA-4DDE-A687-C60A8101484A}" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=8081|Name=McAfee Agent Logging|
"CoreNet-IPv6-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|
"CoreNet-IPHTTPS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|
"CoreNet-Teredo-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|
"CoreNet-IGMP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|
"CoreNet-ICMP6-LD-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP6-LR2-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LR-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LQ-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-RS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-RA-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-NDA-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|
"CoreNet-GP-LSASS-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|
"CoreNet-DNS-Out-UDP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|
"CoreNet-GP-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|
"CoreNet-GP-NP-Out-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|
"CoreNet-IPv6-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|
"CoreNet-IPHTTPS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|
"CoreNet-Teredo-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|
"CoreNet-DHCPV6-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|
"CoreNet-DHCP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|
"CoreNet-IGMP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|
"CoreNet-ICMP6-LD-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP6-LR2-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LR-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LQ-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-RS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::2|RA6=fe80::/64|[email protected],-25008|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-RA-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA4=LocalSubnet|RA6=LocalSubnet|RA6=ff02::1|RA6=fe80::/64|[email protected],-25013|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-NDA-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|
"CoreNet-ICMP6-NDS-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|
"CoreNet-ICMP6-PP-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|
"CoreNet-ICMP6-TE-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|
"CoreNet-ICMP6-PTB-Out" = v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|
"RemoteEventLogSvc-RPCSS-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"WINRM-HTTP-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30267|
"WINRM-HTTP-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30267|
"WINRM-HTTP-Compat-In-TCP" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
"WINRM-HTTP-Compat-In-TCP-NoScope" = v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]
"LogDroppedPackets" = 1
"LogFilePath" = C:\Windows\system32\logfiles\firewall\pfirewall.log
"LogFileSize" = 16384
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]
"LogDroppedPackets" = 1
"LogFilePath" = C:\Windows\system32\logfiles\firewall\pfirewall.log
"LogFileSize" = 16384
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"Sharp AutoConfiguration Module" = C:\Windows\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"Sharp AutoConfiguration Module M453N" = C:\Windows\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"Sharp AutoConfiguration Module M455" = C:\Windows\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"Sharp AutoConfiguration Module M550" = C:\Windows\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"Sharp AutoConfiguration Module M620" = C:\Windows\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"Sharp AutoConfiguration Module M700" = C:\Windows\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"Sharp AutoConfiguration Module M850" = C:\Windows\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module" = %windir%\system32\spool\drivers\w32x86\3\SH2EACFM.exe:*:Enabled:Sharp AutoConfiguration Module
"%windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N" = %windir%\system32\spool\drivers\w32x86\3\SR0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M453N
"%windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455" = %windir%\system32\spool\drivers\w32x86\3\SH5EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M455
"%windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550" = %windir%\system32\spool\drivers\w32x86\3\SJ0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M550
"%windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620" = %windir%\system32\spool\drivers\w32x86\3\SN0HACFM.exe:*:Enabled:Sharp AutoConfiguration Module M620
"%windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700" = %windir%\system32\spool\drivers\w32x86\3\SJ1EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M700
"%windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850" = %windir%\system32\spool\drivers\w32x86\3\SP0EACFM.exe:*:Enabled:Sharp AutoConfiguration Module M850
"%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance" = %windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Windows Remote Assistance
"%ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles(x86)%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer" = %ProgramFiles%\Configuration Manager 2007\AdminUI\bin\i386\statview.exe:*:Enabled:ConfigMgr Utility - Status Message Viewer
"%ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles(x86)%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise" = %ProgramFiles%\Real\Realplayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise -- (RealNetworks, Inc.)
"%ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\java.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre7\bin\javaw.exe:*:Enabled:Java Runtime Environment -- (Oracle Corporation)
"%ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles(x86)%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\java.exe:*:Enabled:Java Runtime Environment
"%ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment" = %ProgramFiles%\Java\jre6\bin\javaw.exe:*:Enabled:Java Runtime Environment
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:SCCM Remote Tools" = 135:TCP:*:Enabled:SCCM Remote Tools
"2701:TCP:*:Enabled:SCCM Remote Tools" = 2701:TCP:*:Enabled:SCCM Remote Tools
"2702:TCP:*:Enabled:SCCM Remote Tools" = 2702:TCP:*:Enabled:SCCM Remote Tools
"3389:TCP:*:Enabled:Remote Assistance" = 3389:TCP:*:Enabled:Remote Assistance
"8081:TCP:*:Enabled:McAfee Agent Logging" = 8081:TCP:*:Enabled:McAfee Agent Logging
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log
"LogFileSize" = 16384
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 163.234.31.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AABB83A-C572-4FCC-A482-2BB9C322A91F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FE0E2202-6C9B-40E8-A849-8A209A6E0F66}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C7E377-8A36-40DF-8090-7C6B1B209259}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1180BE89-849C-4375-93D3-09F367204D29}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{284CFFD0-30C0-4546-86F8-6F38DF9D4133}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5B129B27-D469-4BB2-BE84-6A884C533229}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{8978D80E-547B-4F20-95A7-1EA97D1F7287}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{8FD1F39F-F6EC-4D38-AC20-671DDCEF8744}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{9564810C-44E1-418C-AD0F-D061A49D8A12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{B302BD73-522A-4B55-9B2B-EA58CAD0D4B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B4AF1D53-220A-47CD-8CE0-CD1F21F0F453}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{B9A9F625-8B4C-40D6-8926-916BEB292659}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{EA7F0A00-3015-49AA-8E40-4E7738209012}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{FF4FC7AB-D416-484B-BF24-AEBFCF08A62F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{129C5584-DB98-4A98-B28F-299C45E1E355}" = Microsoft Camera Codec Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22859902-78CE-40B0-9429-6FE7A00BBF85}" = NMAS Client
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{54031C8D-F80D-47BB-B3CA-5E9BD7750C27}" = NMAS Challenge Response Method
"{559D2B32-5066-4762-A2F2-52831AC6F67B}" = NICI (64 bit)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D390C5DD-9312-4F70-B3B1-4EAE635CDA17}" = Dell OpenManage Client Instrumentation
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services Sign-in Assistant
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v05.82.00
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8FA866-D2B9-45EA-928D-61CF32735427}" = hppPQVideoCM2320
"{0E218077-0341-4C54-AA23-6D06F3F6C416}" = Gen8 Runtime
"{1FC42DB5-92A2-4A9B-9A11-226F3E5AA241}" = Crystal Reports ActiveX Viewer XI
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{25F2AB39-E3DD-4CD7-8697-E98CF27BA1F1}" = Adobe Flash Player 11 ActiveX
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{339A691B-3DBE-4310-B3D2-1192863CF4C4}" = Central Registry 8_0 - Prod - Main Menu - Regions
"{501E4F62-257C-4FCE-960C-ABA85DC60AB0}" = hppTLBXFXCM2320
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5A2133A0-D9F3-49EA-ADB5-41634F6DB9E9}" = CCEDS 8_0 - Prod - Main Menu
"{5A6A811B-87D8-4156-B58E-25FB59587BA4}" = Crystal ActiveX Report Viewer Control
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6883DDA6-867E-4F63-9D5E-8F53FD40CDF4}" = Adobe Shockwave Player 11.6
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{80B70B4B-C90C-4938-A956-76F5021DE412}" = Cisco DART
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E47453AD-3CD6-40D0-A78B-AE906C8EE127}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE6ED5AE-4F78-4B50-ADA5-A8F24DBDC673}" = Cisco AnyConnect VPN Client
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32B674B-9168-47F7-814B-DD8EC52F0453}" = CID 8_0 - Prod - Main Menu
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D8FA588E-7CDC-43B0-ABAC-48F0EF736734}" = UTLite33
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{E19011A1-7833-4027-B201-EC1BD8979742}" = AllFusionGen 8_0 - Prod - Change Password
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"FileZilla Client" = FileZilla Client 3.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer Enterprise
"TrueCrypt" = TrueCrypt
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/22/2013 2:38:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/22/2013 2:39:08 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/22/2013 2:43:15 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/22/2013 2:44:43 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/22/2013 2:45:02 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = MsiInstaller | ID = 1013
Description =
Error - 2/22/2013 3:18:53 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/22/2013 3:55:34 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...CD2EFC6666.crt>
with error: This operation returned because the timeout period expired. .
Error - 2/26/2013 12:22:53 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/26/2013 2:35:06 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
Error - 2/26/2013 2:43:45 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 4/16/2013 12:09:29 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 12:09:29 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:27:34 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:27:34 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:27:34 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:27:34 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:57:03 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:57:03 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:57:03 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/16/2013 3:57:03 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ System Events ]
Error - 4/15/2013 5:28:05 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:28:05 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:30:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:30:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:30:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:35:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:35:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:35:13 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:37:19 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 4/15/2013 5:37:19 PM | Computer Name = PC048453.ms.tnrcc.state.tx.us | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
< End of report >
Edited by kawasmi247, 16 April 2013 - 03:06 PM.