OTL Extras logfile created on: 18-Mar-15 1:30:47 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IT ONLY - Do Not Use\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy 5.90 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 42.89% Memory free 11.81 Gb Paging File | 8.70 Gb Available in Paging File | 73.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488.98 Gb Total Space | 330.73 Gb Free Space | 67.64% Space Free | Partition Type: NTFS Drive E: | 5.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive X: | 427.73 Gb Total Space | 314.48 Gb Free Space | 73.52% Space Free | Partition Type: NTFS Computer Name: SERVER | User Name: IT ONLY - Do Not Use | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1979265528-3801424111-3190338410-1001\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0082E8C7-CF22-4E4B-B83C-854B2DDD6226}" = lport=2869 | protocol=6 | dir=in | app=system | "{04B0E841-749F-44F2-93C3-5B2CE1133085}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{0931851B-767F-4D44-BAA4-C0776A3AB949}" = lport=137 | protocol=17 | dir=in | app=system | "{11032717-8C17-40F3-AC91-08E7177082CF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{14FCEF17-A4F2-4601-89DC-3E9B34BF5F69}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{16C68B67-7764-4600-B905-42CDD236852C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D800C26-48D7-45D9-8CEB-9DB917D6E7E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{279B9A4F-20FF-4A7C-86A5-F08F08CB3079}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2925AE65-9B2E-48D9-A65C-F399C0BFE3D3}" = lport=139 | protocol=6 | dir=in | app=system | "{2A097454-FBFC-4398-AB39-9CFC0D375497}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{307842B7-027C-4ABB-8E2A-BDF092DE7175}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AC7B152-38C4-4628-A9D5-590C96DEA578}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3C2FC01A-0814-422F-BC8C-F8839AD1A9E1}" = lport=3050 | protocol=6 | dir=in | name=orgsched | "{609212EB-5423-4891-8C1A-2DA5E32599BF}" = lport=3390 | protocol=6 | dir=in | app=system | "{65A0D42C-2111-48BD-A38F-54F274014259}" = lport=8080 | protocol=6 | dir=in | name=kt | "{6D686A43-9FF0-4B8B-A40B-AF3BA76AEE54}" = lport=8080 | protocol=17 | dir=in | name=kt1 | "{6E7B1870-1D19-4CFE-B85C-D67B98C3A4C8}" = lport=10244 | protocol=6 | dir=in | app=system | "{73349C26-0536-483E-92E8-819A4B028C11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{77E3AACE-F27A-47D1-9CD3-96862FB92630}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{79238944-D620-4134-85CB-47EBC43FF4F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{916B38A5-8610-47C0-A97C-4D5762E40C12}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{92B757F5-C31A-4BFC-9D41-D3B7644E4F56}" = rport=445 | protocol=6 | dir=out | app=system | "{94BC9875-8351-4D49-9C92-017899566506}" = lport=138 | protocol=17 | dir=in | app=system | "{A48179EB-8FAF-49D3-951D-A9B1189E9E68}" = rport=10243 | protocol=6 | dir=out | app=system | "{A672EBA5-AAEF-476C-9F61-F4524E99563A}" = rport=138 | protocol=17 | dir=out | app=system | "{A6C47BE7-9B60-47FD-9152-BDC715ABA840}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A900847D-5C08-46FD-8C4A-2B0295219EAE}" = lport=3307 | protocol=17 | dir=in | name=kt3 | "{AA46D8B6-3AB7-4D16-93C6-9F542E7F34BD}" = lport=10243 | protocol=6 | dir=in | app=system | "{AE6DFBF6-6467-49A9-93A8-A12F14C4B719}" = lport=3051 | protocol=6 | dir=in | name=orgsched1 | "{C3406510-51D8-45F8-99C9-64C8CD1883DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CE4592D5-0D80-4A2A-AF80-D927460E494D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D09248A8-61FA-4C01-8FB1-60043E3CC026}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D494E3ED-60A3-4584-8207-6FC85EABB4FC}" = lport=2869 | protocol=6 | dir=in | app=system | "{D8BA5E6B-59D0-4311-A9CE-11B53C15CC72}" = lport=8888 | protocol=6 | dir=in | name=biuhttp | "{D9AFFEB7-3DE5-419F-8431-781C654F88C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCB30B62-1737-422B-9CE3-C2664BAA7F61}" = rport=139 | protocol=6 | dir=out | app=system | "{E2D3AB74-72FD-4F62-B06E-9ED2C430BF82}" = lport=3307 | protocol=6 | dir=in | name=kt2 | "{F1D747F0-22EE-4759-8B44-C640D7D9CF6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1E1ACEE-4C12-462A-9A00-975D68284F06}" = lport=445 | protocol=6 | dir=in | app=system | "{F317B59C-4585-4C69-8126-FB626A5F9297}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C8D587-A293-49EA-B0BF-FF81D3EB5181}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA261CB8-2DE2-4B32-8FB7-68B14E290A7A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF3548D4-5D7C-4B2F-8E4C-203B81E3B00E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DB39E43-08FF-4CBC-ABCE-1BB74D005CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{10E7B05B-F482-459B-985B-5AF3857C0072}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A0E31DB-6223-42A0-AB8A-206A1AED2F0C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1E51FC6A-5B2C-4531-8D08-1D1D8A83F76D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2430144F-9307-4C53-B25D-1195488897C0}" = protocol=6 | dir=out | app=system | "{2F899234-416D-4112-A62D-B1341281205A}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{36682B20-E912-40A1-93F3-FC07A6ED3D2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{39CA43F6-1D9D-420B-AD71-9C050D8444B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3E0F1AE9-BD69-488A-893B-7EFDDCA7E183}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{49F5F6AA-7ECC-4592-9730-0AC64045EEF4}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{4B5F155D-30CF-41FB-968A-BF81FABFD26D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4E1C7FF2-9822-4897-B207-C7846CB4D8D7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{4EF71A15-E282-4587-9BAC-7F41C0B3C2D5}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{512BE233-53E7-4DF1-995F-4D7AF8D54BEF}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5821E7FA-F66D-4040-8595-79343C522C68}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{60F0D1B2-8395-4522-95CF-289292AECCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{757E07D1-EBB5-455B-966F-6ADEABF342A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{776459D4-6746-4D4C-9FBD-67ED70464642}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{785BE678-5985-441B-8A68-DAFF4858C1E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7E1EC61F-3709-4679-AAF3-07E19C65256F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{88BB6051-8D36-4BDA-AF8F-DA83DAF786E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{945CBF3D-393F-4E3C-96B2-6CDBBE457F79}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{99EE91EC-00F6-4E44-9363-FE7CE7C1960E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{9AAD84AD-4B3C-4BBC-8566-C450964C6666}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{A2986D9E-E60D-44E7-887A-3A45E9DD444B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AA71372C-1A60-4888-84BD-9A8E77AAED78}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{AA88B6BF-5787-40E8-BC92-41EECC7F5E77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B1E981C7-62B3-42BE-AA37-AFA988A13050}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BB1A9569-2A54-4304-A3DC-F7B5704211F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C7741577-7FB1-4365-8F83-A4C4C8C0D3F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7908201-1E2E-4130-80BA-A958D5C95C60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EC6AC391-58A1-470A-B4AF-EB41AD619537}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE78C2E8-6089-4EEE-A05F-F1EDDFD4C6AD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{F2297454-8CB9-4BB1-9B07-10447206044F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{F6D672FF-B5A0-4B52-9564-5B549A4A2E58}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FEB0692A-FD64-4749-B9F6-7AB8C0359101}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{FFF5546A-C5D3-487A-B157-B08651E39F27}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "TCP Query User{1BB823EF-3D08-4AD3-BF37-6ACFDFCBD53A}C:\agiloft\bin\ant.exe" = protocol=6 | dir=in | app=c:\agiloft\bin\ant.exe | "TCP Query User{4C832446-E05C-42B5-81B3-8F26F3DCB97C}C:\users\it only - do not use\desktop\agiloft-spring-2013-release-19596-windows-64bit-setup.exe" = protocol=6 | dir=in | app=c:\users\it only - do not use\desktop\agiloft-spring-2013-release-19596-windows-64bit-setup.exe | "TCP Query User{4F249457-B147-49A8-B947-4106EC2DF2E0}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | "TCP Query User{534F4293-0CF5-4A02-95E9-09779AFBA031}C:\premier19\myobp.exe" = protocol=6 | dir=in | app=c:\premier19\myobp.exe | "TCP Query User{57E05933-3DB8-4A90-8E9F-89AEA0EDB6A9}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | "TCP Query User{72A50F79-58F7-4001-8B0B-29ACA35C05D6}C:\program files\ktdms\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\ktdms\mysql\bin\mysqld.exe | "TCP Query User{A3CE6C41-4EC5-46CD-A27D-D6F797600E26}C:\program files\ktdms\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\ktdms\apache2\bin\apache.exe | "TCP Query User{D9D5CF7C-637B-4C2F-97D3-AEB7EE8D8469}X:\premier19\myobp.exe" = protocol=6 | dir=in | app=x:\premier19\myobp.exe | "UDP Query User{353A8A14-E3F0-4457-98CA-8804630C8405}C:\program files\ktdms\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\ktdms\apache2\bin\apache.exe | "UDP Query User{5460E3C3-7120-4987-9DFE-FFAFF26F2433}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | "UDP Query User{54A12054-D5AA-4610-AA12-54CD079C0BC3}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | "UDP Query User{5C0A3428-C447-4287-B337-EB2D71B17802}C:\users\it only - do not use\desktop\agiloft-spring-2013-release-19596-windows-64bit-setup.exe" = protocol=17 | dir=in | app=c:\users\it only - do not use\desktop\agiloft-spring-2013-release-19596-windows-64bit-setup.exe | "UDP Query User{652945E0-28E5-42C8-ACEF-E1D703D35A9D}C:\program files\ktdms\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\ktdms\mysql\bin\mysqld.exe | "UDP Query User{6A150C47-0F6A-4C69-957D-F956F9130498}C:\agiloft\bin\ant.exe" = protocol=17 | dir=in | app=c:\agiloft\bin\ant.exe | "UDP Query User{7D85E996-CF1D-43D3-AE15-9A2F3F35A7B5}C:\premier19\myobp.exe" = protocol=17 | dir=in | app=c:\premier19\myobp.exe | "UDP Query User{A0124BF9-01F3-4D8E-9F97-5776B5DCD270}X:\premier19\myobp.exe" = protocol=17 | dir=in | app=x:\premier19\myobp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool "{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit) "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11 "{7AA348CE-190E-416B-839E-68E33CFEB580}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{A2AC0D43-9788-B1BD-B2A8-EFC758916BB1}" = AMD Drag and Drop Transcoding "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}" = AMD Wireless Display v3.0 "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{DF0B9A53-C87D-49F9-95E3-AEAAC8C4D77B}" = Command | Monitor "{F2A7CE36-57BF-5C86-952D-90DBF3746D82}" = AMD Catalyst Install Manager "{F7CD07B2-565B-D770-0388-9C16A8FA5B1D}" = AMD Accelerated Video Transcoding "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) "CNXT_AUDIO_HDA" = Conexant HD Audio "CutePDF Writer Installation" = CutePDF Writer 3.0 "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19.10 "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{151AE945-AA23-3834-D5C7-C60832B71B15}" = CCC Help Czech "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22 "{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31 "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{41982F90-951A-4B7F-A8FC-4154C3ACE05F}" = Database Oasis "{44A6C11C-D744-6B2C-D5A1-E32CB1DB0088}" = AMD Catalyst Control Center "{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}" = Google Earth Pro "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D83E500-4D0C-11DF-A750-005056C00008}" = Paragon Alignment Tool™ 3.0 "{4DC7C1AB-4389-B736-082D-1BFA6BC10293}" = CCC Help Greek "{51307F85-BD05-1938-8440-E88FD13585CA}" = CCC Help Chinese Traditional "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5565E164-9928-CEDD-5011-9EE073D797B9}" = CCC Help Japanese "{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS "{5947D004-A315-F50D-D24F-4C9D5B8413A5}" = CCC Help Spanish "{59DB38EB-F864-4E10-841D-38CFBCF864B0}" = Intel(R) Driver Update Utility 2.0 "{5AAF27C9-51C1-DEF1-230F-9F348E2DF885}" = CCC Help Russian "{5BBF2F0E-8891-0E74-83D3-0DBDB750EDC6}" = CCC Help Norwegian "{5C89D6B4-C8C4-08B9-4381-4E6C9BA3C094}" = CCC Help Italian "{64A47A55-1E5E-82F1-26A6-8157D34739A4}" = CCC Help Chinese Standard "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{6F82B192-2BEB-432E-B3A7-57F71FF28544}" = Dell OpenManage Inventory Agent (for Dell Business Client Systems) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{755C6015-01B7-475D-448A-CE4D35E68F38}" = CCC Help Dutch "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8409c4f7-2340-4933-a304-5d37db4fb48b}" = Intel® Driver Update Utility "{86CF0325-7921-55A6-16B2-254E77C40FE4}" = CCC Help French "{877AB8B2-9D11-D640-7B11-730699E0C9A2}" = CCC Help Swedish "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{98CB551E-EDB1-4535-82A6-E3258597F64E}" = Dell Digital Delivery "{9A974568-D4D5-EED2-1976-132C28211A82}" = CCC Help Korean "{A0ED9B46-5B37-616A-FDCC-3F713BC2972D}" = CCC Help German "{A11D86BF-B950-759B-3DBF-1575B76BF974}" = CCC Help Polish "{A4811E49-52E9-4F08-BAF3-99D9F24030D0}" = SUNIX Multi IO Controller "{A8D5B39E-815D-44BC-AC52-657FE3D2E21D}" = SUNIX Multi-IO Controller "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{AA14530E-3EF6-92AB-B39F-DB96F852BBBC}" = CCC Help Portuguese "{ABAD2544-D794-E1B1-2763-55A9BB811D5A}" = CCC Help Thai "{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) "{B3BE2947-BB03-6079-60DD-41B388BBC74A}" = Catalyst Control Center Graphics Previews Common "{B89357B0-C12E-F21E-7E8D-CA13BFED19C7}" = CCC Help Hungarian "{C31DE97E-56F0-45E1-A014-F75EC69DF7C5}" = Telstra Business Standard Gateway "{C5BE5386-0A43-32DD-9F2B-934B8CCCAC41}" = Catalyst Control Center Localization All "{C70E8FBB-10F3-1DFF-E35F-6D62264D7A80}" = CCC Help Finnish "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{E9C2BEC5-3BE0-4F78-AECC-A1542C2AAF8F}" = Command | Configure "{EC43C902-EF4F-0BF6-FA5F-897D2E450858}" = CCC Help Turkish "{EC542D5D-B608-4145-A8F7-749C02BE6D94}" = Dell Command | Update "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AB797F-31A3-A376-736B-9E0533BAB530}" = CCC Help English "{F3220B5E-9395-F557-8DB9-1E0F29D32026}" = CCC Help Danish "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "CutePDF Professional_is1" = CutePDF Professional 3.7 "FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32) "FileASSASSIN" = FileASSASSIN "InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19.10 "InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "KnowledgeTree DMS Community Edition 3.5.4a" = KnowledgeTree DMS Community Edition "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028 "Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OrgScheduler 1+1 Server and Admin tools_is1" = OrgScheduler 1+1 Server and Admin tools version 7.6 "Site Backup CP" = Site Backup CP "TeamViewer" = TeamViewer 10 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 17-Mar-15 11:34:10 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x11ac Faulting application start time: 0x01d060c7cc398049 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0de709fc-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:34:17 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1b8c Faulting application start time: 0x01d060c7d0f1b19c Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 12001512-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:34:18 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x18fc Faulting application start time: 0x01d060c7d48782e6 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 12a5a3f1-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:34:24 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1620 Faulting application start time: 0x01d060c7d51d0c34 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 16324d8a-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:34:24 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x3a8 Faulting application start time: 0x01d060c7cbca1c9f Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 166dcff0-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:35:01 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1ae0 Faulting application start time: 0x01d060c7eb26b032 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 2c3bca68-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:35:01 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1758 Faulting application start time: 0x01d060c7eaba80d6 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 2c7fb13e-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:35:39 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1a30 Faulting application start time: 0x01d060c80148e620 Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4304c84a-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:35:45 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x1874 Faulting application start time: 0x01d060c8057f3dcd Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 469060a2-ccbb-11e4-9e59-a41f726ddc5d Error - 17-Mar-15 11:35:46 AM | Computer Name = Server | Source = Application Error | ID = 1000 Description = Faulting application name: php.exe, version: 5.2.5.5, time stamp: 0x4733dfab Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002dfe4 Faulting process id: 0x368 Faulting application start time: 0x01d060c809113eca Faulting application path: C:\Program Files\ktdms\php\php.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 472b8f44-ccbb-11e4-9e59-a41f726ddc5d [ System Events ] Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7034 Description = The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s). Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7031 Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7034 Description = The Firebird Server - DefaultInstance service terminated unexpectedly. It has done this 1 time(s). Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7031 Description = The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7034 Description = The KTMysql service terminated unexpectedly. It has done this 1 time(s). Error - 17-Mar-15 11:20:27 AM | Computer Name = Server | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 17-Mar-15 11:20:57 AM | Computer Name = Server | Source = Service Control Manager | ID = 7038 Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%1352 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 17-Mar-15 11:20:57 AM | Computer Name = Server | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1069 < End of report >