Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google.com redirect from all domain / LAN computers


  • This topic is locked This topic is locked
31 replies to this topic

#1 Colin_BC

Colin_BC

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 19 June 2012 - 04:12 PM

This is a continuation of http://www.bleepingcomputer.com/forums/topic455867.html/page__gopid__2736045#entry2736045

I am posting regarding an intermittent issue I've observed on our domain computers. This issue can be very problematic for a short period of time and then it can vanish and leave things running smoothly. I've been noticing this on and off for the several months.

When the problem is front and center, users on our domain (Windows Server 2008 R2, AV = Eset NOD32) attempt to go to either google.com or google.ca and get redirected to various sites. At the end of last week, the redirect would be to http://www.cmu.edu/index.shtml. Today, google.ca works normally but google.com redirects to http://developer.yahoo.com/yql/console/. I have been able to get accessing these sites by pinging them and then typing in the returned IP address instead of google.com. EXAMPLE: As of this moment, google.com redirects to the yahoo developer page, but if I type the returned-ping address http://173.194.33.34 I get to google. Most the tabs at the top of the google page would then work, however the calendar tab redirects me to yql.yahooapis.com.

I don't know if this is relevant, but sometimes when I run the command ipconfig /flushdns with administrator rights, the issue temporary goes away (not always though). The computers on our domain are running Windows XP and Windows 7. This issue also impacts wireless devices such as our iPhones. When the wireless device is connected to our WiFi, they have issues accessing google as well, however when they are running off 3G, they have no issues. I expanded this further by trying to access google from my work PC and had the redirect issue. I then disabled my ethernet card and tethered my iPhone as a USB-Personal HotSpot and tried accessing google.com successfully from my work PC. I have tried this from other PC's as well with the same result. If the internet connection is coming from within the domain, the issue arises. If the connection is through a tethered 3G hotspot and bypasses our LAN, there is no issue.

If anyone is able to assist with this, I would greatly appreciate it. Please let me know what additional details may be required to further investigate this and I would be happy to provide them...


Colin
_________________________________________________________________________________________________________________________


PC-A DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by cclark at 11:51:45 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8126.5520 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\LTSVC\LTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digiarty\Air_Playit\airplayit.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\LTSvc\LTTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\cclark\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Socialcast\Socialcast Desktop\Socialcast Desktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\cclark\Desktop\gmer.exe
C:\Windows\System32\mstsc.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cclark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://10.10.2.2/main.htm
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\cclark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\cclark\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\cclark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\cclark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SOCIAL~1.LNK - C:\Program Files (x86)\Socialcast\Socialcast Desktop\Socialcast Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Windows\LTSvc\LTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTP~1.LNK -
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeForce II.url
uPolicies-explorer: NoWindowsUpdate = 0
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin_V2M = 5 (0x5)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: bleepingcomputer.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
TCP: Interfaces\{4EDF65FD-1FC2-454F-BAD8-4A6457E06086} : DhcpNameServer = 209.121.225.11 209.91.107.11
TCP: Interfaces\{6D86E3A9-3F17-4AB4-B405-4077CE611C6F} : DhcpNameServer = 209.121.225.11 209.91.107.11
TCP: Interfaces\{D18984CF-0DC4-4905-A7F6-2F2EB17E2167} : NameServer = 192.168.2.5,192.168.2.1
TCP: Interfaces\{D8AB4BD5-0A40-44EB-9279-6210FE90117D} : DhcpNameServer = 209.121.225.11 209.91.107.11
TCP: Interfaces\{FF6BCAFC-99F6-40EF-A18B-4693339B5850} : DhcpNameServer = 209.121.225.11 209.91.107.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cclark\AppData\Roaming\Mozilla\Firefox\Profiles\9neiy8oz.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [?]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-4-13 3246040]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-15 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 LTService;Tritech Monitoring Service;C:\Windows\LTSvc\LTSVC.exe [2011-7-4 12542976]
R2 LTSvcMon;Tritech Monitoring Service CheckUp Util;C:\Windows\LTSvc\LTSvcMon.exe [2011-7-4 96768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-13 2214504]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-5-24 386344]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-22 92592]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-14 09:22:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 09:22:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 09:22:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 09:22:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-04 19:40:33 60304 ----a-w- C:\Users\cclark\g2mdlhlpx.exe
2012-05-30 20:28:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-30 19:20:21 98816 ----a-w- C:\Windows\sed.exe
2012-05-30 19:20:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-30 19:20:21 256000 ----a-w- C:\Windows\PEV.exe
2012-05-30 19:20:21 208896 ----a-w- C:\Windows\MBR.exe
2012-05-29 19:27:52 -------- d-----w- C:\Users\cclark\AppData\Local\754190D0-73FE-4275-A382-714608CCF20C.aplzod
2012-05-29 09:06:21 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-29 09:06:21 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-29 09:06:20 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-29 09:06:20 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-29 09:06:20 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-29 09:05:49 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-29 09:05:33 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-29 09:05:22 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-29 09:05:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-28 17:32:16 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-28 17:29:21 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-24 17:41:14 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2012-05-24 17:41:12 -------- d-----w- C:\ProgramData\eSellerate
2012-05-24 17:41:12 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2012-05-24 15:28:07 -------- d-----w- C:\ProgramData\CLSK
2012-05-23 19:30:28 -------- d-----w- C:\Program Files\ESET
.
==================== Find3M ====================
.
2012-05-20 15:22:12 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-20 15:22:12 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-20 15:22:12 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-05 01:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:52:06.03 ===============





_________________________________________________________________________________________________


PC-A GMER.exe Log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-19 13:55:09
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272acab11
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272acab11@00237facdf83 0x90 0xD5 0xEB 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272acab11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272acab11@00237facdf83 0x90 0xD5 0xEB 0x20 ...

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 23 June 2012 - 06:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Colin_BC

Colin_BC
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 June 2012 - 12:42 PM

I've subscribed to this thread. Thanks m0le.

Colin

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 27 June 2012 - 07:10 PM

Can you run OTL for me, this will give me a few more areas to track this down. I will say that this is not malware - the redirections always go somewhere much worse than Yahoo dev...

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 30 June 2012 - 06:32 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 02 July 2012 - 06:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 03 July 2012 - 02:29 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#8 Colin_BC

Colin_BC
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 03 July 2012 - 02:41 PM

Thanks for re-opening this and thank you for the help so far! I had been away from the office with exams and holidays. Results are below for the two computers I ran this OTL scan on (PC-A is my work desktop PC and Server-A is our primary domain server:


PC-A OTL.txt:
OTL logfile created on: 03/07/2012 9:25:46 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cclark\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.94 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 62.15% Memory free
15.87 Gb Paging File | 12.78 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1068.15 Gb Free Space | 57.34% Space Free | Partition Type: NTFS
Drive K: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive L: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive M: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive S: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive Z: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS

Computer Name: QCHAIN-WS11 | User Name: cclark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/07/03 09:11:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cclark\Desktop\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\cclark\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/07 08:07:12 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Socialcast\Socialcast Desktop\Socialcast Desktop.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/22 21:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/13 13:06:25 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/01 19:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 19:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/01/12 16:39:52 | 000,270,424 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
PRC - [2010/11/16 03:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 08:43:18 | 004,772,768 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/06/14 03:00:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/14 02:46:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 02:39:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Users\cclark\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll
MOD - [2012/05/29 02:23:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:12:08 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/10 03:09:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:08:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 03:08:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 03:08:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:08:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/07 08:07:12 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Socialcast\Socialcast Desktop\Socialcast Desktop.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/30 16:34:38 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/08/19 17:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/20 08:22:22 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/20 08:22:12 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/26 14:59:42 | 000,096,768 | ---- | M] (LabTech Software) [Auto | Running] -- C:\Windows\LTSvc\LTSvcMon.exe -- (LTSvcMon)
SRV - [2012/03/29 15:07:36 | 012,542,976 | ---- | M] (LabTech Software) [Auto | Running] -- C:\Windows\LTSvc\LTSVC.exe -- (LTService)
SRV - [2012/01/22 21:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/13 13:06:25 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/01 19:55:24 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/19 18:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/20 08:22:12 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/13 13:06:38 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/04/13 13:05:58 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/04/13 13:05:40 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/04/13 13:04:58 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/05/20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/08/28 19:15:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/08/28 19:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 19:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011/01/11 19:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://10.10.2.2/main.htm
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 37 F4 21 5B 0B CC 01 [binary data]
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..\SearchScopes,DefaultScope = {90546F45-E7F3-4803-A2C2-46ACBF6AE928}
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..\SearchScopes\{90546F45-E7F3-4803-A2C2-46ACBF6AE928}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.2.125
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cclark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cclark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/05/23 12:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/19 16:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/28 10:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/23 12:30:28 | 000,000,000 | ---D | M]

[2011/07/12 09:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Extensions
[2011/07/12 09:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cclark\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/11/30 01:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cclark\AppData\Roaming\mozilla\Firefox\Profiles\9neiy8oz.default\extensions
[2011/09/28 14:39:24 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\cclark\AppData\Roaming\mozilla\Firefox\Profiles\9neiy8oz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/04/13 15:14:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\cclark\AppData\Roaming\mozilla\Firefox\Profiles\9neiy8oz.default\extensions\LogMeInClient@logmein.com
[2011/12/19 11:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/19 16:04:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/28 08:11:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/19 11:17:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/03/03 09:43:40 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/03 09:43:40 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/03 09:43:40 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/03 09:43:40 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Slingbox (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/npSlingPlayerChrome.dll
CHR - plugin: Slingbox (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/SBDS.ax
CHR - plugin: Slingbox (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/SBIL2.dll
CHR - plugin: Slingbox (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/sling_socket_layer.dll
CHR - plugin: Slingbox (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/SMST.dll
CHR - plugin: Sling Media AACDecoder Filter (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/AACDecoderDLL.ax
CHR - plugin: Sling Media H264Decoder Filter (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/H264DecoderDLL.ax
CHR - plugin: SlingPlayer (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/RCDownloader.dll
CHR - plugin: SlingPlayer Remote Control DLL (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/SPRemote.dll
CHR - plugin: zlib (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/zlib1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\cclark\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WebSlingPlayer = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\
CHR - Extension: Gmail = C:\Users\cclark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/30 11:57:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4038933237-2261227842-749657308-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4038933237-2261227842-749657308-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\cclark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\cclark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\cclark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\cclark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialcast Desktop.lnk = C:\Program Files (x86)\Socialcast\Socialcast Desktop\Socialcast Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin_V2M = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4038933237-2261227842-749657308-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4038933237-2261227842-749657308-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15:64bit: - ..Trusted Domains: tri-tech.com ([ms] * in Trusted sites)
O15 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..Trusted Domains: bleepingcomputer.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4038933237-2261227842-749657308-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qchain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EDF65FD-1FC2-454F-BAD8-4A6457E06086}: DhcpNameServer = 209.121.225.11 209.91.107.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D86E3A9-3F17-4AB4-B405-4077CE611C6F}: DhcpNameServer = 209.121.225.11 209.91.107.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D18984CF-0DC4-4905-A7F6-2F2EB17E2167}: NameServer = 192.168.2.5,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AB4BD5-0A40-44EB-9279-6210FE90117D}: DhcpNameServer = 209.121.225.11 209.91.107.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6BCAFC-99F6-40EF-A18B-4693339B5850}: DhcpNameServer = 209.121.225.11 209.91.107.11
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/02 12:42:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/03/21 15:31:18 | 000,000,000 | ---D | M] - S:\Autocad LT 2011 -- [ NTFS ]
O32 - AutoRun File - [2012/04/23 17:04:30 | 000,000,000 | ---D | M] - S:\Autodesk DWG TrueView -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 09:14:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cclark\Desktop\OTL.exe
[2012/06/27 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\cclark\Desktop\New folder (3)
[2012/06/21 15:07:42 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
[2012/06/21 14:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/21 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/21 14:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/21 14:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/19 11:29:34 | 000,000,000 | ---D | C] -- C:\Users\cclark\Desktop\TDSSKiller
[2012/06/19 08:35:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\cclark\Desktop\dds.scr
[2012/06/15 13:09:54 | 000,000,000 | ---D | C] -- C:\Users\cclark\Desktop\GooredFix Backups
[2012/06/15 13:06:31 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\cclark\Desktop\GooredFix.exe
[2012/06/14 02:30:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 02:30:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 02:30:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 02:30:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 02:30:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 02:30:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 02:30:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 02:30:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 02:30:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 02:30:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 02:30:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 02:30:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 02:30:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 02:22:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 02:22:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 02:22:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/05 10:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/06/05 10:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

========== Files - Modified Within 30 Days ==========

[2015/01/20 10:37:21 | 000,000,839 | ---- | M] () -- C:\Users\cclark\AppData\Roaming\MWCS.Dr_Batcher.Settings.xml
[2012/07/03 09:11:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cclark\Desktop\OTL.exe
[2012/07/03 08:55:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 08:38:57 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038933237-2261227842-749657308-1000UA.job
[2012/07/03 08:38:54 | 000,002,364 | ---- | M] () -- C:\Users\cclark\Desktop\Google Chrome.lnk
[2012/07/03 08:04:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 05:35:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038933237-2261227842-749657308-1000Core.job
[2012/06/29 09:51:07 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 09:51:07 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 12:06:13 | 000,002,062 | -H-- | M] () -- C:\Users\cclark\Documents\Default.rdp
[2012/06/27 16:01:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 16:01:05 | 2095,337,471 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 14:54:14 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 14:54:14 | 000,667,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 14:54:14 | 000,126,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 12:56:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/27 11:34:37 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/06/27 11:34:37 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2040.DAT
[2012/06/25 13:19:32 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7340.DAT
[2012/06/25 10:31:31 | 000,002,518 | ---- | M] () -- C:\Users\cclark\Desktop\Freight Cost Calculator.lnk
[2012/06/25 10:31:31 | 000,000,868 | ---- | M] () -- C:\Users\cclark\Desktop\Handbrake.lnk
[2012/06/25 10:31:30 | 000,001,006 | ---- | M] () -- C:\Users\cclark\Desktop\Air Playit.lnk
[2012/06/23 15:13:11 | 005,558,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/21 14:30:48 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/19 11:53:08 | 000,006,336 | ---- | M] () -- C:\Users\cclark\Desktop\Attach.zip
[2012/06/19 09:23:51 | 000,294,216 | ---- | M] () -- C:\Users\cclark\Desktop\gmer.zip
[2012/06/19 08:35:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\cclark\Desktop\dds.scr
[2012/06/19 08:28:47 | 000,000,000 | ---- | M] () -- C:\Users\cclark\defogger_reenable
[2012/06/19 08:27:48 | 000,050,477 | ---- | M] () -- C:\Users\cclark\Desktop\Defogger.exe
[2012/06/15 13:06:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\cclark\Desktop\GooredFix.exe
[2012/06/13 15:51:15 | 000,001,202 | ---- | M] () -- C:\Users\cclark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialcast Desktop.lnk
[2012/06/11 13:41:04 | 000,000,165 | ---- | M] () -- C:\Users\cclark\AppData\Local\49CRMTogether_OUTLOOK_DDC.dat
[2012/06/11 08:13:45 | 000,000,165 | ---- | M] () -- C:\Users\cclark\AppData\Local\CRMTogether_OUTLOOK_DDC.dat
[2012/06/11 08:11:55 | 000,000,163 | ---- | M] () -- C:\Users\cclark\AppData\Local\CRMTogether_OUTLOOK_BC.dat
[2012/06/05 10:54:50 | 000,001,053 | ---- | M] () -- C:\Users\cclark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/05 10:54:30 | 000,001,023 | ---- | M] () -- C:\Users\cclark\Desktop\Dropbox.lnk
[2012/06/05 10:36:20 | 000,001,101 | ---- | M] () -- C:\Users\cclark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/06/04 12:40:33 | 000,060,304 | ---- | M] () -- C:\Users\cclark\g2mdlhlpx.exe
[2012/06/04 12:39:13 | 000,000,163 | ---- | M] () -- C:\Users\cclark\AppData\Local\49CRMTogether_OUTLOOK_BC.dat

========== Files Created - No Company Name ==========

[2015/01/20 10:31:47 | 000,000,839 | ---- | C] () -- C:\Users\cclark\AppData\Roaming\MWCS.Dr_Batcher.Settings.xml
[2012/06/25 13:19:32 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7340.DAT
[2012/06/21 14:30:48 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/19 11:52:56 | 000,006,336 | ---- | C] () -- C:\Users\cclark\Desktop\Attach.zip
[2012/06/19 09:25:58 | 000,302,592 | ---- | C] () -- C:\Users\cclark\Desktop\gmer.exe
[2012/06/19 09:23:48 | 000,294,216 | ---- | C] () -- C:\Users\cclark\Desktop\gmer.zip
[2012/06/19 08:28:47 | 000,000,000 | ---- | C] () -- C:\Users\cclark\defogger_reenable
[2012/06/19 08:27:47 | 000,050,477 | ---- | C] () -- C:\Users\cclark\Desktop\Defogger.exe
[2012/06/04 12:40:33 | 000,060,304 | ---- | C] () -- C:\Users\cclark\g2mdlhlpx.exe
[2012/05/30 12:20:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/30 12:20:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/30 12:20:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/30 12:20:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/30 12:20:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 12:03:56 | 000,000,165 | ---- | C] () -- C:\Users\cclark\AppData\Local\-1CRMTogether_OUTLOOK_DDC.dat
[2012/02/24 10:40:55 | 000,388,089 | ---- | C] () -- C:\Users\cclark\CRV Registration.pdf
[2012/02/24 10:38:04 | 000,384,474 | ---- | C] () -- C:\Users\cclark\Scan8097.pdf
[2012/02/20 16:34:06 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7040.DAT
[2012/02/14 16:09:50 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/14 16:09:50 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2011/11/16 17:02:54 | 000,000,638 | ---- | C] () -- C:\Users\cclark\Colin - Shortcut.lnk
[2011/10/26 08:06:28 | 000,000,163 | ---- | C] () -- C:\Users\cclark\AppData\Local\-1CRMTogether_OUTLOOK_BC.dat
[2011/10/08 09:36:22 | 004,059,136 | ---- | C] () -- C:\Windows\SysWow64\qt-mt338.dll
[2011/10/08 09:36:22 | 000,393,216 | ---- | C] () -- C:\Windows\SysWow64\qwt.dll
[2011/10/08 09:36:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\qtundo.dll
[2011/09/21 15:52:07 | 000,000,000 | ---- | C] () -- C:\Users\cclark\net
[2011/08/17 10:36:38 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/08/11 10:59:32 | 000,000,165 | ---- | C] () -- C:\Users\cclark\AppData\Local\49CRMTogether_OUTLOOK_DDC.dat
[2011/08/11 09:38:08 | 000,000,163 | ---- | C] () -- C:\Users\cclark\AppData\Local\49CRMTogether_OUTLOOK_BC.dat
[2011/08/11 09:37:59 | 000,000,163 | ---- | C] () -- C:\Users\cclark\AppData\Local\CRMTogether_OUTLOOK_BC.dat
[2011/08/11 09:37:58 | 000,000,165 | ---- | C] () -- C:\Users\cclark\AppData\Local\CRMTogether_OUTLOOK_DDC.dat
[2011/08/11 09:37:14 | 000,022,913 | ---- | C] () -- C:\Users\cclark\AppData\Local\CRMTogether_OUTLOOK_Trans.dat
[2011/08/11 09:33:20 | 000,021,027 | ---- | C] () -- C:\Users\cclark\AppData\Local\CRMTogether_IE_Trans.dat
[2011/08/04 12:54:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\LaunchAppInSession.dll
[2011/08/04 12:54:17 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\PDFeXPLODElst.dll
[2011/05/31 08:11:29 | 000,006,812 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/24 15:40:10 | 000,000,600 | ---- | C] () -- C:\Users\cclark\AppData\Local\PUTTY.RND
[2011/05/03 10:59:31 | 000,573,440 | ---- | C] () -- C:\Windows\SysWow64\bvapi.dll
[2011/05/03 10:59:31 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\GVJPEG32.DLL
[2011/05/03 10:56:00 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/02 12:54:16 | 000,768,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/26 15:52:21 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\EUOD.DAT

< End of report >
___________________________________________________________________________________________________________________



PC-A Extras.txt:
OTL Extras logfile created on: 03/07/2012 9:25:47 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cclark\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.94 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 62.15% Memory free
15.87 Gb Paging File | 12.78 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1068.15 Gb Free Space | 57.34% Space Free | Partition Type: NTFS
Drive K: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive L: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive M: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive S: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive Z: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS

Computer Name: QCHAIN-WS11 | User Name: cclark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064A3494-6347-457D-8867-B6F317F6F37B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B7D4C0A-591B-4AE9-AE53-AABCC0E944C8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D376948-7F2D-4C33-BB41-80E6355EB26F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1EB0245B-41E7-4ED5-A809-883EC0F6F2C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26C8160F-D4BF-4EDE-8418-12B1CEAED626}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EAAA9FB-BA75-4333-8479-76A8037E9333}" = lport=51314 | protocol=6 | dir=in | name=rdp 51314 |
"{347045ED-8F60-45A3-B968-E6EC6B3E14B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37D9FA42-157F-4D4F-A4EB-0C4C00B2A816}" = lport=51314 | protocol=6 | dir=in | name=rdp |
"{3825C444-36B9-4A09-BA03-DD6A94D3A1BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{386A40DF-4C6A-4DD3-9E21-FB6B26E0E3D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C455E8C-B3DC-4A07-B466-E0AB24CCDE3C}" = lport=162 | protocol=17 | dir=in | name=allow netfastalk |
"{3D22B974-D9B9-4BEC-BB68-AD018A8E42CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{3FCB45C5-D66F-4AD8-9256-EDFAA27DB857}" = lport=445 | protocol=6 | dir=in | app=system |
"{419CD14F-254C-4121-B398-BAED19335292}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41ADA895-C90F-402B-AB9B-A21227B8DCD0}" = lport=138 | protocol=17 | dir=in | app=system |
"{437C2357-CDAF-443D-96E1-DD0C4BF9F779}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{456F87FD-9A28-413A-ADC0-4A16285F5075}" = lport=3396 | protocol=6 | dir=in | name=rdp-colin |
"{5B9D4C93-9907-4CB9-9B19-1DEFA735CC54}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A7A6679-CB2C-4385-877B-63A94521CED3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6DD0B0D7-301E-41B1-98C7-4A3A0109E656}" = lport=3389 | protocol=6 | dir=in | app=system |
"{7526CEFF-31D7-4306-8423-0F3D954A0D62}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{800E6530-2E1E-45F0-9B4A-C10931AA52A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{88219F51-357F-402E-B61E-34AACC0E433A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8C741EE2-A88C-45AD-B1E6-77E6FA9EEC67}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{94EC9AFC-0C8A-4A62-B1EB-DC71B470E3E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{A57D4C9B-F349-4E65-9CB9-0FBA890CCCA0}" = lport=137 | protocol=17 | dir=in | app=system |
"{B76BD788-9402-4A89-9DC6-CB3D35787153}" = lport=4995 | protocol=6 | dir=in | name=allow local vnc |
"{DCA0DAFF-E933-400E-8BBA-27040EC626BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E03BCDAB-4EC0-4CA2-A84C-44DDC609400C}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1DFD77D-7799-4349-845B-73E0C52F0AE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAE15861-1D57-4B90-94DC-47113FC176B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041AFA45-EE1E-40CC-83C2-842C58B48048}" = protocol=17 | dir=in | name=allow tunnel |
"{09AA03E1-F140-4770-B3AA-681B66606847}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D358ADB-09B2-412C-A37F-20656FDCB65E}" = protocol=6 | dir=in | name=allow local redir |
"{14772954-C3E1-49AC-85E2-39F61F727596}" = dir=in | app=c:\windows\ltsvc\ltsvc.exe |
"{16AC3139-9AB5-47E4-9C71-9EF142FC18A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{26F79925-1F80-492F-A7B8-D759D8FA0307}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{30069EE8-0136-4AFC-9F52-21270E4B51DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{3EEC1DF0-587E-4E54-A98F-5026C2933F54}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{40F04D0D-B00F-4EC9-BCB0-D787D333549F}" = protocol=17 | dir=out | name=allow tunnel |
"{467629ED-E3E1-4B17-96ED-A8BA1128B76C}" = protocol=6 | dir=in | app=c:\users\cclark\appdata\roaming\dropbox\bin\dropbox.exe |
"{49816612-E3AA-492E-B68E-A34F58D11647}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{4C197BC9-3EA3-472E-A5E8-175D2D5A610C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4E78EAA4-FD77-41FD-A331-8EA2F1715A1E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{522B7450-FACD-4794-9E64-8328D4033BFD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{561256A2-BC04-449A-A0F7-D74BD03DEEE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{57AA2BCA-1517-461B-BD7E-CB5A06572297}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{598B5C52-41A1-45C2-B50B-C3E11E28464F}" = dir=in | app=c:\windows\ltsvc\lttray.exe |
"{5DE58707-18ED-419C-B2D0-7F3478340C00}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{60651691-6939-4C59-B32E-618F3A3CC0EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{656D264A-C89C-45BD-B314-F9908F25454C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{68553CB8-8873-4DB2-A25B-6965EF1F22D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A1E7D14-4CE4-4299-9CEC-E60A5EC052A6}" = protocol=6 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{6AE6535F-2373-47E5-9842-3112DE464887}" = protocol=17 | dir=in | app=c:\program files (x86)\pervasive software\psql\bin\w3dbsmgr.exe |
"{6DD74EAA-B821-4284-9449-9468AB076CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89F44839-1654-4183-8250-A9F0ECA20771}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8C6A1739-B04F-441B-AF21-B0D05DA253A9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9D18F234-2F14-45DE-89CA-24779854537F}" = protocol=6 | dir=in | name=allow local redir |
"{9D7A7C1D-828A-47D6-AE3C-97CD8D95CAEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5C8E1D3-4950-4311-AA6F-25E09E3F8C8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7DC4CC7-54F1-46BF-BD17-663922A9E03B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{A8479BCF-D4FF-413D-96AC-AF523B485333}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE709B8B-66B4-4833-9060-2424B4892361}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B006E4E3-E1A0-47E9-BC65-A04CEF70E595}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B0BDDBCA-13AF-4C30-A74F-6AEFB9F039E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B3428611-AD51-4A8D-B939-C5CC1A6CA816}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B6DF8C6B-B971-4589-9B8C-5607746BAC01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BBF044EC-D28F-4910-A919-3DB380EE42FB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C0C56428-B073-464A-B508-98A755A793AF}" = dir=out | app=c:\windows\ltsvc\lttray.exe |
"{C18D31AC-A229-4666-B1FC-9287BF8D69FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C191CFDC-65B0-4D4F-904A-32A36D4A7079}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2DC7D90-04F5-4610-96C1-8F2B9FC4FC92}" = dir=in | app=c:\windows\ltsvc\ltsvcmon.exe |
"{DB454FF8-14AA-4338-9BC8-4E27FE10C457}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DD1E9D02-1F52-487C-8FB5-FC3809184CD2}" = protocol=17 | dir=out | name=allow tunnel stunrelay |
"{EA603C37-4C96-4381-AAD1-27B946681E9B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EADB3D63-B401-4FE6-9932-61D508166F75}" = dir=out | app=c:\windows\ltsvc\ltsvc.exe |
"{EB611B1A-6E41-452B-83FE-99DCA94003D8}" = dir=out | app=c:\windows\ltsvc\ltsvcmon.exe |
"{F3B95963-D62B-4B13-BC86-62348E7E371E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F799B1A8-05F2-476B-93E0-C57D173F1A50}" = protocol=17 | dir=in | app=c:\users\cclark\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{14BE97A9-0D20-412A-B048-BE2E8CF7DBAB}C:\program files (x86)\d-link\ap manager for dwl-7200ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\d-link\ap manager for dwl-7200ap\apmgr7xxx.exe |
"TCP Query User{29A66A0B-AC1E-414A-B741-0D6ADA614A10}C:\users\cclark\downloads\jailbreak iphone\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\cclark\downloads\jailbreak iphone\redsn0w_win_0.9.10b1\redsn0w.exe |
"TCP Query User{37A22762-4B18-4529-8B7E-A08BCED377D0}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |
"TCP Query User{446DCAF5-72CF-49F5-A7FF-6D2F8BA32D03}C:\program files\digiarty\air_playit\airps.exe" = protocol=6 | dir=in | app=c:\program files\digiarty\air_playit\airps.exe |
"TCP Query User{6DB77949-8044-4BBE-AD26-1F7CFEFD0676}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{7CA972C3-99C6-47E4-B6C6-A1DA8337D7E1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{8D7413D5-D3A6-43F0-B99D-EB8266E8604A}C:\program files\digiarty\air_playit\airps.exe" = protocol=6 | dir=in | app=c:\program files\digiarty\air_playit\airps.exe |
"TCP Query User{9987B975-C9BB-458A-839C-5EEB7220D25A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B5680F87-5968-442D-85B4-6641142CB51F}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |
"TCP Query User{C829F780-0B8D-43CE-AF8E-A37D142A76DA}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |
"TCP Query User{FB6BA27B-F9F2-4A1E-9363-BDEEF3220A50}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{079FE21C-8EAA-455E-A02D-252DCDACC5F6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{0AC0D07C-4FF1-4E68-9D71-294538B56AEF}C:\program files\digiarty\air_playit\airps.exe" = protocol=17 | dir=in | app=c:\program files\digiarty\air_playit\airps.exe |
"UDP Query User{0C0D5520-9195-418A-9373-F2575DFD186D}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |
"UDP Query User{2E4B029A-926E-43F8-8887-D112505160EF}C:\program files (x86)\d-link\ap manager for dwl-7200ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\d-link\ap manager for dwl-7200ap\apmgr7xxx.exe |
"UDP Query User{36986693-18EF-4E0B-9796-333AAC9ACCCE}C:\program files\digiarty\air_playit\airps.exe" = protocol=17 | dir=in | app=c:\program files\digiarty\air_playit\airps.exe |
"UDP Query User{6C47E09E-9E5A-42B5-9B18-5CDA38AD0B48}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |
"UDP Query User{7354BA28-B929-471F-900D-8B4A67D9A238}C:\users\cclark\downloads\jailbreak iphone\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\cclark\downloads\jailbreak iphone\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{9CE299D6-995F-4D45-B44C-B0C566DE0C10}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{A4D11805-2061-462D-ACE6-FD7DF7A684C9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B44C744A-DF8D-476A-B52D-0BEFFB6FA7F5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CB372988-5F95-488B-A252-D1EF40FAB4ED}C:\program files (x86)\konica minolta\ftp utility\kmftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konica minolta\ftp utility\kmftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{358E87EA-E2A4-4021-AE5B-2D9D035C7D0F}" = Socialcast for Outlook
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50E9E32F-063A-412A-9627-553D5DA57C17}" = ESET NOD32 Antivirus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1" = Adobe Reader 64-bit fixes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C121EB6A-4D4A-4E24-BA99-4797F6A1231F}" = Fresco Logic USB3.0 Host Controller
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Air Playit_is1" = Air Playit 2.0.0
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00183566-044A-465F-A316-97665F7DB343}" = platform.sdk.boe.com.slplugins.binfiles-4.0-core-32
"{003C2709-D01A-4F26-9D9B-A56A6751972D}" = connectivity.connectionserver.drivers.sybase.ctlib.config-4.0-core-nu
"{00C257BD-C218-4958-A09D-CEBD455443B8}" = connectivity.connectionserver.drivers.mysql.odbc-4.0-core-32
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02D3D6E6-9549-4540-8DB7-131DFBDAD47D}" = foundation.bcm.java.classes-4.0-core-nu
"{03193771-8DC4-40C8-99FA-DBC3BAEA6D3E}" = crystalreports.dataaccess.driver.psenterprise-4.0-core-32
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03C8BC71-C012-453E-B20A-BCA9F28D8651}" = crystalreports.dataaccess.driver.db2-4.0-en-32
"{04396999-6ADD-4927-914C-45C3ED13365D}" = informationengine.qt.drivers.progress.jdbc-4.0-core-nu
"{045617C0-E56C-45D5-9DB6-4BE975AED05A}" = platform.sdk.boe.java.classes-4.0-core-nu
"{0471DE53-F859-4591-AFD0-DD22A6CB9CC2}" = tp.ooc.java-4.0.5-core-nu
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{05031260-71CD-4E74-B53C-A0C795B5EB6F}" = crystalreports.dataaccess.driver.p2dbase-4.0-en-32
"{05EB0B18-C877-4C72-9244-5F60E12AB61E}" = crystalreports.partner.shared.java.siebel-4.0-core-nu
"{065D9868-DD39-4DE6-8F6F-85A8423BE641}" = D-Link AirPremier AG AP Manager for DWL-7200AP
"{07DD51EB-D521-43EC-9AA0-21652E1295E8}" = tp.netegrity.siteminder.cpp.smagent-6.0-core-32
"{0842CE13-B2FF-49FA-BE59-96ECE08857BA}" = crystalreports.boe.sdkplugins.java.crlov-4.0-core-nu
"{08B53286-F776-4BAF-8544-1FE7520E4048}" = tp.datadirect.cpp-6.0-core-32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{092D9D9F-78DE-4E22-933A-2B0E8CC29B9B}" = tp.eclipse.aspectj.classes-1.6.5-core-nu
"{09C0F5C8-2AEB-4A42-B850-FF9882693CB6}" = crystalreports.boe.sdkplugins.java.managedreports-4.0-core-nu
"{0A0C9850-5754-4812-8615-1F78A059E3B6}" = crystalreports.cpp.runtimeshare-4.0-core-32
"{0A262EA4-D727-40BC-84AC-154D6F5D1B70}" = crystalreports.cpp.businessview.sdk-4.0-en-32
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{0B18FC59-1FFB-4E89-A757-F2D89BC077F7}" = connectivity.connectionserver.drivers.informix.odbc-4.0-core-32
"{0BBA949B-FF59-4E22-BD76-9197533FACB3}" = tp.apache.commons.java.classes-3.1-core-nu
"{0BCC554D-5820-4963-9223-339329E307C5}" = tp.ooc.cpp-3.3.2-core-32
"{0BCE936F-1719-4667-A9D4-6F9E6A3016DC}" = platform.library.common.authentication.jdedwards-4.0-core-32
"{0CA4293C-8902-4DC3-B844-ABF26558E0FC}" = crystalreports.cpp.filedialog-4.0-en-32
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D5679E0-7575-4E2D-BFCF-1CC052CD8316}" = crystalreports.dataaccess.driver.sap-4.0-en-32
"{0DAF19E3-1F7C-4A9A-8DF3-E9C977C6D6A1}" = connectivity.connectionserver.drivers.teradata.odbc.config-4.0-en-nu
"{0DFBA76C-C5E2-4B96-A741-633C0F465F41}" = repoaccess.bo_storage-4.0-core-32
"{0e82b428-0e61-11db-9609-00e08161165f}" = PDF-eXPLODE 2.3.11
"{0EB2ABA3-0867-4684-88C6-AF38F93B6C8B}" = platform.sdk.boe.java.sap.plugins_bundle-4.0-core-nu
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{111D6660-D51A-4D11-A4B7-D2A87A13110A}" = crystalreports.dataaccess.driver.filesystem-4.0-core-32
"{119BE0EF-59D9-4612-B3F4-675152BD1168}" = tp.apache.log4j.bundle-1.2.6_sap.1-core-nu
"{120B73E9-E544-43AB-A147-394E23B5865D}" = cvom.java.ui_helpers-4.0-core-nu
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{137E9F19-AE30-4DC1-B7AA-F1E83308BBC1}" = crystalreports.dataaccess.driver.java-4.0-core-nu
"{13976822-8340-4422-B586-FF9A2BC837EF}" = repoaccess.async_scheduling-4.0-core-32
"{13EC197B-95A6-4295-99DA-D1A0D26C0F96}" = tp.apache.derby.classes-10.2.2.0-core-nu
"{1425445E-F894-4C79-B092-5873AD856C82}" = shared.library.keycode.defn-4.0-core-32
"{149056B0-4C7F-4126-8EEF-66260105F4CA}" = product.shared.installiverse.reg-4.0-core-nu
"{15201CB5-8209-4F26-B6B9-7B0844DD07C7}" = tp.ibm.icu.java-3.8.1-core-nu
"{1570CC8F-7688-48E9-8FC9-454E43FFD1B9}" = crystalreports.cpp.designer-4.0-en-32
"{16EDDC5F-1E16-4524-BA3C-4171ABC86052}" = crystalreports.cpp.exporting.u2fpdf-4.0-en-32
"{17221B10-14A6-4E0E-8E9B-E5628B70866D}" = crystalreports.dataaccess.driver.adoplus-4.0-en-32
"{172D8E90-C81A-4704-9D5B-E10D62723303}" = olap.analysis.implementation.cpp.sofa-4.0-core-32
"{1957C0C6-D0DC-4EC1-97AE-14B34D5573FF}" = crystalreports.cpp.help-4.0-core-32
"{19F81A92-996D-4A67-9642-A2B6BF632762}" = crystalreports.cpp.exporting.u2frdef-4.0-core-32
"{1AC03186-5F8F-45F7-B0EE-AF5540474C01}" = platform.sdk.boe.com.slplugins.pinfiles-4.0-core-nu
"{1B1E4BFC-81A1-4BAD-AB58-15F136361F1D}" = shared.library.cxlib.cxlib-4.0-core-32
"{1B2D7B3A-7D62-44CC-B894-12B9836F1DB4}" = crystalreports.boe.serviceplugins.pss.java-4.0-core-nu
"{1B62A129-B2D0-49BA-90A8-45275CA2C685}" = crystalreports.cpp.businessview.sdk-4.0-core-32
"{1BCE57A1-9C66-48E7-B260-986A988B0551}" = crystalreports.cpp.exporting.u2fxml-4.0-en-32
"{1C3CEB55-5B02-40D4-AB3B-A53A2FAA00E4}" = crystalreports.dataaccess.driver.p2sexchange-4.0-core-32
"{1C91B2E9-5FD4-49F6-A1CB-5823996819D0}" = crystalreports.cpp.exporting.u2dmapi-4.0-en-32
"{1CEA7276-10B2-4825-B971-D42611A730E4}" = connectivity.connectionserver.drivers.sybase.ctlib.config-4.0-en-nu
"{1D1B8E0D-0F83-4E9F-B9C5-D902A42DB9DD}" = shared.library.keycode.licmgr-4.0-core-32
"{1E17A1F9-66D2-437E-BF43-8E74B61D4103}" = tp.shared.pvlocale.pvlocale-4.0-core-32
"{1E6ADBED-AF09-429E-9593-2E4D87B34824}" = crystalreports.boe.sdkplugins.java-4.0-core-nu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC19888-84F9-4F1F-AC8D-5F78BAF6873A}" = platform.client.java.helper.supportability-4.0-core-nu
"{203768F0-9191-4637-8DB9-213AC6788D2D}" = platform.sdk.boe.java.oracle-4.0-core-nu
"{2068CE2D-0BE0-4DB7-8656-B80F39A1B984}" = crystalreports.cpp.exporting.u2fxml-4.0-core-32
"{208BC68F-0ED2-4999-A10E-FF7D525F0D96}" = crystalreports.cpp.exporting.u2dapp-4.0-core-32
"{2102B99E-4919-45E6-A8AD-2791D6287A9F}" = tp.apache.log4j.nteventlogappender-1.2.6_sap.1-core-32
"{211559AF-C2FB-474E-B65B-780BECD70039}" = repoaccess.cdztools.java-4.0-core-nu
"{214BC6BB-69DE-4EFC-94E8-3470BB848A01}" = platform.library.common.authentication.peoplesoft-4.0-core-32
"{231EA591-7684-4DB2-8D58-860C7D679DAE}" = repoaccess.cdztools-4.0-core-32
"{2379C3A0-C598-473C-9D40-1B162E99FDF2}" = connectivity.connectionserver.drivers.mysql.jdbc-4.0-core-nu
"{241C8DE5-7658-47AE-9B2C-211D8FECF4EB}" = connectivity.connectionserver.drivers.neoview.odbc.config-4.0-core-nu
"{25021BF2-3DF7-4C74-B838-EC955407C0C4}" = repoaccess.container-4.0-core-32
"{253F42B5-C134-4343-AFB3-3411D7AF2EC2}" = crystalreports.dataaccess.driver.wic-4.0-en-32
"{25BEFC75-25B6-4489-B617-C98EF170891E}" = crystalreports.cpp.ras.bv-4.0-en-32
"{261ADA1F-9D61-4250-87C9-CDED6C336946}" = tp.sun.jdk-1.6-core-32
"{264D45FD-C5D7-4FB4-82AE-21E3149A5DAD}" = crystalreports.cpp.designer-4.0-core-32
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26E7D39D-2CA8-4990-A1EE-1DE6201AE60F}" = crystalreports.dataaccess.driver.p2slog-4.0-en-32
"{27826709-CF56-47B8-A786-D43531F85BCE}" = connectivity.connectionserver.drivers.mysql.jdbc-4.0-en-nu
"{27A3A252-511F-4E30-9F07-F659EBA3737F}" = platform.sdk.boe.java.jdedwards.plugins_bundle-4.0-core-nu
"{286C7E44-1A23-4708-8CDB-FD968A7EF89E}" = product.crystalreports.eula-4.0-core-32
"{28C35E21-6389-4C2B-B0EC-C56CF189F40A}" = crystalreports.cpp.exporting.u2dvim-4.0-core-32
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BBE1B12-EFAF-4AA8-A9A8-0D8BCD8A5CEF}" = crystalreports.rptpubwiz.cpp-4.0-core-32
"{2C9A7DCC-D420-4524-A374-8D64020AF415}" = repoaccess.repo_proxy.cpp-4.0-core-32
"{2CD5694D-55F2-422B-8E2F-8E93476FB8BF}" = connectivity.connectionserver.drivers.teradata.odbc.config-4.0-core-nu
"{2E2FBBCB-EFFD-4D25-B07C-B8BF3801CF00}" = crystalreports.dataaccess.driver.p2bbde-4.0-en-32
"{2F1A990F-7E11-42C3-8764-59781E61A880}" = crystalreports.cpp.exporting.u2fodbc-4.0-core-32
"{2F4C3E0B-8D8D-4812-8C73-0CC4ED1554FC}" = tp.datadirect.cpp.optional-6.0-core-32
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{31106887-7C6F-43FD-A5A5-3A7430324E6D}" = Required Runtimes
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3355ACAE-8BC0-4FBA-993E-3D9E45FAC159}" = connectivity.connectionserver.drivers.teradata.odbc-4.0-core-32
"{33F42F0A-FC34-4266-988D-229F90A04C70}" = tp.azalea.fonts-5.5-core-nu
"{347E5CD0-9D45-42C7-AD2C-8C1C926F087E}" = connectivity.connectionserver.tools.cscheck-4.0-core-32
"{3551D350-BFCF-4CD1-9D2A-2F21A5D418EB}" = tools.astools.cpp-4.0-core-32
"{363A7D16-636C-4292-ACF8-D6BE18E9C812}" = informationengine.qt.drivers.informix.odbc.config-4.0-core-nu
"{37873A77-9D7E-43F6-AEB6-F55B105F5719}" = connectivity.connectionserver.client.http.cpp-4.0-core-32
"{37C96B84-3F8F-48FB-9F92-248E6C4EFE72}" = platform.library.common.authentication.jdedwards.java-4.0-core-nu
"{3837A019-925A-4B60-84B0-F59B01AFE252}" = tools.wstk.webcontent-4.0-core-nu
"{3882DB27-8862-42B1-8289-BA552B63CC04}" = crystalreports.dataaccess.driver.ado-4.0-en-32
"{3953A794-6532-4DC7-8BA8-206FDCD84961}" = repoaccess.cdztools.oldregistry-4.0-en-32
"{39870BF7-6447-44B9-8F6A-444F63E36ADE}" = crystalreports.cpp.exporting.u2frec-4.0-en-32
"{39D270D0-DD9C-4B8B-A696-EBFE7CFFFC2E}" = Crystal Reports 2011
"{3ACBE84D-8294-4E8F-A25B-17D16EA89F59}" = crystalreports.dataaccess.driver.btrieve-4.0-en-32
"{3BA941B2-6355-4A34-B5FF-239D937FB37C}" = crystalreports.cpp.exporting.u2fcr-4.0-en-32
"{3BBFEE93-ECF6-45D1-B0F8-A42CDA18272A}" = crystalreports.partner.shared.cpp.pvlmapping-4.0-core-32
"{3E03E16A-E510-499F-A336-2DB38FE31826}" = connectivity.connectionserver.helpers.cpp-4.0-core-32
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F41C84D-EDFD-4541-9160-9220BEFBA6FC}" = crystalreports.cpp.exporting.u2fsepv-4.0-core-32
"{3FFBE1CA-FBDF-40B6-ADD9-A24CC414BFB5}" = connectivity.connectionserver.drivers.jdbc.core-4.0-core-nu
"{408C09C5-F432-4A96-9204-81FBC6285EF2}" = tp.apache.derby-10.2.2.0-core-nu
"{408C7827-E50F-48BB-9C35-6E9E1A6A0783}" = platform.sdk.boe.java.siebel-4.0-core-nu
"{4146E5B9-2477-49D0-BF41-526DF4A3CE6C}" = connectivity.connectionserver.drivers.mysql.odbc.config-4.0-core-nu
"{421A23F1-4A22-4C9C-9BD0-0F4EDBD98D41}" = informationengine.qt.drivers.neoview.odbc.config-4.0-core-nu
"{42FD6111-7BDC-41A4-8A39-BD3D5833C351}" = repoaccess.container.admintool.java-4.0-core-nu
"{44646E59-3486-4D66-B405-4A6229318912}" = crystalreports.dataaccess.driver.db2-4.0-core-32
"{448C65A8-9210-41AC-BA18-DB2B27168F60}" = crystalreports.cpp.saptoolbar-4.0-core-32
"{46117992-0D6E-42AF-AD60-B00D53DFF82E}" = crystalreports.dataaccess.driver.sforce-4.0-core-32
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite DCP-7040
"{46ECA05C-6C4D-463C-9301-F4B97F7CBE42}" = tp.mapinfo.mapx.cpp-3.5-core-32
"{4842F5C8-C54B-49EF-A966-5E3024BE1D7D}" = tp.libxml2-2.0-core-32
"{4990290C-DD59-4650-AD0C-2C22C2B645EE}" = informationengine.qt.drivers.netezza.jdbc-4.0-core-nu
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A171F4F-5E16-43D7-8127-260070F986C0}" = tp.apache.commons.java-3.1-core-nu
"{4A62A2D2-F59C-41EA-959F-3F6D0E080E42}" = crystalreports.dataaccess.driver.ado-4.0-core-32
"{4BA74AA2-41EE-46C5-8A5D-A0FBEC58136B}" = connectivity.connectionserver.drivers.progress.jdbc-4.0-en-nu
"{4BE10A6A-9622-4203-89DF-2A2030C2744D}" = informationengine.qt.drivers.netezza.odbc.config-4.0-core-nu
"{4EA19F84-7171-47D8-BD55-627556F77A7D}" = crystalreports.cpp.charthelp-4.0-en-32
"{4EC32E69-21CA-46F1-9A1E-54352124187F}" = connectivity.connectionserver.drivers.informix.odbc.config-4.0-core-nu
"{4FDC0B16-DD50-40D2-9DA7-5D0A22E6678D}" = crystalreports.cpp.exporting.u2frdef-4.0-en-32
"{520C9ACB-6AD9-4FCA-BE6C-0E42751CA1BC}" = crystalreports.dataaccess.driver.sforce-4.0-en-32
"{526EEB53-69DA-42F4-9B57-B9E44DE78894}" = crystalreports.cpp.exporting.u2dnotes-4.0-en-32
"{52D8FED6-4598-48C9-9310-8BA521B567EA}" = shared.library.keycode.licmgr-4.0-en-32
"{5345EEC3-7058-40C9-89FF-2032B3F51722}" = Sage BusinessVision Report Designer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54A1909A-B141-45F2-A699-08C13A2493BB}" = informationengine.qt.drivers.progress.odbc.config-4.0-core-32
"{5603F784-FBEC-4BA5-8EC2-818E657B97CA}" = tp.apache.axis2-1.3-core-nu
"{563912FA-A205-4BF1-A194-77618D51B643}" = tp.apache.axis-1.3-core-nu
"{5744176C-5DF5-49AD-B836-9B0CA5B6A04B}" = foundation.bcm.cpp-4.0-core-32
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{5806653B-211D-4E37-A2A9-008909E77721}" = tp.sap.ncs-720-core-32
"{5832C56A-5BF6-40FE-825D-24072F6539FB}" = crystalreports.cpp.exporting.u2fpdf-4.0-core-32
"{58CCC4E6-6884-412B-A892-3D0991091B95}" = crystalreports.cpp.exporting.u2dpost-4.0-en-32
"{598D7B74-24CF-4234-A54B-C21F918D863F}" = connectivity.connectionserver.drivers.mysql.odbc.config-4.0-en-nu
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B5C5E2E-A759-4830-8356-21760F83AC86}" = tp.sourceforge.libpng.cpp-1.0.30-core-32
"{5BB10062-2FFD-4EC6-B898-329F8F4CB4E0}" = crystalreports.cpp.share-4.0-en-32
"{5BB52399-6E57-45EA-83AF-8712CC8A2BBE}" = foundation.bcm.java-4.0-core-nu
"{5DED0186-0733-4D74-AFE0-FF69219FE3B3}" = crystalreports.dataaccess.driver.p2bbde-4.0-core-32
"{5DFD51C2-6694-4C66-A5BD-7179A39DAEB8}" = crystalreports.dataaccess.driver.wic-4.0-core-32
"{5EA03536-7B7C-4C08-BFBD-9F0B2A263B10}" = crystalreports.cpp.exporting.expmod-4.0-core-32
"{5ED72CCC-F880-4E0D-A50B-F02131833F73}" = tp.apache.xerces.java.classes-2.6.2-core-nu
"{5EFE7C91-EB85-410B-A43D-128B2B9EAFC0}" = crystalreports.partner.shared.cpp-4.0-core-32
"{60009F8D-15E3-48C8-B280-6C6696F532E8}" = crystalreports.sdk.java.sdkcommon-4.0-core-nu
"{60D7A67C-AAAC-4292-B9B9-FDAFFEF06ABC}" = tp.threedgraphics.pgsdk.cpp-2.50.16.busobj.1-core-32
"{616EAD7E-3330-4F29-B750-F0EBA346012C}" = crystalreports.cpp.exporting.u2fxml2-4.0-en-32
"{61D719F5-515A-48B3-9071-B0CCBA67E94E}" = crystalreports.dataaccess.driver.oracle-4.0-en-32
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{637FF9A8-079D-4F7C-B0D8-224DE99BEB02}" = connectivity.connectionserver.drivers.progress.odbc.config-4.0-core-32
"{64E256E0-EC03-42F7-80F0-B9987FCB6476}" = connectivity.connectionserver.drivers.sybase.ctlib-4.0-core-32
"{6576E6C7-E2D0-4662-A9E4-6BD4B6233778}" = crystalreports.dataaccess.driver.jde-4.0-core-32
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{668338D8-7E62-4732-99E4-88ED1B998927}" = platform.sdk.boe.java.pbds-4.0-core-nu
"{67AA1E23-C193-46B5-A2A7-8AB2637BF6E6}" = foundation.tracelog.java-4.0-core-nu
"{69487097-E2FA-4A29-8BA9-06F8616281CA}" = crystalreports.dataaccess.driver.com-4.0-en-32
"{699D34D0-6F87-4C46-98E8-E6AFBC799C27}" = connectivity.connectionserver.drivers.odbc.core.config-4.0-en-nu
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B41EA6F-4FD6-40F2-94C1-625E992BACAE}" = crystalreports.dataaccess.driver.access-4.0-en-32
"{6C38FA8C-8AED-4CC2-B6BE-D8D6E86D3193}" = crystalreports.dataaccess.driver.fielddef-4.0-core-32
"{6DCC3B94-DFD6-4C97-8549-FB17199FF279}" = connectivity.connectionserver.server.bridge.cpp-4.0-core-32
"{6E1DB188-419B-4BBB-B56A-29AFD07A705B}" = tp.sap.ljs.passport-0.7.0-core-nu
"{6E487C56-D3A1-4541-8477-32860C3B23CE}" = platform.sdk.boe.java-4.0-core-nu
"{6EE365B8-4756-47FD-9EC8-9F3A015711A2}" = crystalreports.cpp.cractivexviewer-4.0-en-32
"{6F1D95E5-481A-4402-A405-37BE1B4E7685}" = crystalreports.dataaccess.driver.jdbc-4.0-en-32
"{70730005-086B-453B-B5C0-2467D07CE6A8}" = tp.openssl-0.9.8l-core-32
"{70E237DC-9E1C-4119-B500-CB4184356BFD}" = shared.library.content-4.0-en-32
"{70E59A71-06AB-4A50-9CB3-C85059959BD0}" = tp.eclipse.aspectj-1.6.5-core-nu
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71386AAC-7FAE-49BD-9693-B53AF9A5AACF}" = crystalreports.dataaccess.driver.com-4.0-core-32
"{714F0131-6905-46C7-9875-C87B8AA1740B}" = fnc61_crviewer.msi
"{7163A430-35BA-4572-A5FB-62F4E8926B00}" = crystalreports.dataaccess.querybuilder-4.0-core-32
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72462C9F-A03C-4A53-819F-9C5F11EB0F2D}" = crystalreports.partner.shared.cpp-4.0-en-32
"{73104078-F786-4F0A-A399-0D6767117B1F}" = crystalreports.cpp.exporting.u2fhtml-4.0-en-32
"{7367F0A4-896E-48A1-8D20-DAE8A68B9230}" = product.crystalreports.arp-4.0-core-32
"{73684FF5-E845-4E2A-8B26-4F28E526F6A7}" = connectivity.connectionserver.drivers.neoview.odbc.config-4.0-en-nu
"{75E9530D-D98C-45A5-A99B-F2C14B264623}" = platform.library.common.authentication.oracle-4.0-core-32
"{763DBF6A-7B92-42DF-BDB2-3450DCBD4BD9}" = foundation.locale_fallback.cpp-4.0-core-32
"{779C6BA2-B88F-40BB-B795-76278983522C}" = foundation.javalibs.classes-4.0-core-nu
"{77B876EA-8974-4A38-86B2-EEF8BA1B4750}" = tp.apache.xalan.java-2.5.2-core-nu
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7904BAD3-ED0E-4AA9-AA2A-201DE2AEFDFF}" = crystalreports.dataaccess.driver.p2soutlk-4.0-en-32
"{795BC502-5E33-47F7-B8F2-527120EF5AFA}" = platform.services.ras21.clientsdk_bundle-4.0-core-nu
"{7A589FB0-452A-4C2B-9E34-DB1DF555069F}" = connectivity.connectionserver.drivers.progress.odbc-4.0-core-32
"{7A67FCBC-FF0D-4559-BFA6-1858F21C7F69}" = crystalreports.dataaccess.driver.olap-4.0-core-32
"{7AEE649B-E768-4BDD-9D7A-549375C53293}" = connectivity.cis.cpp-4.0-core-32
"{7B1681EC-A0E6-4591-8691-A30D82FFFD5C}" = crystalreports.rptpubwiz.cpp.help-4.0-core-32
"{7B33F6BB-E37C-4C53-8BDE-6349787CC080}" = crystalreports.cpp.saptoolbar-4.0-en-32
"{7B343663-B2B8-43C3-B339-2419EBDB26A4}" = crystalreports.dataaccess.driver.adodotnetinterop-4.0-core-32
"{7BA3338D-DD04-4EFD-99D0-2EEE4B797FD3}" = tools.srvtools-4.0-core-32
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C454DCB-139D-4ECE-88D1-EBD6E603CA00}" = crystalreports.designers.java.launcher-4.0-core-32
"{7C4ACEBE-AB19-41EA-9409-57B605AA6B00}" = tp.rsa.crypto.cpp-3.2.1.2-core-32
"{7D3E886C-B9A9-478C-9AA6-E69956EA7F2D}" = platform.library.common.instrumentation-4.0-core-nu
"{7DF858CF-2FB8-4CC5-A62B-2A52F4C8A280}" = tp.apache.axis2.bundle-1.3-core-nu
"{7E776ADB-FBB7-426D-86B4-40DA64EA6E7E}" = crystalreports.dataaccess.driver.ebs-4.0-core-32
"{7EBB358F-321F-4127-8390-C2C6975FED40}" = shared.library.content-4.0-core-32
"{7EC14FED-33B3-427C-96D0-8A5D67BAB2CE}" = tp.cup-0.11-core-nu
"{802E0C61-DB26-44A5-B9D9-83D98A906D7A}" = platform.services.ras21.clientsdk.java.pbd-4.0-core-nu
"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn
"{80906D41-77AE-4BA0-8A10-9D7C1E9D4A3E}" = platform.library.common.authentication.siebel.java-4.0-core-nu
"{81B862FE-AE60-4239-A3CE-2A65FE2C38BF}" = crystalreports.dataaccess.driver.sybase-4.0-core-32
"{821428CC-0213-43D2-8753-B7DAC82B7595}" = crystalreports.sdk.java.repository-4.0-core-nu
"{824739C6-1DF6-4BC5-8A79-8F4BC2029889}" = tp.apache.xbean-2.1.0-core-nu
"{829565E9-B77B-4A53-A10A-E86B72135835}" = connectivity.connectionserver.tools.cscheck-4.0-en-32
"{82F35B77-7582-4211-9CB4-C6C17B8A717B}" = crystalreports.partner.shared.java.jde-4.0-core-nu
"{836DD860-D470-4749-A4A3-66921A1956EC}" = WebSlingPlayer ActiveX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848DB4CE-7EDD-490E-9FA2-3FAC50640757}" = crystalreports.dataaccess.driver.btrieve-4.0-core-32
"{849E8871-C5E8-499D-A0AE-2923CBFC0454}" = tp.xpp3-1.1.3.8-core-nu
"{856902BD-848B-4605-AC50-F82771A55541}" = tp.rsa.crypto.java-4.1-core-nu
"{8616B2F6-43FF-4042-9A58-8FD5DF7A1E1E}" = tp.apache.log4j.classes-1.2.6_sap.1-core-nu
"{887C90B6-805C-43A8-81BF-A6780D278959}" = tp.apache.rampart.classes-1.3-core-nu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC2FA85-D98D-4058-9FE4-1F60C244DD8E}" = crystalreports.dataaccess.querybuilder-4.0-en-32
"{8B39F472-1CD4-4880-9E6D-FE3A6AA77EEA}" = crystalreports.dataaccess.driver.odbc-4.0-en-32
"{8B7C7644-4027-42F5-95FD-49DE8FF21E86}" = platform.sdk.boe.java.peoplesoft-4.0-core-nu
"{8B8125A4-1475-4BDD-9F4A-1FE342BC46E4}" = tp.apache.log4j-1.2.6_sap.1-core-nu
"{8C7C5FEE-A493-459F-832D-F8D2AB111690}" = tp.threedgraphics.pgsdk.cpp-2.50.16.busobj.1-en-32
"{8D232883-F199-4423-B774-5717A93355CC}" = platform.sdk.boe.java.sap-4.0-core-nu
"{8D6181F3-CACB-4B48-8B08-981F3A7F318B}" = SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9041686F-701F-4BF3-B1D4-770AD567A487}" = crystalreports.cpp.exporting.u2fxml2-4.0-core-32
"{911DCE4C-EBE2-4964-BE5D-2A2750779DA5}" = connectivity.connectionserver.drivers.netezza.odbc-4.0-core-32
"{91525DAD-50C3-4887-AC27-C4ED8B8B2D1B}" = tp.xpp3.classes-1.1.3.8-core-nu
"{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}" = Zebra Setup Utilities
"{927739E2-984A-4FCD-BDCF-3DCB67E38EE2}" = informationengine.qt.drivers.teradata.jdbc-4.0-core-nu
"{92B69E10-E4B6-4E6B-BACF-0F2BA083837A}" = platform.sdk.boe.com-4.0-en-32
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93476EBF-00C6-4189-9FEC-7517B03CE93C}" = crystalreports.cpp.printcontrol-4.0-core-32
"{934BF0ED-E7ED-4574-9D3C-149283F90FCB}" = crystalreports.cpp.exporting.u2dnotes-4.0-core-32
"{943AF0B0-5563-48F7-9791-10D4A7ED0711}" = tp.apache.xalan.java.classes-2.5.2-core-nu
"{94A6D67D-AE5C-4CB9-8CFE-60774CB698FA}" = crystalreports.cpp.parameterprompt-4.0-core-32
"{95CE391F-518B-4094-B7F0-B30CF8FEBB62}" = tp.pkware.cpp-1.0-core-32
"{96C49432-A707-44AB-B0BE-E4FD990F253B}" = crystalreports.dataaccess.driver.informix-4.0-core-32
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{9883A6B7-F3C6-4AC7-A3AE-72FF47CA37D1}" = crystalreports.dataaccess.driver.xml-4.0-core-32
"{98E47143-9B45-4620-ABCD-7D93C4B0E83B}" = platform.sdk.boe.java.oracle.plugins_bundle-4.0-core-nu
"{98F50021-935E-4361-B04B-BA839656AA86}" = platform.sdk.boe.java.jdedwards-4.0-core-nu
"{9A080B6C-32AB-4566-BAB5-B4FC60D63D14}" = crystalreports.cpp.printcontrol-4.0-en-32
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7B7EAF-AEBC-4306-AA47-D78C5760662C}" = informationengine.qt.drivers.mysql.odbc.config-4.0-core-nu
"{9A880441-398F-428E-8694-F15456DF6F0C}" = crystalreports.dataaccess.driver.olap-4.0-en-32
"{9A945CFA-60F3-4E9A-A1EA-34171E9B4104}" = connectivity.foundation.cpp-4.0-core-32
"{9AA5E6EB-2C32-4EC6-81E1-7F014052CBD3}" = ScanSnap
"{9B12274D-F720-4BC2-929D-822669CAA654}" = connectivity.connectionserver.drivers.teradata.jdbc-4.0-core-nu
"{9B8E57DF-66C6-44FE-9577-E9A1F3CA76C4}" = crystalreports.cpp.exporting.u2fodbc-4.0-en-32
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C15DF4C-C50D-45DD-B85E-A4420F2E2D7F}" = tp.rsa.crypto.java.classes-4.1-core-nu
"{9C60C74D-D4B2-4BD0-93A4-7E5E098BE121}" = crystalreports.cpp.share-4.0-core-32
"{9D793912-2459-4769-86B7-EF158BAF7AF6}" = tp.apache.xerces.cpp-2.7.0-core-32
"{9DA079E5-4852-425D-A4A3-DF06BC579428}" = crystalreports.cpp.exporting.u2ddisk-4.0-en-32
"{9DCCE485-EB15-49C3-82A7-45A501EC0F1D}" = tools.wstk-4.0-core-32
"{9E4F9685-D470-4A23-A9FD-9DD6F0685FA1}" = crystalreports.dataaccess.driver.siebel-4.0-core-32
"{9E556178-5F68-4D5D-BAF3-C15A342B5CA6}" = crystalreports.dataaccess.driver.filesystem-4.0-en-32
"{9EB290A5-C055-4118-95B7-659F4EA1C4D7}" = crystalreports.dataaccess.driver.oracle-4.0-core-32
"{9F03508E-E0F1-44F8-AF4B-51624279C606}" = crystalreports.dataaccess.driver.p2soutlk-4.0-core-32
"{9FE71A27-32B5-40A3-B497-741865AFD6B6}" = platform.sdk.boe.java.siebel.plugins_bundle-4.0-core-nu
"{A06F3506-2129-4605-B8FB-475434C22F4D}" = tp.apache.xerces.cpp-2.1.0-core-32
"{A0933CF7-AAC4-4819-B275-9FCCBDAE1986}" = tp.apache.xerces.java-2.6.2-core-nu
"{A0DC4E36-9FD4-45EE-B0F3-E2E4AAB0041A}" = crystalreports.dataaccess.driver.xml-4.0-en-32
"{A144B2A9-C656-4DC6-A883-5DE01E894A71}" = crystalreports.cpp.exporting.u2fwordw-4.0-en-32
"{A1609E8A-E1DA-4435-A626-375752ADFDD2}" = tp.ooc.java.bundle-4.0.5-core-nu
"{A17931F7-276D-4D6B-A37D-48C5C4E0CBFE}" = foundation.tracelog.java.classes-4.0-core-nu
"{A2C7ED60-2C86-41CE-86C5-EA79995CB6E5}" = crystalreports.dataaccess.driver.p2slog-4.0-core-32
"{A2D36CB4-25E5-46DA-B0B8-015AB7AA3AAF}" = crystalreports.dataaccess.driver.javabeans-4.0-core-32
"{A3520959-EC76-40C8-A818-AF728EDE6F3D}" = crystalreports.dataaccess.driver.javabeans-4.0-en-32
"{A4428008-D983-4049-823B-7E4949AEE8EE}" = crystalreports.cpp.exporting.u2fxls-4.0-en-32
"{A4998564-1316-4170-983B-E3D93E275D3A}" = connectivity.connectionserver.drivers.netezza.jdbc-4.0-en-nu
"{A53BF826-DEF6-43F4-8338-8EE83C46F00B}" = crystalreports.rptpubwiz.cpp-4.0-en-32
"{A59C9634-0B12-4625-A381-12F61E7BE3E8}" = platform.sdk.boe.com.core-4.0-core-32
"{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"{A6C768F1-CA52-496E-9BC7-E3312A4F9B9A}" = platform.sdk.boe.java.bundles-4.0-core-nu
"{A72825BF-3887-4F13-91BC-66681C21BE43}" = tp.rosette-4.2.1-core-32
"{A8E920CC-FEA4-48C5-AB08-99DCD08D8F0C}" = crystalreports.cpp.businessview.clients.crw-4.0-en-32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1AEF00-3439-4272-9AF4-008B3B373DFE}" = crystalreports.cpp.cractivexviewer-4.0-core-32
"{AB82F4D5-9E0D-4D31-B7F9-D96D22CD6743}" = crystalreports.cpp.exporting.u2fcr-4.0-core-32
"{AC5607B1-B649-42CA-A9D5-1A75165B4E2B}" = crystalreports.cpp.ras.bv-4.0-core-32
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACA9CF47-991C-4B76-AFE4-93E9D6C0BB06}" = tp.microsoft.mssdk-10.0-core-32
"{AD5F12A5-7753-46AC-9137-66CDEDE44AA7}" = crystalreports.cpp.businessview.clients.crw-4.0-core-32
"{AD6A931E-17AC-4DAB-93D8-B1AD2D1DFF72}" = crystalreports.cpp.filedialog-4.0-core-32
"{ADBA7722-3CAE-43E7-976B-7DF949D62DB7}" = platform.sdk.boe.java.dfo.util-4.0-core-nu
"{AE111FB3-75AB-45D0-9CC3-21F92C0408C8}" = crystalreports.dataaccess.driver.p2sevt-4.0-core-32
"{AE30E0A2-712A-4864-99E3-BFD1A21FE445}" = b-PAC Component (BrssCom)
"{AF286C85-3B32-43D1-B4F0-05E431827C97}" = tp.poco-1.3.6-core-32
"{AFAEC5B4-46D8-41B3-8092-142B561556BD}" = platform.services.ras21.clientsdk.java-4.0-core-nu
"{AFE0E94D-2549-4829-98FB-E92177D9CCF7}" = platform.services.ras21.clientsdk_shared_bundle-4.0-core-nu
"{B0B96974-9756-48FB-840F-292E1AF0C01E}" = platform.library.common.authentication.siebel-4.0-core-32
"{B0BE2D52-3226-4B50-BB5D-BA8E63A38652}" = tp.sap.introscope-822-core-nu
"{B104C6FB-074C-47D7-A717-3394C50C6B7B}" = crystalreports.dataaccess.driver.sap-4.0-core-32
"{B1280DF3-00BB-4C4B-B6B4-10C5BDCDA91D}" = tp.sun-1.1-core-nu
"{B1C14366-B371-459E-B90A-F2D575B79EA1}" = crystalreports.dataaccess.driver.act-4.0-core-32
"{B25FAA96-13BB-4ED9-9D0E-6116370FD180}" = crystalreports.cpp.exporting.u2fxls-4.0-core-32
"{B2EF9594-89DB-43A0-A9F9-B3DA914FBB8C}" = connectivity.connectionserver.drivers.jdbc.core.config-4.0-core-nu
"{B38911D0-1799-46B5-A653-950BC34526B4}" = connectivity.connectionserver.drivers.jdbc.core.config-4.0-en-nu
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3F293DD-0DCC-4088-BA13-1040206CAC88}" = crystalreports.cpp.exporting.u2frec-4.0-core-32
"{B4754D6B-D84E-4BD8-9AC1-B539748A7616}" = cvom.java-4.0-en-nu
"{B4B50DCD-4743-41B9-B091-0E29E4D784C4}" = crystalreports.cpp.exporting.u2dapp-4.0-en-32
"{B4EF4421-356B-4640-814D-B9D3C74684C8}" = crystalreports.cpp.exporting.u2ddisk-4.0-core-32
"{B52CFD34-8CF3-4066-A0AB-DE003B419948}" = crystalreports.cpp.exporting.u2dvim-4.0-en-32
"{B63F5593-A100-4166-89B4-D1E725FD88DA}" = crystalreports.dataaccess.driver.p2sexchange-4.0-en-32
"{B6E499CF-867D-4DC0-AAE1-75F2A039F441}" = tp.ooc.java.classes-4.0.5-core-nu
"{B7895722-516C-49BB-93D4-7EAD9AC4B02B}" = informationengine.qt.drivers.mysql.jdbc-4.0-core-nu
"{B8920657-9C07-434E-8068-FAF27E817670}" = crystalreports.cpp.help-4.0-en-32
"{B89220C0-7C89-4304-879B-363AAD67CBB3}" = connectivity.connectionserver.drivers.teradata.jdbc-4.0-en-nu
"{B89BF5A9-E932-41EF-A95E-CA7C6AF79327}" = crystalreports.dataaccess.driver.p2dbase-4.0-core-32
"{B9847524-3B87-4A80-86EE-7CFAB37D7CD8}" = connectivity.connectionserver.drivers.progress.odbc.config-4.0-en-32
"{BAEC2486-2048-4D03-9140-DF504040F266}" = platform.library.common-4.0-core-32
"{BB25DCF7-8C02-4B54-8755-843EEC67DF86}" = tp.apache.axis2.classes-1.3-core-nu
"{BBDC0D46-850A-4819-B257-6DC31296496E}" = crystalreports.dataaccess.driver.universe-4.0-en-32
"{BC9BDA6F-E918-451C-8B60-EB45A89B630C}" = tools.i18n4j-4.0-core-nu
"{BD54B2A0-3550-4C58-82C4-B4BA77939ED5}" = crystalreports.cpp.exporting.u2dmapi-4.0-core-32
"{BDF9ED65-49DB-468F-974A-F1DA59B6CFFA}" = crystalreports.cpp.exporting.u2frtf-4.0-en-32
"{BE5A7FDD-EE1A-45D2-BAFB-B1C4D40D76F3}" = crystalreports.cpp.exporting.u2fhtml-4.0-core-32
"{BFCE575E-49B8-40C5-9B4A-D2D9D3535E2E}" = connectivity.connectionserver.drivers.odbc.core.config-4.0-core-nu
"{C0B3B64C-3056-495D-8C9C-09E023AAB4FB}" = connectivity.connectionserver.drivers.netezza.jdbc-4.0-core-nu
"{C13870D8-716A-4608-9A9A-BF581B613EC3}" = crystalreports.dataaccess.driver.adoplus-4.0-core-32
"{C16F8BE5-1DF0-42C7-89BD-7223655B06C0}" = crystalreports.cpp.erom-4.0-core-32
"{C17B3247-0B69-4B48-B382-467CA1A89F76}" = tp.netscape.ldap.cpp-6.0.5-core-32
"{C1827786-F58B-41D0-B607-CCC222929070}" = tp.sap.ljs.passport.classes-0.7.0-core-nu
"{C2AAA588-4193-46E4-A537-83CCC1530A66}" = crystalreports.cpp.exporting.u2dpost-4.0-core-32
"{C3785226-4912-4845-9194-29D85CDD2E06}" = tp.netscape.ldap.cpp.mozjavascript-6.0.5-core-32
"{C59299BA-D7FC-4D59-9DB6-51ED2E79759A}" = crystalreports.crystalcommon.cpp.crlang-4.0-core-32
"{C5C53B9F-8F88-411B-9642-C9364D607ABC}" = crystalreports.dataaccess.share.registry-4.0-core-32
"{C62D6FB9-05D8-4FF6-ABA0-EE58601F1D2D}" = crystalreports.cpp.registrywrapper-4.0-core-32
"{C6CD1663-56BD-4D7C-9E2A-6EBD2C600F91}" = crystalreports.cpp.keycode.defn-4.0-core-nu
"{C72F4F45-1CBC-4ACE-8485-AB06F89FAD76}" = connectivity.connectionserver.drivers.netezza.odbc.config-4.0-core-nu
"{C749A937-830C-47CC-B6EE-918F2AF3841A}" = tp.microsoft.office.stdole-11.0-core-32
"{C8AD7EA8-2422-4B58-9ECD-BB94D1271B82}" = crystalreports.cpp.exporting.u2fwordw-4.0-core-32
"{C8EF4DED-86BA-4F56-AC34-37EC95B0C01A}" = tp.gzip-1.2.3-core-32
"{C99FC6E7-5057-4CC0-9E3C-B70788B34A53}" = repoaccess.cdztools.oldregistry-4.0-core-32
"{C9B39207-86EB-4D68-80EC-2F0861F89EDC}" = crystalreports.dataaccess.driver.p2sevt-4.0-en-32
"{CA339C77-8F57-46D6-864F-08A632F7F12D}" = connectivity.connectionserver.drivers.informix.odbc.config-4.0-en-nu
"{CA57B2DE-838F-4E77-A644-A0CF83210493}" = connectivity.connectionserver.drivers.odbc.core-4.0-core-32
"{CB21F25E-A28A-46E0-8895-313F4E2D5A4C}" = crystalreports.cpp.exporting.u2fsepv-4.0-en-32
"{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}" = Pocket Controller-Professional
"{CDAE60C5-835D-4433-9C0E-D771073AD19E}" = crystalreports.cpp.exporting.u2ftext-4.0-core-32
"{CDEFBB6A-BE09-4768-9806-6543C1E42EF4}" = connectivity.connectionserver.client.httpxir3.cpp-4.0-core-32
"{CEF69C8F-FCFF-4D6C-8CCF-BE7CD49D3D92}" = crystalreports.dataaccess.driver.odbc-4.0-core-32
"{CF332BF5-564B-4BA5-9322-3202850D467D}" = repoaccess.container.java-4.0-core-nu
"{CFA6024E-B358-4F50-9075-62F5738FA5DA}" = crystalreports.cpp.cslib-4.0-core-32
"{D0995FD0-9A1E-4763-9CF3-81FB869EC8EA}" = tp.utexasaustin.hoard-3.7.1-core-32
"{D0D65D56-1BF2-4409-9867-4C41223CE51C}" = crystalreports.cpp.erom-4.0-en-32
"{D19EE8D6-6BD6-41FD-B2B6-2BF358BDA683}" = repoaccess.async_scheduling-4.0-en-32
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1A8A8CF-A854-4861-9EC6-0C502A80FC1D}" = platform.sdk.boe.com.instrumentation-4.0-core-nu
"{D22EBF86-64BF-45F4-B94D-C0ECC77B6A85}" = tp.curl.cpp-7.13.2-core-32
"{D24A6366-471B-48B1-B69C-649DF248FA4A}" = platform.library.common.authentication.jdedwards-4.0-en-32
"{D2E2923F-F097-41D3-85B4-175183866581}" = connectivity.connectionserver.drivers.netezza.odbc.config-4.0-en-nu
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D39A54F7-1A4F-417D-9D56-83F4E2497EED}" = cvom.java-4.0-core-nu
"{D571CF0B-E9F1-4E89-B417-6DBC61EC0B45}" = platform.library.common.authentication.siebel-4.0-en-32
"{D6FB44C6-ED23-46E6-8EB7-A14E15B2F64C}" = DocuFire for Windows
"{D81BE593-DF3F-450E-924D-A49E66A8CA8E}" = tp.threedgraphics.pgsdk.cpp.runtime-2.50.16.busobj.1-core-32
"{D852E6B6-B24F-4A6D-81FF-E3DD9F49FEE2}" = tp.azalea-5.5-core-32
"{D85ED785-A121-4AEB-98AF-4DB096C35AAB}" = crystalreports.cpp.share.registry-4.0-core-32
"{D8DAA275-6532-4D57-AD01-66990171796A}" = crystalreports.dataaccess.driver.sybase-4.0-en-32
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA721A0-FF03-4522-B49C-6248740EEE42}" = crystalreports.dataaccess.share-4.0-en-32
"{DEB2111C-B35F-4519-ADD7-CF2734040909}" = tp.ibm.icu.cpp-3.0.1-core-32
"{DF7FF8B5-4677-4DFC-A6C2-F096412CA846}" = olap.analysis.implementation.cpp.activex-4.0-core-32
"{E037DEBA-4DA6-4401-B0C6-95BA2E9528CB}" = tp.threedgraphics.pgsdk.cpp.chartsupport-2.50.16.busobj.1-core-nu
"{E1907352-E402-4A77-97E1-29AF957358CF}" = tp.threedgraphics.pgsdk.cpp.runtime-2.50.16.busobj.1-en-32
"{E207BD23-8B4D-46A2-BBBF-849D3C815041}" = crystalreports.webreporting.common-4.0-en-nu
"{E25C4D03-2048-42F4-A5DC-5AD7DD2622D0}" = foundation.javalibs-4.0-core-nu
"{E2AB4259-123E-43F5-9DE7-98F8FD22872E}" = crystalreports.dataaccess.driver.informix-4.0-en-32
"{E2C039AC-797A-49ED-90DD-3620E670A6EC}" = repoaccess.cdztools.jshell-4.0-core-nu
"{E2F50BC6-0BDA-4E8E-B1B8-8368655BBBF2}" = tp.pervasive.db.btrieve-3.0-core-32
"{E372A7BE-6DFB-4FF3-8935-AADE594A6D03}" = crystalreports.dataaccess.driver.fielddef-4.0-en-32
"{E3CD7222-9E9A-41EC-8CE0-894D79B49004}" = informationengine.qt.drivers.sybase.ctlib.config-4.0-core-nu
"{E48047FB-939F-442E-A964-D8452759F684}" = connectivity.connectionserver.plugin.http.cpp-4.0-core-32
"{E488FEE0-CD99-4C67-8DCC-64A75D06DC7B}" = crystalreports.cpp.parameterprompt-4.0-en-32
"{E4EF483C-1089-4F4C-A2D2-B71120A0E870}" = tp.ibm.icu.cpp-4.2.1-core-32
"{E5465D4F-3FB9-4D36-9DEB-3CAA5D96A821}" = platform.sdk.boe.java.peoplesoft.plugins_bundle-4.0-core-nu
"{E686A699-B638-4212-A24D-0A5441EFFE40}" = shared.library.keycode.decoder.cpp-4.0-core-32
"{E6DC9FE1-4D69-50C7-FF4E-4E213025EAC9}" = Socialcast Desktop
"{E7F3D1C3-10FF-4173-AD49-9A7A053123ED}" = crystalreports.boe.sdkplugins.java-4.0-en-nu
"{E88F0CED-FD45-415D-86EA-CEBE787E278E}" = informationengine.qt.drivers.teradata.odbc.config-4.0-core-nu
"{E9D8ACCB-0018-48E7-BF05-90BA27C4282B}" = tp.rsa.crypto-6.3-core-32
"{EA8A25D2-EF96-4557-9B4F-81F7E4357E6D}" = tp.sun.classes-1.1-core-nu
"{EAE857DE-DFEA-41C3-9B33-6449D5A9BDBD}" = tools.wstk.java-4.0-core-nu
"{EB1FC21E-5A78-45EB-BE87-9A318F346161}" = setup.engine.sharedregistry-4.0-core-32
"{EC10D725-AC4D-4F2B-BB29-31B4BCB02642}" = platform.library.common.authentication.sap-4.0-core-32
"{EC1AC434-FEF2-45DE-B789-C246FF669A3F}" = crystalreports.cpp.exporting.u2ftext-4.0-en-32
"{EC6903FF-7296-4749-8E38-03757717C02F}" = product.shared.langpackreg-4.0-core-nu
"{EC78F10C-131A-4510-AA14-F47483095D6A}" = crystalreports.crystalcommon.cpp.crjavaconfig-4.0-core-nu
"{ED578083-0F43-4A93-8E59-B125779E114E}" = tp.sap.nwrfc-711-core-32
"{EEE8F470-6AB1-4A44-8BD4-2DDB620BC005}" = crystalreports.dataaccess.driver.act-4.0-en-32
"{EF090511-AA26-4295-A8D2-8F314F82092F}" = connectivity.connectionserver.drivers.neoview.odbc-4.0-core-32
"{F01EBEA7-3E4D-4A3C-BC34-92446D448360}" = crystalreports.dataaccess.driver.access-4.0-core-32
"{F0E314AB-1939-4797-BD1C-CD17E2C74111}" = connectivity.connectionserver.drivers.progress.jdbc-4.0-core-nu
"{F1A093A6-8418-49BD-B2A5-BDD5F0E2ED1A}" = foundation.javalibs.bundle-4.0-core-nu
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"{F41E5436-9C37-45AF-909F-B379679FE8ED}" = Sage BusinessVision Client-Server Edition (remove only)
"{F445F4AC-67AF-4DFD-AA7B-B972C31F8758}" = crystalreports.dataaccess.share-4.0-core-32
"{F4F0DF43-8EFC-4176-A882-478CB52AEF93}" = connectivity.connectionserver.tools.cscheck.config-4.0-core-nu
"{F65A3DCE-9519-4E9F-86C5-7742F99150DE}" = platform.sdk.boe.com-4.0-core-32
"{F7ADA33D-4E87-46C1-AD90-7EE8CA5F6D67}" = crystalreports.dataaccess.driver.universe-4.0-core-32
"{F7ED6DFF-3093-4D47-8E4F-AA12A3DB9199}" = crystalreports.dataaccess.driver.jdbc-4.0-core-32
"{F86ECFE6-6CBB-4E04-A413-27CF5EE8E34C}" = platform.sdk.boe.java.pbds_full-4.0-core-nu
"{F8A87587-76B6-426D-95CC-0506681F85CB}" = tp.salesforce-9.0-core-nu
"{F8A9019C-24D9-4EDA-A185-5DAE10BCECD5}" = crystalreports.cpp.exporting.u2frtf-4.0-core-32
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F953FB3F-6DA0-470D-9CFD-7C1095CC205A}" = tp.sun.jdk.jre-1.6-core-32
"{F991A978-C93D-4603-88B2-FE41B5C57020}" = connectivity.connectionserver.core.helpers.cpp-4.0-core-32
"{F993656B-DB66-4C64-B216-679F95CF432E}" = crystalreports.webreporting.common-4.0-core-nu
"{FA1157A7-1977-4EBA-BBB3-182C00DBF846}" = crystalreports.cpp.runtimeshare-4.0-en-32
"{FA35A0C4-9094-4CA4-86AF-7082EBB21DF8}" = repoaccess.cdztools-4.0-en-32
"{FB4898C7-F957-44B3-805B-6FB44F34850E}" = tp.apache.xalan.cpp-1.10.0-core-32
"{FBB0B1A4-40B2-422A-B775-9DA613E8F40F}" = foundation.tracelog.cpp-4.0-core-32
"{FBF2D8EA-B019-4A8A-AD56-5BCCD2C2DB11}" = crystalreports.crystalcommon.cpp.crlogger-4.0-core-32
"{FC7DE811-196A-4C88-8B2E-7C5CAE78DA8B}" = product.crystalreports.langpackproperty-4.0-en-nu
"{FC9ECCBF-A263-4205-8F95-222C2DBFAA12}" = tp.sap.rfcsdku-70-core-32
"{FD6F6C56-E172-4685-8868-DA72DF47090F}" = foundation.bcm.java.bundle-4.0-core-nu
"{FE0DEDD2-0492-4887-8C5D-E1A2618A2B30}" = crystalreports.crystalcommon.dotnet-4.0-core-32
"{FF2A8008-A17C-40E1-BB63-9E206808D509}" = tp.xpp3.bundle-1.1.3.8-core-nu
"{FF9D17F1-B66E-41BE-A5DB-2CF7908ADC52}" = tp.apache.rampart-1.3-core-nu
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BVEssentials_is1" = BVEssentials 5.3.7 Build 11166
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.socialcast.air.socialcast-air.0AAFEDD898717A09265AF0B865587CAA134C3880.1" = Socialcast Desktop
"Google Calendar Sync" = Google Calendar Sync
"HandBrake" = HandBrake 0.9.6
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}" = FTP Utility
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Pervasive PSQL v10.10 Workgroup (32-bit)" = Pervasive PSQL v10.10 Workgroup (32-bit)
"Plan-Um 2.5" = Plan-Um
"PRISM_Rep_2.0" = BASis Inventory System Version 7.98
"Revo Uninstaller" = Revo Uninstaller 1.92
"SyncBack_is1" = SyncBack
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TurboMeeting" = MXmeeting
"uTorrent" = µTorrent
"Xerox_Support_Centre" = Xerox Support Centre
"Zebra Setup Utilities" = Zebra Setup Utilities

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4038933237-2261227842-749657308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/06/2012 5:25:43 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = VSS | ID = 8193
Description =

Error - 01/10/2012 11:25:32 AM | Computer Name = QCHAIN-WS11.qchain.local | Source = VSS | ID = 8193
Description =

Error - 01/10/2012 11:29:01 AM | Computer Name = QCHAIN-WS11.qchain.local | Source = VSS | ID = 8193
Description =

Error - 01/10/2012 11:51:56 AM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Hang | ID = 1002
Description = The program SetupEngine.exe version 14.0.2.364 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 100c Start
Time: 01cd9fe9971c220e Termination Time: 8 Application Path: C:\Program Files (x86)\SAP
BusinessObjects\InstallData\setup.engine\SetupEngine.exe Report Id:

Error - 01/10/2012 12:26:36 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6117.5001, time
stamp: 0x4f3e2cb1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0xd40 Faulting application start time: 0x01cd9feb629ae5da Faulting application
path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: c4b0cbf5-0be4-11e2-9223-0019d1552b9c

Error - 01/10/2012 12:30:25 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6117.5001, time
stamp: 0x4f3e2cb1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x1ea8 Faulting application start time: 0x01cd9ff1c9061214 Faulting application
path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 4d142333-0be5-11e2-9223-0019d1552b9c

Error - 22/06/2012 12:48:44 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = MsiInstaller | ID = 11904
Description =

Error - 22/06/2012 4:41:11 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Error | ID = 1000
Description = Faulting application name: crw32.exe, version: 14.0.2.364, time stamp:
0x4de99eaa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x428d0824 Faulting process id: 0x1270 Faulting application
start time: 0x01cd509b3bae4d78 Faulting application path: C:\Program Files (x86)\SAP
BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86\crw32.exe Faulting
module path: unknown Report Id: 99ca2e74-bcaa-11e1-9225-0019d1552b9c

Error - 22/06/2012 4:43:15 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Error | ID = 1000
Description = Faulting application name: crw32.exe, version: 14.0.2.364, time stamp:
0x4de99eaa Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc015000f Fault offset: 0x000847db Faulting process id:
0x1270 Faulting application start time: 0x01cd509b3bae4d78 Faulting application path:
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86\crw32.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e39b35c8-bcaa-11e1-9225-0019d1552b9c

Error - 27/06/2012 5:52:58 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e30 Start
Time: 01cd549f4251f2d4 Termination Time: 52 Application Path: C:\Windows\Explorer.EXE

Report
Id: 596b9913-c0a2-11e1-8580-0019d1552b9c

[ System Events ]
Error - 27/06/2012 2:34:46 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver OKI C5150n required for printer OKI C5150n is unknown. Contact
the administrator to install the driver before you log in again.

Error - 27/06/2012 2:34:49 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Send To Microsoft OneNote 2010 Driver required for printer
Send To OneNote 2010 is unknown. Contact the administrator to install the driver
before you log in again.

Error - 27/06/2012 2:34:50 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Xerox Phaser 8860 required for printer Xerox Phaser 8860 is
unknown. Contact the administrator to install the driver before you log in again.

Error - 27/06/2012 3:59:29 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = DCOM | ID = 10016
Description =

Error - 27/06/2012 6:07:10 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 27/06/2012 6:07:10 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 27/06/2012 6:07:11 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 27/06/2012 6:07:12 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 27/06/2012 7:02:39 PM | Computer Name = QCHAIN-WS11.qchain.local | Source = DCOM | ID = 10016
Description =

Error - 28/06/2012 1:57:49 AM | Computer Name = QCHAIN-WS11.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver HP LaserJet 1020 required for printer HP LaserJet 1020 is unknown.
Contact the administrator to install the driver before you log in again.


< End of report >
_____________________________________________________________________________________________________________

Server-A OTL.txt:
OTL logfile created on: 7/3/2012 9:28:48 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = \\DATASERVER\HomeDir\Colin\Desktop
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTDomainController
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

31.99 Gb Total Physical Memory | 18.57 Gb Available Physical Memory | 58.04% Memory free
63.98 Gb Paging File | 42.01 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 212.53 Gb Total Space | 128.59 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive D: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 21.87 Gb Free Space | 3.67% Space Free | Partition Type: NTFS

Computer Name: DATASERVER | User Name: colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 09:11:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- \\DATASERVER\HomeDir\Colin\Desktop\OTL.exe
PRC - [2012/06/20 16:57:52 | 000,237,568 | ---- | M] (Online Backup Solution) -- C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupStatusIcon.exe
PRC - [2012/06/20 16:57:48 | 000,053,248 | ---- | M] (Online Backup Solution) -- C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupUpdater.exe
PRC - [2012/06/20 16:57:48 | 000,053,248 | ---- | M] (Online Backup Solution) -- C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupAgent.exe
PRC - [2012/05/10 23:32:40 | 000,048,184 | ---- | M] (MK Software Inc.) -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Router.exe
PRC - [2012/05/10 23:32:40 | 000,047,160 | ---- | M] (MK Software Inc.) -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.SMTP.exe
PRC - [2012/05/10 23:32:38 | 000,088,632 | ---- | M] (MK Software Inc.) -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Monitor.exe
PRC - [2012/05/10 23:32:36 | 000,066,616 | ---- | M] (MK Software Inc.) -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Fax.exe
PRC - [2012/05/10 23:32:36 | 000,055,352 | ---- | M] (MK Software Inc.) -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Image.exe
PRC - [2012/05/08 09:37:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/22 22:27:36 | 000,086,016 | ---- | M] (Prime Technical Consulting) -- D:\Data\Freight Calculator\LoomisEasyShipService\LoomisEasyShipService.exe
PRC - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/10/24 09:39:40 | 000,270,424 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe
PRC - [2011/06/17 22:19:26 | 043,040,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft SQL Server Express\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011/05/12 16:49:50 | 000,122,880 | ---- | M] (Flexera Software) -- C:\Program Files\Traction\traction\server\plugins\com.traction.derby\lib\StartJavaDB.exe
PRC - [2011/05/12 16:45:05 | 000,122,880 | ---- | M] (Flexera Software) -- C:\Program Files\Traction\traction\server\TractionService.exe
PRC - [2010/11/20 05:17:51 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inetsrv\w3wp.exe
PRC - [2009/12/07 12:33:16 | 000,525,312 | ---- | M] () -- D:\Program Files (x86)\Sage\CRM\Services\CRMEscalationService.exe
PRC - [2009/07/29 11:54:04 | 000,034,104 | ---- | M] (APC) -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
PRC - [2009/03/26 17:15:38 | 000,057,344 | ---- | M] (Apache Software Foundation) -- D:\Program Files (x86)\Sage\CRM\CRM\tomcat\bin\tomcat6.exe
PRC - [2009/03/26 16:56:26 | 000,404,992 | ---- | M] () -- D:\Program Files (x86)\Sage\CRM\Services\CRMIndexerService.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/30 20:52:34 | 000,111,904 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\ntbtrv.exe
PRC - [2008/07/30 20:52:34 | 000,036,640 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3sqlmgr.exe
PRC - [2008/07/08 18:15:34 | 000,020,574 | ---- | M] () -- D:\Program Files (x86)\Sage\CRM\Services\SpellChecker\j2re1.3.1_11\bin\java.exe
PRC - [2008/07/08 18:15:18 | 000,122,880 | ---- | M] () -- D:\Program Files (x86)\Sage\CRM\Services\SpellChecker\jetty\extra\win32\Wrapper.exe
PRC - [2008/06/06 13:03:10 | 000,111,904 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\ntdbsmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 02:47:00 | 003,127,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\27b66f127250f2ba37f9bf1d519c6039\System.Web.Extensions.ni.dll
MOD - [2012/06/14 02:46:42 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\fdb5565e4c807a8cd79de9f40c0cd644\System.Web.ni.dll
MOD - [2012/06/14 02:15:59 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/14 02:15:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 02:11:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 02:11:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 03:10:41 | 002,452,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll
MOD - [2012/05/10 03:10:37 | 000,432,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f8fa8f3947b4f9b6819d121537e39050\System.ServiceModel.Activation.ni.dll
MOD - [2012/05/10 03:10:34 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012/05/10 03:08:47 | 000,244,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\d8b4dcd719a3805ab0bce3c8cdfe8288\System.Runtime.Caching.ni.dll
MOD - [2012/05/10 03:08:35 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/10 03:08:34 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/05/10 03:08:17 | 000,631,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\3ad065635e1e0cd413081be61993cd38\Microsoft.Build.Utilities.v4.0.ni.dll
MOD - [2012/05/10 02:52:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 02:51:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 02:51:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 02:51:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 02:51:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/10 02:34:03 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/10 02:34:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/10 02:33:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/10 02:33:56 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/10 02:33:49 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/25 23:45:13 | 000,696,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dns.exe -- (DNS)
SRV:64bit: - [2011/10/24 09:40:46 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/12 16:49:50 | 000,122,880 | ---- | M] (Flexera Software) [Auto | Running] -- C:\Program Files\Traction\traction\server\plugins\com.traction.derby\lib\StartJavaDB.exe -- (JavaDB)
SRV:64bit: - [2011/05/12 16:45:06 | 000,122,880 | ---- | M] (Flexera Software) [Auto | Stopped] -- C:\Program Files\Traction\traction\server\ClearLockFile.exe -- (unlockTraction)
SRV:64bit: - [2011/05/12 16:45:05 | 000,122,880 | ---- | M] (Flexera Software) [Auto | Running] -- C:\Program Files\Traction\traction\server\TractionService.exe -- (Traction)
SRV:64bit: - [2010/11/20 06:26:05 | 000,729,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpssvc.dll -- (DHCPServer)
SRV:64bit: - [2010/11/20 06:25:02 | 001,020,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ntfrs.exe -- (NtFrs)
SRV:64bit: - [2010/11/20 06:24:50 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ismserv.exe -- (IsmServ)
SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/20 06:24:38 | 004,518,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfsrs.exe -- (DFSR)
SRV:64bit: - [2010/11/20 06:24:38 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfssvc.exe -- (Dfs)
SRV:64bit: - [2009/07/13 18:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 18:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 18:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2012/06/20 16:57:48 | 000,053,248 | ---- | M] (Online Backup Solution) [Auto | Running] -- C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupUpdater.exe -- (BackupUpdater)
SRV - [2012/06/20 16:57:48 | 000,053,248 | ---- | M] (Online Backup Solution) [Auto | Running] -- C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupAgent.exe -- (BackupAgent)
SRV - [2012/05/10 23:32:40 | 000,048,184 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Router.exe -- (DocuFireRouter)
SRV - [2012/05/10 23:32:40 | 000,047,160 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.SMTP.exe -- (DocuFireSMTPEngine)
SRV - [2012/05/10 23:32:38 | 000,088,632 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Monitor.exe -- (DocuFireMonitor)
SRV - [2012/05/10 23:32:38 | 000,045,624 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Print.exe -- (DocuFirePrintEngine)
SRV - [2012/05/10 23:32:36 | 000,066,616 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Fax.exe -- (DocuFireFaxEngine)
SRV - [2012/05/10 23:32:36 | 000,055,352 | ---- | M] (MK Software Inc.) [Auto | Running] -- C:\Program Files (x86)\DocuFire\DocuFire.Server.Services.Image.exe -- (DocuFireImagingService)
SRV - [2012/05/08 12:48:52 | 000,022,016 | ---- | M] (Terracor Business Solutions) [Auto | Running] -- C:\Program Files (x86)\Terracor Business Solutions\zeckoShop Order Download Service\zeckoShopOrderManagerService.exe -- (zeckoShopOrderService)
SRV - [2012/05/08 12:43:00 | 000,017,920 | ---- | M] (Terracor Business Solutions) [Auto | Running] -- C:\Program Files (x86)\Terracor Business Solutions\zeckoShop Sync Service\zeckoShopSyncService.exe -- (zeckoShopSyncService)
SRV - [2012/05/08 12:42:18 | 000,018,944 | ---- | M] (Terracor Business Solutions) [Auto | Running] -- C:\Program Files (x86)\Terracor Business Solutions\UDC Sync Service\UDCSyncService.exe -- (UDCSyncService)
SRV - [2012/04/26 14:59:18 | 000,096,768 | ---- | M] (LabTech Software) [Auto | Running] -- C:\Windows\LTSvc\LTSvcMon.exe -- (LTSvcMon)
SRV - [2012/04/22 22:27:36 | 000,086,016 | ---- | M] (Prime Technical Consulting) [Auto | Running] -- D:\Data\Freight Calculator\LoomisEasyShipService\LoomisEasyShipService.exe -- (LoomisEasyShipIntegratorService)
SRV - [2012/03/29 15:07:36 | 012,542,976 | ---- | M] (LabTech Software) [Auto | Running] -- C:\Windows\LTSvc\LTSVC.exe -- (LTService)
SRV - [2012/01/21 11:44:06 | 000,231,456 | ---- | M] (Sisense) [Auto | Running] -- C:\Program Files (x86)\SiSense\PrismServer\ElastiCube.ManagementService.exe -- (ElastiCubeManagementService)
SRV - [2012/01/21 11:44:06 | 000,230,432 | ---- | M] (Sisense) [Auto | Running] -- C:\Program Files (x86)\SiSense\PrismServer\ElastiCube.QueryService.exe -- (ElastiCubeQueryService)
SRV - [2011/12/06 01:24:10 | 000,040,640 | ---- | M] (Pranas.NET) [Auto | Stopped] -- C:\Program Files (x86)\Pranas.NET\SQLBackupAndFTP\SbfService.exe -- (SqlBackupAndFtp Service)
SRV - [2011/09/22 22:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2011/09/22 22:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2011/09/22 21:42:46 | 002,084,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer) SQL Server Reporting Services (MSSQLSERVER)
SRV - [2011/09/22 21:33:34 | 043,801,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2011/06/17 22:19:26 | 043,040,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft SQL Server Express\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2011/06/17 22:19:24 | 000,370,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft SQL Server Express\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2011/01/23 22:10:10 | 000,596,480 | ---- | M] (Vineyardsoft Corporation) [Auto | Stopped] -- C:\Vineyardsoft\KnowledgeSync 2000\Bin\KS_Serv.exe -- (KnowledgeSync)
SRV - [2010/11/23 14:21:30 | 001,793,024 | ---- | M] (Sage Technologies Limited.) [On_Demand | Stopped] -- D:\Program Files (x86)\Sage\CRM\Services\eWareEmailManager.exe -- (EmailManager)
SRV - [2010/11/20 06:44:11 | 000,487,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe -- (ADWS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/09 04:53:00 | 000,270,848 | ---- | M] () [Auto | Running] -- C:\attivio22\bin\attivio.exe -- (AIECombined)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 12:33:16 | 000,525,312 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Sage\CRM\Services\CRMEscalationService.exe -- (CRMEscalationService)
SRV - [2009/07/29 11:54:04 | 000,034,104 | ---- | M] (APC) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/26 17:15:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\Program Files (x86)\Sage\CRM\CRM\tomcat\bin\tomcat6.exe -- (CRMTomcat6)
SRV - [2009/03/26 16:56:26 | 000,404,992 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Sage\CRM\Services\CRMIndexerService.exe -- (CRMIndexerService)
SRV - [2009/03/26 16:56:26 | 000,330,752 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files (x86)\Sage\CRM\Services\CRMIntegrationService.exe -- (CRMIntegrationService)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/07/30 20:52:34 | 000,111,904 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\ntbtrv.exe -- (Pervasive.SQL (transactional))
SRV - [2008/07/30 20:52:34 | 000,036,640 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3sqlmgr.exe -- (Pervasive.SQL (relational))
SRV - [2008/07/08 18:15:18 | 000,122,880 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Sage\CRM\Services\SpellChecker\jetty\extra\win32\Wrapper.exe -- (JSpell2k4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/01 21:17:41 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2011/10/24 09:40:30 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/10/24 09:40:08 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/10/24 09:39:28 | 000,171,152 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/09/22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:33:18 | 000,066,944 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dfsrro.sys -- (DfsrRo)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:57:17 | 000,181,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2009/10/15 16:37:52 | 000,088,064 | ---- | M] (ASPEED Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\astgrp.sys -- (ASTGraphics)
DRV:64bit: - [2009/09/30 18:14:22 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2009/07/13 20:48:16 | 000,269,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q62x64.sys -- (e1qexpress) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,051,776 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfs.sys -- (DfsDriver)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/06/10 13:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1111\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1118\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1162\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-583237342-697765880-2610033128-1176\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-583237342-697765880-2610033128-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/04/24 08:23:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/08 09:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/04/24 08:23:21 | 000,000,000 | ---D | M]

[2011/04/03 00:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cclark\AppData\Roaming\mozilla\Extensions
[2011/04/03 00:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cclark\AppData\Roaming\mozilla\Firefox\Profiles\1m3bumwi.default\extensions
[2012/01/28 11:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/05/08 09:37:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/21 15:06:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/21 15:06:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [BackupStatusIcon] C:\Program Files (x86)\Tri Tech Information Systems\Backup Essentials\BackupStatusIcon.exe (Online Backup Solution)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-583237342-697765880-2610033128-1162\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-583237342-697765880-2610033128-1176\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: tri-tech.com ([ms] * in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} http://localhost/crm/Plugin/eWarePluginX.cab (XeWare Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qchain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46E3205C-78B7-4FCF-9EFA-AA1C22BA66AD}: NameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 09:28:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- \\DATASERVER\HomeDir\Colin\Desktop\OTL.exe
[2012/07/02 13:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tri Tech Information Systems
[2012/06/27 13:11:05 | 000,000,000 | ---D | C] -- C:\Users\cclark\AppData\Roaming\Malwarebytes
[2012/06/27 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/27 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/27 13:10:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 13:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/19 09:55:25 | 000,607,260 | R--- | C] (Swearware) -- \\DATASERVER\HomeDir\Colin\Desktop\dds.scr
[2012/06/15 15:03:50 | 000,000,000 | ---D | C] -- \\DATASERVER\HomeDir\Colin\Desktop\GooredFix Backups
[2012/06/15 15:03:38 | 000,071,398 | ---- | C] (jpshortstuff) -- \\DATASERVER\HomeDir\Colin\Desktop\GooredFix.exe
[2012/06/15 14:04:14 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/15 14:04:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/15 14:04:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/15 14:04:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/15 14:03:42 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/15 14:03:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/15 14:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/15 14:03:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/15 14:02:46 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/15 14:02:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/15 14:02:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/15 14:02:40 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/15 14:02:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/15 14:02:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/15 14:02:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/15 14:00:10 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/15 14:00:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 02:07:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 02:07:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 02:07:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/03 09:39:48 | 000,000,392 | ---- | M] () -- C:\Windows\SysWow64\winsusrm.dll
[2012/07/03 09:33:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-583237342-697765880-2610033128-500UA.job
[2012/07/03 09:11:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- \\DATASERVER\HomeDir\Colin\Desktop\OTL.exe
[2012/07/03 08:42:59 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2140.DAT
[2012/07/03 08:42:22 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 08:42:22 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 08:33:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-583237342-697765880-2610033128-500Core.job
[2012/07/02 13:53:26 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\BackupEssentials Monitor.lnk
[2012/06/27 13:10:58 | 000,001,133 | ---- | M] () -- C:\Users\cclark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/27 13:10:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 13:58:40 | 001,315,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 13:58:40 | 001,039,362 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/23 13:58:40 | 000,264,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 13:50:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 13:49:59 | 000,286,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/19 10:42:29 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\DocuFire Server Manager.lnk
[2012/06/19 08:35:21 | 000,607,260 | R--- | M] (Swearware) -- \\DATASERVER\HomeDir\Colin\Desktop\dds.scr
[2012/06/19 08:27:48 | 000,050,477 | ---- | M] () -- \\DATASERVER\HomeDir\Colin\Desktop\Defogger.exe
[2012/06/15 13:06:32 | 000,071,398 | ---- | M] (jpshortstuff) -- \\DATASERVER\HomeDir\Colin\Desktop\GooredFix.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/02 13:53:26 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\BackupEssentials Monitor.lnk
[2012/06/27 13:10:58 | 000,001,133 | ---- | C] () -- C:\Users\cclark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/27 13:10:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/19 09:55:25 | 000,050,477 | ---- | C] () -- \\DATASERVER\HomeDir\Colin\Desktop\Defogger.exe
[2012/06/19 09:55:24 | 000,302,592 | ---- | C] () -- \\DATASERVER\HomeDir\Colin\Desktop\gmer.exe
[2012/03/19 22:41:20 | 000,007,602 | ---- | C] () -- C:\Users\cclark\AppData\Local\Resmon.ResmonCfg
[2011/08/26 09:10:18 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/26 09:10:18 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/07/27 05:57:32 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011/07/27 05:57:32 | 000,001,645 | ---- | C] () -- C:\Windows\unins000.dat
[2011/06/09 10:53:52 | 000,000,076 | ---- | C] () -- C:\Users\cclark\logonnew.bat
[2011/02/24 16:31:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/24 09:41:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\APCSnmp.dll
[2011/01/18 16:26:31 | 000,001,183 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/02 16:55:17 | 000,079,928 | ---- | C] () -- C:\Windows\SysWow64\sqljdbc_auth.dll
[2010/11/02 16:55:16 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\jacob-1.14.3-x86.dll
[2010/09/27 10:03:29 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\Wbtrvc32.dll
[2010/09/27 10:03:28 | 000,860,160 | ---- | C] () -- C:\Windows\SysWow64\mucomain.dll
[2010/09/27 10:03:28 | 000,225,348 | ---- | C] () -- C:\Windows\SysWow64\Mkckv.dll
[2010/09/27 10:03:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Encrypt.dll
[2010/09/27 10:03:18 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010/09/17 13:33:49 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/11 14:10:39 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\winsusrx.dll
[2010/08/11 10:38:27 | 001,309,206 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 10:37:22 | 000,000,392 | ---- | C] () -- C:\Windows\SysWow64\winsusrm.dll
[2010/08/06 11:14:39 | 001,658,972 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
[2010/08/06 11:13:05 | 000,573,440 | ---- | C] () -- C:\Windows\SysWow64\bvapi.dll
[2010/08/06 11:13:05 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\GVJPEG32.DLL
[2010/08/06 11:09:17 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/08/06 10:58:58 | 000,006,812 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/06 10:03:54 | 000,028,256 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/08/06 10:03:20 | 000,022,622 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >
_____________________________________________________________________________________________________________




Server-A Extras.txt:
OTL Extras logfile created on: 7/3/2012 9:28:48 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = \\DATASERVER\HomeDir\Colin\Desktop
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTDomainController
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

31.99 Gb Total Physical Memory | 18.57 Gb Available Physical Memory | 58.04% Memory free
63.98 Gb Paging File | 42.01 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 212.53 Gb Total Space | 128.59 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive D: | 1650.39 Gb Total Space | 859.24 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 21.87 Gb Free Space | 3.67% Space Free | Partition Type: NTFS

Computer Name: DATASERVER | User Name: colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A3238D7-AC64-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Server Engine (64-bit)
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = Microsoft SQL Server 2008 Reporting Services
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{0D3BCE9D-1759-41D0-8083-7B1380E7A87E}" = Microsoft SQL Server 2008 Upgrade Advisor
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = Microsoft SQL Server 2008 Reporting Services
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{4449B83C-1257-4355-8F3E-71280E922B5F}" = Intel® Network Connections 14.7.31.0
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{47DEB25D-4FA2-4894-8A0D-FE944C47326E}" = Microsoft Baseline Security Analyzer 2.1
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{67C816AF-93F0-4C11-A355-AABC5FC00083}" = Microsoft SQL Server 2008 BI Development Studio
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = Microsoft SQL Server 2008 Analysis Services
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CEC1801-DB68-48CE-B74F-5733BBD3F729}" = ESET NOD32 Antivirus
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A66F6103-4F14-484B-96DD-B2F1D75798E7}" = 64 Bit HP CIO Components Installer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{AE479CE0-753F-49C0-B8E6-79A37403999F}" = Microsoft SQL Server 2008 BI Development Studio
"{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
"{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = Microsoft SQL Server 2008 Analysis Services
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5FEEB7E-F647-4D18-85BA-096750A15547}" = Microsoft SQL Server 2008 Integration Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"0333-5158-0709-9681" = Attivio Active Intelligence Engine 2.2.0
"F95B380DCA206A925CB85F6AA70D4643087E9D68" = Windows Driver Package - ASPEED (ASTGraphics) Display (07/14/2009 6.00.10.0090)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"PROSetDX" = Intel® Network Connections 14.7.31.0
"traction5138" = traction5138
"traction5204a" = traction5204a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 SP1 Management Studio
"{0C0352C8-3E12-448C-8DA1-BAD3F37F1893}" = Prism Web
"{10F65A2D-8EB5-4DC8-A2CB-28EFDADF2393}}_is1" = Accelerator for Sage CRM 3.6.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{116D8280-72CE-46EC-BFC5-93AA5F9DCFFF}" = Task Manager for Sage CRM Process Application
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 SP1 Management Studio
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C027224-37CE-11D4-88CB-00C04FEF9A63}" = KnowledgeSync
"{241A0703-46F1-4D04-AA6E-28E9C325B5FE}" = CRM
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{5345EEC3-7058-40C9-89FF-2032B3F51722}" = Sage BusinessVision Report Designer
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{782754F6-29B1-448B-9805-783B09DC549E}" = BackupEssentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (English) 2010
"{90140000-001C-0409-0000-0000000FF1CE}_Office14.AccessRT_{FF0EF2BE-3400-4E0C-BE30-6D04441CE0ED}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96BC9864-A627-40AF-81E0-A14E91774C74}" = zeckoCentral 3.6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ADB3EF96-19F9-4B83-A1E4-A4F1D510E2F4}" = BASAgentXML
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C1E185F0-59EC-4A55-B57B-76648AF91332}" = PrismServer
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D151B19B-29A0-40C8-A386-CC2D46F5963A}}_is1" = Task Manager for Sage CRM 1.3.0
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D428AB95-35B2-4868-B656-5C316E25EC69}" = SQL Server 2008 R2 SP1 Database Engine Services
"{D4C796BA-7C77-4BEE-83A7-4DC2BE0BD90F}" = IM SDK Redistributable Package
"{D66D904D-F7A6-4FCE-BB74-98FF5293F982}" = zeckoShop User Manager
"{D6FB44C6-ED23-46E6-8EB7-A14E15B2F64C}" = DocuFire for Windows
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = SQL Server 2008 R2 SP1 Database Engine Services
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{F41E5436-9C37-45AF-909F-B379679FE8ED}" = Sage BusinessVision Client-Server Edition (remove only)
"{F4E4FB85-5A88-4E84-A2DF-AB8E9A65611D}" = zeckoSoftware Services 3.6.3
"{F9A6232C-3F26-4C3C-92DE-2EB3158FA1AC}" = ASPEED Graphics WinS08R2_x64 v.0.90
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belarc Advisor" = Belarc Advisor 8.2
"BVEssentials_is1" = BVEssentials 5.6.7 Build 11314
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"MK PowerTools SQL for BusinessVision" = MK PowerTools SQL for BusinessVision
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Notepad++" = Notepad++
"Office14.AccessRT" = Microsoft Access Runtime 2010
"Pervasive PSQL v10.10 Server Engine (64-bit)" = Pervasive PSQL v10.10 Server Engine (64-bit)
"PRISM_Rep_2.0" = BASis Inventory System Version 7.98
"Sage CRM" = Sage CRM
"SQLBackupAndFTP" = SQLBackupAndFTP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.0.0.799

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583237342-697765880-2610033128-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Active Directory Web Services Events ]
Error - 4/24/2012 10:37:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:38:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:39:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:40:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:41:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:42:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:43:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:44:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:45:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

Error - 4/24/2012 10:46:01 AM | Computer Name = DataServer.qchain.local | Source = ADWS | ID = 1206
Description =

[ Application Events ]
Error - 7/1/2012 4:03:55 AM | Computer Name = DataServer.qchain.local | Source = BackupAgent | ID = 8193
Description = [BACKUP Finished] BVData Backup Errors: 2 Warning: 0 Bytes Uploaded:
446176 (435.72 KB) Items Transfered: 6

Error - 7/1/2012 4:53:48 AM | Computer Name = DataServer.qchain.local | Source = Report Server Windows Service (MSSQLSERVER) | ID = 140
Description = The application domain WindowsService_14 failed to initialize. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException:
The report server has encountered a configuration error. at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_ConnectionString()

at Microsoft.ReportingServices.Library.ConnectionConfig..ctor() at Microsoft.ReportingServices.Library.ConnectionManager..ctor()

at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread(Object
firstStart).

Error - 7/1/2012 4:53:56 PM | Computer Name = DataServer.qchain.local | Source = Report Server Windows Service (MSSQLSERVER) | ID = 140
Description = The application domain WindowsService_15 failed to initialize. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException:
The report server has encountered a configuration error. at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_ConnectionString()

at Microsoft.ReportingServices.Library.ConnectionConfig..ctor() at Microsoft.ReportingServices.Library.ConnectionManager..ctor()

at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread(Object
firstStart).

Error - 7/1/2012 5:42:24 PM | Computer Name = DataServer.qchain.local | Source = MsiInstaller | ID = 10005
Description =

Error - 7/2/2012 4:02:59 AM | Computer Name = DataServer.qchain.local | Source = BackupAgent | ID = 8193
Description = [BACKUP Finished] BVData Backup Errors: 2 Warning: 0 Bytes Uploaded:
419872 (410.03 KB) Items Transfered: 8

Error - 7/2/2012 4:54:00 AM | Computer Name = DataServer.qchain.local | Source = Report Server Windows Service (MSSQLSERVER) | ID = 140
Description = The application domain WindowsService_16 failed to initialize. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException:
The report server has encountered a configuration error. at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_ConnectionString()

at Microsoft.ReportingServices.Library.ConnectionConfig..ctor() at Microsoft.ReportingServices.Library.ConnectionManager..ctor()

at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread(Object
firstStart).

Error - 7/2/2012 4:54:09 PM | Computer Name = DataServer.qchain.local | Source = Report Server Windows Service (MSSQLSERVER) | ID = 140
Description = The application domain WindowsService_17 failed to initialize. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException:
The report server has encountered a configuration error. at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_ConnectionString()

at Microsoft.ReportingServices.Library.ConnectionConfig..ctor() at Microsoft.ReportingServices.Library.ConnectionManager..ctor()

at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread(Object
firstStart).

Error - 7/3/2012 2:12:37 AM | Computer Name = DataServer.qchain.local | Source = MsiInstaller | ID = 10005
Description =

Error - 7/3/2012 4:31:52 AM | Computer Name = DataServer.qchain.local | Source = BackupAgent | ID = 8193
Description = [BACKUP Finished] BVData Backup Errors: 3 Warning: 0 Bytes Uploaded:
10721424 (10.22 MB) Items Transfered: 475

Error - 7/3/2012 4:54:12 AM | Computer Name = DataServer.qchain.local | Source = Report Server Windows Service (MSSQLSERVER) | ID = 140
Description = The application domain WindowsService_18 failed to initialize. Error:
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException:
The report server has encountered a configuration error. at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_ConnectionString()

at Microsoft.ReportingServices.Library.ConnectionConfig..ctor() at Microsoft.ReportingServices.Library.ConnectionManager..ctor()

at Microsoft.ReportingServices.Library.ServiceController.ServiceStartThread(Object
firstStart).

[ DFS Replication Events ]
Error - 8/6/2010 1:49:06 PM | Computer Name = DataServer | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller to
access configuration information. Replication is stopped. The service will try again
during
the next configuration polling cycle, which will occur in 60 minutes. This event
can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services,
or DNS issues. Additional Information: Error: 1355 (The specified domain either does
not exist or could not be contacted.)

[ DNS Server Events ]
Error - 4/24/2012 10:15:47 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:19:08 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:22:29 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:25:50 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:29:11 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:32:32 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:35:53 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:39:14 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:42:35 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

Error - 4/24/2012 10:45:56 AM | Computer Name = DataServer.qchain.local | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is configured to obtain and use information from the directory for this zone and
is unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

[ System Events ]
Error - 8/30/2011 2:48:57 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Xerox Phaser 8860 PS required for printer Phaser 8860 PS is
unknown. Contact the administrator to install the driver before you log in again.

Error - 8/30/2011 2:48:58 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver DocuFire Printer required for printer DocuFire Printer for
Quality Chain Canada is unknown. Contact the administrator to install the driver
before you log in again.

Error - 8/30/2011 2:49:00 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Send To Microsoft OneNote 2010 Driver required for printer
Send To OneNote 2010 is unknown. Contact the administrator to install the driver
before you log in again.

Error - 8/30/2011 3:43:30 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Adobe PDF Converter required for printer Adobe PDF is unknown.
Contact the administrator to install the driver before you log in again.

Error - 8/30/2011 3:43:32 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver DocuFire Printer required for printer DocuFire Attachment Printer
is unknown. Contact the administrator to install the driver before you log in again.

Error - 8/30/2011 3:43:33 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver DocuFire Printer required for printer DocuFire Printer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 8/30/2011 3:43:34 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 8/30/2011 3:43:35 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Send To Microsoft OneNote 2010 Driver required for printer
Send To OneNote 2010 is unknown. Contact the administrator to install the driver
before you log in again.

Error - 8/30/2011 3:43:36 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver DocuFire Printer required for printer DocuFire Printer for
Quality Chain Canada is unknown. Contact the administrator to install the driver
before you log in again.

Error - 8/30/2011 3:43:38 PM | Computer Name = DataServer.qchain.local | Source = UmrdpService | ID = 1111
Description = Driver Xerox Phaser 8860 PS required for printer Phaser 8860 PS is
unknown. Contact the administrator to install the driver before you log in again.

[ zeckoSoftware Events ]
Error - 7/3/2012 12:46:16 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12016 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:18 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12017 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:21 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12018 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:23 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12019 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:25 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12020 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:27 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12021 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:30 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12022 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:32 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12023 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:34 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12024 - Error: Unknown column 'TransID' in 'field list'

Error - 7/3/2012 12:46:36 PM | Computer Name = DataServer.qchain.local | Source = zeckoShop Sync | ID = 0
Description = [Database: quality_chain_31], Sync Name: AR - Current Item: AR Trans
ID: 12025 - Error: Unknown column 'TransID' in 'field list'


< End of report >
__________________________________________________________________________________________________________

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 03 July 2012 - 08:05 PM

Are you using one specific browser? Do you have problems with all browsers?
Posted Image
m0le is a proud member of UNITE

#10 Colin_BC

Colin_BC
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2012 - 10:18 AM

When the problem is occurring, it happens across all browsers. Some users in the office prefer Explorer; some prefer Mozilla Firefox, and some prefer Google Chrome. I prefer to use Google Chrome on my work PC, however I do occasionally have to use Internet Explorer for the odd site that doesn't support Chrome. Web browsing doesn't generally happen directly on the domain/active directory server.

Colin

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 04 July 2012 - 12:35 PM

If there's a problem throughout the network it implies that the server is the cause so we'll check that first

Can you run MBAM on the server

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#12 Colin_BC

Colin_BC
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2012 - 06:42 PM

MBAM scan is in progress. I will post the results tomorrow. This is a program I have used regularly and recommended to others for a while :)

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 04 July 2012 - 06:54 PM

It's an excellent program and it's updates are very regular. Why did you stop recommending it?
Posted Image
m0le is a proud member of UNITE

#14 Colin_BC

Colin_BC
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 05 July 2012 - 12:56 AM

My last post read incorrectly. I still recommend MBAM to anyone that will listen ;)

The results on my work PC (PC-A) came up with zero threats, although I do run MBAM on this machine fairly regularly. The server had 5 hits (Produkey.exe). Threats were removed followed immediately by a reboot when prompted after cleaning:



PC-A:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cclark :: QCHAIN-WS11 [administrator]

04/07/2012 4:47:19 PM
mbam-log-2012-07-04 (16-47-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 912918
Time elapsed: 1 hour(s), 51 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
______________________________________________________________________




Server-A:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows Server 2008 R2 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
colin :: DATASERVER [administrator]

7/4/2012 1:50:45 PM
mbam-log-2012-07-04 (13-50-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 1899799
Time elapsed: 4 hour(s), 49 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\LTSvc\scripts\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
D:\Data\shared folder\QCC Applications\IT\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
D:\Data\Software\produkey-x64\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
D:\HomeDir\Vince\User Folders\Vince\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
F:\HomeDir\Vince\User Folders\Vince\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)
______________________________________________________________________________________________________________________________

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 PM

Posted 05 July 2012 - 05:41 PM

It's a surprise that this type of bundled software was on a server.

Please run Combofix on the server now.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users