help with fbi lockout screen virus Please

johnb35 · Jun 3, 2013

OK, what I want you to do is do a full scan with malwarebytes, make sure its updated before you run it and post the log.

pjoseph · Jun 3, 2013

Ok will do

just curious why would we want to uncheck the option to remove found threats?

thanks again

johnb35 · Jun 3, 2013

Because it might find something that actually isn't a threat.

pjoseph · Jun 3, 2013

ok

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.03.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
pamato :: ENPUSREML0278 [administrator]

Protection: Enabled

6/2/2013 7:30:05 PM
MBAM-log-2013-06-02 (20-24-25).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404107
Time elapsed: 52 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Users\pamato\flashplayer.exe.vir (Trojan.Inject.RRE) -> No action taken.

(end)

johnb35 · Jun 3, 2013

Ok. I will look more into depth on this in the morning when I have a fresh mind. Going to bed now. You might have a program installed that trying to call home or vice versa.

pjoseph · Jun 3, 2013

should i remove the oTrojan that malwarebytes found?

johnb35 · Jun 3, 2013

You can, even though its already in quarantine. Sorry, haven't looked at your logs again. Had to fix my gf's computer this morning.

johnb35 · Jun 3, 2013

Are you using a proxy to access the internet? Also, providing you have actually shut down your computer instead of restarting it, can you rerun the eset scanner to make sure that trojan in the operating memory is gone? The only other thing I can think of is what I said before, you have some program installed that is calling home. I've made a list of programs I'm not familiar with so if you aren't familiar with them then try uninstalling them.

X10 Hardware
Scansoft PDF Professional
RUMBA 2000
Nuance PDF Converter Professional 7
MANDIANT Intelligent Response Agent
LAME v3.99.3 (for Windows)
LANDesk Advance Agent
LANDesk(R) Common Base Agent 8
eReg
foobar2000 v1.1.15
32 Bit HP CIO Components Installer
Active Models

pjoseph · Jun 3, 2013

no problem at all,

should i still uncheck the option to remove found threats ?

johnb35 · Jun 3, 2013

pjoseph · Jun 3, 2013

when im in the office on the network yes a proxy is used to access internet.

johnb35 · Jun 3, 2013

Anything stand out with those programs I listed?

pjoseph · Jun 4, 2013

Found 5 this time,

C:\Qoobox\Quarantine\C\Users\pamato\msconfig.exe.vir
a variant of Win32/Injector.AHLQ trojan

C:\Qoobox\Quarantine\C\Users\pamato\AppData\Local\d6a229c4-3b65-43a8-ab14-a6e1f19addf4ad\dacbaabaefaddfad.exe.vir
a variant of Win32/Injector.AHLQ trojan

C:\Qoobox\Quarantine\C\Users\pamato\AppData\Local\d6a229c4-3b65-43a8-ab14-a6e1f19addf4ad\_dacbaabaefaddfad_.exe.zip
a variant of Win32/Injector.AHLQ trojan

C:\Users\pamato\AppData\Roaming\wabEventSupport16\{9a0cc1ab-a1bd-57af-3bb1-96043bca195a}.exe a variant of Win32/Kryptik.BCOR trojan

Operating memory a variant of Win32/Boaxxe.AW trojan

pjoseph · Jun 4, 2013

Any updates on what i should do next?

Also should i avoid connecting to a network not sure if this can spread to other computers on the network

johnb35 · Jun 5, 2013

Well, that trojan in the operating memory is still there. I don't understand this if you have totally shut the system down.

johnb35 · Jun 5, 2013

Download OTL to your Desktop

Click on the green download box on that page to download OTL.

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

pjoseph · Jun 5, 2013

OTL logfile created on: 6/4/2013 6:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pamato\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 62.60% Memory free
6.33 Gb Paging File | 4.47 Gb Available in Paging File | 70.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 52.40 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive E: | 115.70 Gb Total Space | 113.99 Gb Free Space | 98.52% Space Free | Partition Type: NTFS

Computer Name: ENPUSREML0278 | User Name: pamato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\pamato\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe ()
PRC - c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe ()
PRC - C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
PRC - C:\Windows\System32\Prot_srv.exe (Check Point Software Tech Ltd)
PRC - C:\Windows\System32\pstartSr.exe (Check Point Software Tech Ltd)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\rcgui.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software, Inc.)
PRC - C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\issuser.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\collector.exe (LANDesk Software, Ltd.)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cba\pds.exe (LANDesk Software Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (IRA) -- C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe ()
SRV - (vpnagent) -- c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (Pointsec) -- C:\Windows\System32\Prot_srv.exe (Check Point Software Tech Ltd)
SRV - (Pointsec_start) -- C:\Windows\System32\pstartSr.exe (Check Point Software Tech Ltd)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Softmon) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
SRV - (Intel Targeted Multicast) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
SRV - (LANDesk Policy Invoker) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe (LANDesk Software, Ltd.)
SRV - (ISSUSER) -- C:\Program Files\LANDesk\LDClient\issuser.exe (LANDesk Software, Ltd.)
SRV - (Intel Local Scheduler Service) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (CBA8) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Intel PDS) -- C:\Windows\System32\cba\pds.exe (LANDesk Software Ltd.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\pamato\AppData\Local\Temp\catchme.sys File not found
DRV - (Acceler) -- system32\DRIVERS\Accelern.sys File not found
DRV - (Mandiant_Tools) -- C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys ()
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130604.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130604.003\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Ser2plx86) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (Teefer3) -- C:\Windows\System32\drivers\Teefer3.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (AX88772) -- C:\Windows\System32\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (O2MDRRDR) -- C:\Windows\System32\drivers\O2MDRw7.sys (O2Micro )
DRV - (NETwNx32) -- C:\Windows\System32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (prot_2k) -- C:\Windows\System32\drivers\prot_2k.sys (Check Point Software Tech Ltd)
DRV - (NewMisc) -- C:\Windows\System32\drivers\newmisc.sys (Panasonic Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (ldblank) -- C:\Windows\System32\drivers\ldblank.sys (Avocent Corporation)
DRV - (mirrorflt) -- C:\Windows\System32\drivers\mirrorflt.sys (Avocent Corporation)
DRV - (ldmirror) -- C:\Windows\System32\drivers\ldmirror.sys (Avocent Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HOTKEY) -- C:\Windows\System32\drivers\hotkey.sys (Panasonic Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (avpnnic) -- C:\Windows\System32\drivers\avpnnic.sys (AT&T)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 82 64 33 D4 8C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.1.1;*.ascopower.*;*.ascoswitch.com;*.enps.com;*.liebert.com;*.emrsn.org;*.learninglogin.com;155.104.*;10.*;192.168.*;*.emerson.*;*.msftncsi.com;*.careermap.net;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = enpusfpkinf01:8080

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/24 08:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/20 15:19:51 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Mozilla Plugins\npitunes.dll
CHR - Extension: Google Docs = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: Lavasoft NewTab = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.8_0\
CHR - Extension: Ad-Aware Security Add-on = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko\1.0.0.6_0\
CHR - Extension: Gmail = C:\Users\pamato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/31 17:37:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 7-reminder] C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Widcomm] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = EMRSN
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with PDF Professional 7 - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.48.146.16 10.48.146.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE19E7CD-0036-42B8-947B-2A33D51CC9B3}: DhcpNameServer = 10.48.146.16 10.48.146.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C}: Domain = emrsn.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39B21CE-17BD-4563-BC8F-26C93DDA032C}: NameServer = 10.16.64.11,10.20.64.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 17:40:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pamato\Desktop\OTL.exe
[2013/06/04 08:23:51 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Malwarebytes Anti-Malware Pro v1.75.0.1300 Incl Keygen-BRD [TorDigger]
[2013/06/02 16:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/02 16:13:15 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\mbar
[2013/05/31 18:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/31 17:37:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/31 17:29:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/31 17:18:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/31 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\LAX 5-31-13
[2013/05/31 16:39:37 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Centinela Pics
[2013/05/31 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\Vanguard
[2013/05/31 13:50:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pamato\Desktop\tdsskiller.exe
[2013/05/31 13:48:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/31 11:54:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/31 11:54:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/31 11:54:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/31 11:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/31 11:52:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/31 10:24:39 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\600 Wilshire
[2013/05/31 10:22:00 | 005,076,038 | R--- | C] (Swearware) -- C:\Users\pamato\Desktop\ComboFix.exe
[2013/05/31 09:02:24 | 000,000,000 | ---D | C] -- C:\found.001
[2013/05/31 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/31 08:21:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/31 08:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/31 07:55:26 | 000,000,000 | ---D | C] -- C:\found.000
[2013/05/30 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\adawarebp
[2013/05/30 17:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/30 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/30 16:46:56 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\Malwarebytes
[2013/05/30 16:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/30 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\Programs
[2013/05/30 16:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/05/30 16:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/05/30 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\wabEventSupport16
[2013/05/30 13:59:41 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/05/29 06:37:50 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\May 2013
[2013/05/25 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\car
[2013/05/23 20:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\pamato\Desktop\IS628
[2013/05/21 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\pamato\AppData\Local\Widcomm
[2013/05/06 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2011/12/28 11:34:53 | 054,579,096 | ---- | C] (Dell Inc.) -- C:\Users\pamato\AppData\Roaming\NIC_DRVR_WIN_R292653.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/04 18:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/04 18:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/04 17:40:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pamato\Desktop\OTL.exe
[2013/06/04 11:55:40 | 000,663,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/04 11:55:40 | 000,122,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/04 11:20:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/06/04 08:25:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 18:20:43 | 000,036,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 18:20:43 | 000,036,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 18:13:06 | 2548,711,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 17:37:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/31 17:02:56 | 000,108,786 | ---- | M] () -- C:\Users\pamato\Desktop\754578-051_C.pdf
[2013/05/31 14:42:32 | 000,066,816 | ---- | M] () -- C:\Users\pamato\Desktop\VA livermore invoice.pdf
[2013/05/31 13:51:06 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pamato\Desktop\tdsskiller.exe
[2013/05/31 10:22:03 | 005,076,038 | R--- | M] (Swearware) -- C:\Users\pamato\Desktop\ComboFix.exe
[2013/05/31 09:10:24 | 000,632,031 | ---- | M] () -- C:\Users\pamato\Desktop\adwcleaner.exe
[2013/05/30 17:49:43 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/05/30 17:49:43 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/05/30 17:17:18 | 000,030,464 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/28 10:37:19 | 001,069,415 | ---- | M] () -- C:\Users\pamato\Desktop\617421-036_-.pdf
[2013/05/24 08:17:45 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013/05/23 17:47:39 | 000,047,402 | RHS- | M] () -- C:\Users\pamato\ntuser.pol
[2013/05/23 17:45:13 | 000,000,198 | ---- | M] () -- C:\adinfo.ldf
[2013/05/23 17:44:59 | 000,038,178 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/05/16 18:50:50 | 000,008,192 | ---- | M] () -- C:\Users\pamato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 15:37:30 | 000,004,096 | -H-- | M] () -- C:\Users\pamato\AppData\Local\keyfile3.drm
[2013/05/14 22:00:51 | 000,487,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/04 11:20:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2013/05/31 17:02:58 | 000,108,786 | ---- | C] () -- C:\Users\pamato\Desktop\754578-051_C.pdf
[2013/05/31 14:42:31 | 000,066,816 | ---- | C] () -- C:\Users\pamato\Desktop\VA livermore invoice.pdf
[2013/05/31 11:54:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/31 11:54:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/31 11:54:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/31 11:54:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/31 11:54:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/31 09:10:19 | 000,632,031 | ---- | C] () -- C:\Users\pamato\Desktop\adwcleaner.exe
[2013/05/31 08:21:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/30 17:17:18 | 000,030,464 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/05/28 10:37:09 | 001,069,415 | ---- | C] () -- C:\Users\pamato\Desktop\617421-036_-.pdf
[2013/05/24 08:17:45 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
[2013/05/15 15:37:30 | 000,004,096 | -H-- | C] () -- C:\Users\pamato\AppData\Local\keyfile3.drm
[2013/04/04 04:33:39 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/04/04 04:33:37 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/04/04 04:33:37 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/04/04 04:33:37 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/04/04 04:33:37 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/02/13 22:25:17 | 000,000,702 | ---- | C] () -- C:\Users\pamato\.jscreenfix.licence
[2012/10/23 22:36:58 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2012/06/27 11:51:10 | 000,008,192 | ---- | C] () -- C:\Users\pamato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 08:04:44 | 000,010,009 | ---- | C] () -- C:\Windows\agnslang.ini
[2011/11/30 00:12:43 | 000,233,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/17 07:43:45 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ldcred.dll
[2011/11/16 01:14:12 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/10/21 19:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/10/21 07:24:20 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2011/10/17 11:11:13 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/10/17 11:11:12 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/10/17 11:11:11 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/10/17 11:11:11 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/10/17 10:47:22 | 000,000,017 | -H-- | C] () -- C:\Users\pamato\AppData\Local\resmon.resmoncfg
[2011/10/17 06:44:27 | 000,047,402 | RHS- | C] () -- C:\Users\pamato\ntuser.pol
[2011/10/13 07:06:35 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/09 09:09:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/09 08:59:24 | 000,038,178 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\SHELL32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/31 21:37:38 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Audacity
[2011/10/27 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Autodesk
[2012/10/22 20:16:51 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\foobar2000
[2012/03/02 13:58:07 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\IrfanView
[2013/03/20 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Leadertech
[2012/05/14 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Nuance
[2011/12/04 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\OverDrive
[2012/04/02 08:19:52 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\TeamViewer
[2013/05/30 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\wabEventSupport16
[2011/10/19 22:14:13 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\www.shadowexplorer.com
[2012/05/09 14:35:45 | 000,000,000 | ---D | M] -- C:\Users\pamato\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP

95ACC7D

< End of report >

pjoseph · Jun 5, 2013

OTL Extras logfile created on: 6/4/2013 6:56:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pamato\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 62.60% Memory free
6.33 Gb Paging File | 4.47 Gb Available in Paging File | 70.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 52.40 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive E: | 115.70 Gb Total Space | 113.99 Gb Free Space | 98.52% Space Free | Partition Type: NTFS

Computer Name: ENPUSREML0278 | User Name: pamato | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.wsf [@ = WallData.FileAS400DisplayDocument.2] -- C:\Program Files\WallData\System\Wddsppag.Bin (Wall Data Incorporated)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 1
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 1
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085D1112-53EE-47C4-A0CF-AF1CFD08287C}" = lport=67 | protocol=6 | dir=in | name=landesk(r) pxe tcp port |
"{19BAA253-08BF-44B1-AFAA-298A476889FE}" = lport=67 | protocol=17 | dir=in | name=landesk(r) pxe udp port |
"{39B09B1D-01AE-448C-B55F-409FDD790FE1}" = lport=445 | protocol=6 | dir=in | name=smb over tcp |
"{9B27CB0F-6715-4755-915E-05FA6F9B3139}" = lport=9535 | protocol=17 | dir=in | name=landesk(r) remote control agent udp port |
"{AFACEA94-BA6C-4203-B50B-F8552FCB864C}" = lport=139 | protocol=6 | dir=in | name=netbios session service |
"{BDD72772-EF74-47AA-81F7-1A7A38E35F91}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C031518E-3400-4B15-A447-119EF36F09EC}" = lport=9535 | protocol=6 | dir=in | name=landesk(r) remote control agent tcp port |
"{CD18A6CA-31DD-44DA-9693-558408E21746}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{D1AB47EB-3956-4BBA-8CF2-6A3DFD8F589F}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{E913FEC8-5A2F-4F42-9053-9DE975A0C0A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026870B0-8FC5-497A-81BE-9CEBE7D60EEC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{02CDAB34-5CCC-4E9E-AE12-FE1D4B6E7D0D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0351DA6D-8DEA-4C11-92B9-B898BEA49D46}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{04D91897-1452-4697-AB22-6A587604A6E9}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0575B5AF-44B4-420F-A42A-0DA20FB40DBE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{05E51F21-B82C-45E6-BB5E-6B487FEEC425}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{05FD0B9C-BD2D-47FA-A160-5CD9D8D7DEAF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{05FD9CC8-3E51-4E79-902B-8C27A1688152}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{06ACB08F-B9A1-4FC3-A0C9-ABFAF78A3CC9}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{06F2E047-82C8-4F40-801B-28AF6CFD3EE0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{076C5727-FFEC-4CE0-9908-CCAFF0021B2E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{07AE27F7-F576-4B78-B17F-E3469E26F0F5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{08E6D8A6-FE3E-40C6-9D11-97DB1F4BE0A5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0919A952-5D5D-42A3-9E15-F640BDD72988}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{09807C93-DAF1-4944-A345-F12996E8FB9B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{09A57EC5-8202-488C-8824-FDD1F5345FAB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{09FBB067-C8FE-4A7C-A162-F2564D173256}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0A083B85-84EE-459F-84F1-6641EDF03D18}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0A0FCEFC-B379-4317-BC70-F1716A00B687}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0A0FFE88-81D6-404B-8F32-F5E80F965948}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0A3DC1CB-B036-490C-9EAF-C75F7035B1FD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0A5BF8EA-CCEC-4D9D-851A-8F01A414EF28}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0B0B33E4-5945-4241-BF36-C1055D9D1C7B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0BC4275B-9A06-49BB-A2FE-179B80226EDC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0BCE2CF3-E4A9-4F9A-A67C-7370E49446F0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0C01B680-5765-4609-B0EF-372626A90CBC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0C8C74FA-F1E8-414C-8305-7C4F211C04F3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0CCBB9B7-9C38-4AB0-BF8B-9286AFECA831}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0E9E05A2-BC08-426C-8514-906C3F3D4547}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{0EB24E60-C1D0-42A6-B353-B34736F0A5AC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{103359D8-7DCE-4C06-A2FB-266F81CFE2BF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1217B658-799A-4901-8A34-8706E0C61509}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{12CCAD39-84BB-4451-87C4-203CB3F76D31}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1376F090-C2C5-49FF-AFF0-3E0E962458C4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{13DE8279-4E47-470F-BC3A-517576213520}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{147F8BB8-0B88-4FFE-8E29-418C34A8A296}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{15A31F2C-E1D2-498F-BEDF-5CFBECA607F1}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{15EED567-4311-44C4-9562-241AE4B5C3A3}" = protocol=17 | dir=in | app=c:\windows\system32\cba\pds.exe |
"{1666070E-3A4D-4370-B1BA-24223FD3A36C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1682BF4F-CBB6-4118-BA77-09912E8A6ABE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{16F81737-64A9-4061-9D1D-DD8E5E3AD312}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{18B72364-A0BA-4E99-ADBD-C40DBE645CB7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{18C45E78-D124-41DE-8EB1-F27E8AD057F0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{19220ACE-570D-4A43-92EF-A495B0CA3808}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{19CEF96B-9C4D-4E62-AA90-664B10AC2E3F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1A60B8B9-F056-4FB7-AF7C-CB0739E2D532}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1A84F960-A146-4C46-A07D-D0F0B0F728D9}" = protocol=6 | dir=in | app=c:\program files\landesk\ldclient\issuser.exe |
"{1AED4130-E271-4D1B-9686-22AC37F55EA7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1B28ED4E-45A6-4ADF-A93F-56E2742BA68C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1B452002-3F32-417C-B012-090BE693CB27}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1B780FD2-6CC5-4638-891A-36962E80EAF7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1BBC903B-5979-40D5-AAF2-ED362302105D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1BBCADB1-F744-421D-832F-537AA55F77A3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1C06CE01-F47B-406F-858E-F8936E816A7C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1D53714A-BADB-481C-BFBB-342CCAF8C664}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1DADDDC6-F8BB-46D5-8C81-2FFC093E0563}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1E645E91-3369-4A73-BA3A-E5C65C8698BB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1E64A43E-BD7D-42EA-9AE1-4B60A404AC8B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1ED10A20-688C-41E4-BCAD-290F9B3AA294}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1EE68F66-B584-4D6B-805D-E533FA3E086E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{1FA9E574-D8D2-4FED-9D2C-072764C18B5F}" = protocol=17 | dir=in | app=c:\windows\system32\msgsys.exe |
"{203EC748-1439-4E72-9319-9988100E5DF3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{222A146C-9E37-4F5D-BE31-16EC7BD810E7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{22928DAB-9D96-421C-8DE2-697CC23A0330}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{236B7502-9E4A-4556-90CF-AA710AC2D1E8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{23917408-B06E-45FC-93E5-15697EF2296A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2411EF18-D2EF-456D-BC45-49670B7507AD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{243EB383-1E2D-4371-BA21-1AF2C74C3138}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{25576CEA-5711-44A9-9792-426F21026966}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2576CACB-0537-47B9-AB1E-6435236120A1}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{259B1CB2-75C8-4F34-A9D9-B8445B0711C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{2681000B-CA32-4CE2-A1CD-BC28FE331B31}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{273D6B8A-FE12-4544-8F4E-2FD1946FBC0C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2816A314-EDF6-474F-A55A-74032B4B1943}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{28B2CFFE-BE3C-45D4-9278-2C40A10AED44}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{298C3505-312A-4DEE-BC57-A52F1F4D107A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2A90316E-2827-42F1-A113-A96A05803315}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2B7036D2-8D12-49CF-95FF-0FBD2BC8392E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{2BE87CAC-7A30-4295-ACB1-A38AB7176E3F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2CD94AAE-FDAF-45FE-AFBA-EBF994865A03}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2D0026F7-B773-4587-B519-D15EFB575AF7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2DD053F9-C2CC-412F-8C3F-2FEA095A055C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{2E3B3226-F7D2-4EDA-B019-C0360148F3DC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{302B2C73-5051-4710-B7D3-EAFB62E3F87A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3046FC95-C155-4BF9-980A-874BADC5AC06}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{31033A34-D6FD-48B2-B597-911EF7F998CA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{31A21A92-A2F2-4640-985D-3CC29BF820F6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{31D8AEC1-49D4-40CA-B641-DFCECFC83DDB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{323363EC-98E1-4D0C-A1D4-D7E2F478901C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{324ABA80-47E5-4A32-A70E-BF5256891B0C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{32BDE517-CD2A-4FAB-A444-FD1DB58A19C5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{32C9F9A4-19F1-4463-9DE1-DD6ACDF5361C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{342144D2-9B56-44A3-8B91-3E4B4EE48C33}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{34B941D0-29B8-4D01-9336-3041293E1AB7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{34BC581F-0C28-4594-83C0-011AA505070B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3573E6A8-9244-4DDA-B596-292A3A6560C8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{36089193-15E1-4FB6-814C-DB857D544E64}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3651D324-4194-4E28-AE67-7F2C1F29D14B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3663F82B-1C17-436D-8D45-439303B5C25B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{36703031-6799-40E6-844E-B7AEEA3E578A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{372E794E-555A-40EA-BD65-0BEEC913BBB0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{385D179F-BC50-4680-8E15-A24821E171EC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{385E317C-6890-4F73-B3C7-351E81A73266}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{391644BF-003D-413A-A50A-315C9894C85C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{391CCA34-77AC-4A2F-8A7C-1717634E51A6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{39DC77BC-FA39-40C9-8095-09C5E4775089}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3A006B37-C580-4254-AB5C-32DE3FEFEC4E}" = protocol=6 | dir=in | app=c:\program files\landesk\ldclient\tmcsvc.exe |
"{3A050BFF-3F43-4792-BC75-97F799F3A91D}" = protocol=6 | dir=in | app=c:\program files\landesk\shared files\residentagent.exe |
"{3B250D1B-F785-4FD6-B50A-1694CC264A3E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3BA3A810-1742-4C41-8136-BA3E21F104F8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3C39450F-BD2D-4465-B074-7374C0294ABA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3E37DC28-071F-4782-8D7F-2555CCA1AB7A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3EE8FE1D-41EF-418C-A578-9D9311D12F70}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{3FBD40F4-D5CE-458C-9CB4-2FBBA8E50BE8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{407E7C8E-9094-475D-83C1-3ECC8AF32664}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{40FB1E66-FA06-4E3D-B96A-AFF6C9F3D180}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4128BAB1-C536-4C66-A950-63187620A356}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{414D3BD2-F486-47A7-8F53-C0436E3972AA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{42074181-AF9B-4C02-AC2B-28A57E9B054D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{421F0C56-F7EC-460A-AA56-582F6DD96172}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{432A8198-E41A-46C2-997B-F6EDCA228688}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{433E1A4C-2ACC-4BDE-B00D-A4D088EC7514}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4370759A-1DA0-426C-A536-2F09A5DF496E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{44535615-0097-44B0-933F-4699F3AFA7F4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{46A24E88-DE53-4100-9F44-D0985A322764}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{46EDB4B9-CF98-48A5-8795-3DA9B93EF9C8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4708CB53-42AF-4473-B3F6-766272462C4D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{47D26B16-B080-49C8-9758-7EFE69E88151}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{484FEB38-C3FD-4051-9C63-FD4CB761DADA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{48A53C61-9D8D-4355-9768-AF201B956296}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{49B237C3-0692-4F8E-93EF-4DDC6177147B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4AC213AF-B2EF-4795-8A6C-A91F0CB73267}" = protocol=6 | dir=in | app=c:\windows\system32\cba\pds.exe |
"{4AC61F87-240F-468E-858E-C0C3E9E25B11}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4AC63256-D679-4D2A-988C-5331655DC547}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4ADE98B7-36D2-4253-B35C-48008987E188}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4B1DC7F8-41EC-4825-8ACA-65A307EE05BA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4CCB4125-CAC6-4901-BA49-3183A2559EC9}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4D06076B-EA2C-4132-ACE6-8B46E18F5722}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{4DB8274D-F2D1-4B97-AE3D-BC8BC70B1E0C}" = protocol=6 | dir=in | app=c:\windows\system32\msgsys.exe |
"{4F058045-7172-4A12-AA82-4C0B9AF54A5D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{4FB23A22-374C-49FE-B172-EC220020296E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5021819F-CAA9-48F1-8BC6-795E2A867679}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5171E725-0C6C-4462-B194-BA88E9B8EF9B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{52047BFD-8EBF-46AD-9983-35FF45B00E27}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{527E2D3E-93A4-46F4-92B4-CD67201851FF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{53D44585-0457-4B93-A071-4F8CE8D7954B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{53E90769-9DE5-4158-900F-5F9F8621F319}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5406F03D-5F4E-4401-9D95-3E31E1878308}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{555F0E87-36F2-49D2-9108-01174A0AB715}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{56444E1A-BD7A-4390-BA8E-79D471F8825D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5693F038-CF89-41EE-BF69-2CFD56778397}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{57209553-13D1-43A8-BBE1-C0915D552149}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{578E132E-A5CF-4247-98F9-774BECF233C7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5824C284-246C-4642-8798-DADDEEFA022C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5939E220-A70B-4B08-8C56-31B65BE3CAAA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5B8CA405-B8F6-49A0-8251-D2F9F518B506}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5DBA7EB5-4826-427A-8658-32032454EF47}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5E9494FC-C8B0-45AA-82E8-0B23CA39CF60}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5EFBA0E1-0D77-4E7E-A00B-86BD37FED16D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{5F8A3FDF-09B5-4898-BA31-9440198B4CA7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{600FD429-47AB-4FA5-AA27-4A2F734139A3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6014F392-CF8B-4D52-957E-52B424605075}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{60544D6E-56FD-4E89-9D12-8E5CDA9888E6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6131B2DF-F8B6-4E57-8BD3-29360B9E028E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{61D173AC-C0A1-40C4-B7CC-475BB4CF8752}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{620C52CA-265B-4702-B9CB-E8D31A285CC0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{624E075C-C35D-4003-ADF1-92CB5124CBA5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{626D7E23-857B-46F5-845E-AD88E667E5A6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{62A723F5-C92D-4FCA-8C22-E68D22890911}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{632EB03B-ABF8-4DE3-ACF7-FB5D08001F8C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{635EB91B-9555-4AFC-8CBF-02EB5D970ABA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{64C4E59F-4AAB-424D-B5D9-CC07EAC15DC6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{64D13915-0721-4C22-B9F7-8A0E9D762DEA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{64E91B32-368F-429A-BED0-06686EA24319}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65597E87-1304-4350-B328-7DDBA2940995}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{657357C3-839D-4654-B2EA-09E1F9FBD44E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{65D6E6D8-3410-414A-AE4E-89294B947442}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67341DE7-010C-4878-A8E8-5FAD6F4AED1A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6755BD26-588B-4CE0-B285-5C680AF886F7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{695F49F9-107F-41E9-9D22-2954C230543E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6987998F-4C06-48C0-96B2-5860ED31F81E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6998E659-1C24-408F-8CEA-6E3C0D99C078}" = protocol=6 | dir=in | app=c:\windows\system32\msgsys.exe |
"{69E460B0-3469-41C4-9195-2F2B0D6AADEF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{69F0F088-30C4-433D-B2C5-0DC4E8DA1380}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{69FA7A80-F9FA-4C09-B9C4-B99CD9E179DF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6A59F132-359D-405C-B7D5-8045757C1988}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6AA26F87-E902-4738-BD72-4E8F517D2ABD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6B638D4A-19F6-4B77-9F10-AB9F544FFF44}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6B7D6030-94D5-4AA0-90E1-7C9BD2043FF0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6BE25A95-E0C6-445E-8E46-BA6956E7043D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6C599704-91F4-468D-8C74-6BAB979F5054}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6CE810A9-51AE-4E84-ACB9-2CB93F124F31}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6E39AA87-33F7-4DDD-8109-8020322D7188}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6E78BDE8-A3C1-44CB-9039-273D7692C2D6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6EAF004D-BBD8-4ABA-B750-87245A81B4CB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6F235C6A-F41B-4943-A16C-968B75A23E70}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6F509C56-76CC-4604-9419-25CBB92F9D15}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{6FE7E978-9882-4C39-A79D-DAEC57C87736}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{70E9527D-D838-491A-B52B-AE0342A2FE6F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{712E60BA-7A2B-4304-BC4B-9F462C06E359}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{74805F4B-E3A0-41D2-9A67-09A60F87201C}" = protocol=6 | dir=in | app=c:\windows\system32\cba\pds.exe |
"{74CCE1A0-3CFE-4485-AF17-52BB3E57F0C7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{757B56CB-1C8E-454F-B52D-C6685F291BB5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{76F2A84A-B4D4-41A4-88E6-8B893D20172F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{770373BD-7488-49B1-BF4D-F21289C1D579}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{77199567-ADD1-4CE4-934C-4C982FB41C83}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{773D8D0E-9773-42F4-B3BC-1F2F08A4D0F6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{774B44D3-09DA-46B4-A0DE-AD3C6CCD430A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{777773B1-CEEC-4460-9C96-DFD80954DA8C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{77AAAEEB-DC13-4AD6-B513-A95D5A2C6EF3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{78199E43-19A8-4368-B06B-2C8E36499BA2}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{7948E235-0CD4-4143-8274-7D7E7B5985B7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7AC27FA8-C36F-43F2-9AFE-C594E0C31551}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7B240ACC-4AC3-4814-8E97-7EC2494BC705}" = protocol=17 | dir=in | app=c:\program files\landesk\ldclient\issuser.exe |
"{7CAFFE7F-6112-46A8-B74B-DA74309AF341}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7CB630AE-1693-426B-A046-42D0196FC3CB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7D13A7E1-EBED-467B-AE86-2CA534BFF81D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7D14F6C2-0A1A-4224-9225-2394000521C2}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7D3E26AC-674C-4968-A7A1-BC4954BD5E27}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7D706A1A-9D16-4683-B502-659A91EF151A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7D9D9641-49BC-4BC8-9695-6324EA4A3B10}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7E65E41F-5FF3-41ED-BC03-6DA9651BA734}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{7FCA139E-38F2-4DF9-B880-09D0BAA51F5E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{802B27EC-E428-46BD-8AF4-052A75CF8BDD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{807119CE-282F-4102-B196-80297BF3B456}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{80D39B9D-AA25-4785-AF7A-FF05A6C3F063}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8146CCA0-B091-41E5-8BD7-98A96F8B2AD1}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{81953DCD-B4C9-4400-A806-DFA3A52C2232}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{81BCBB00-31B4-4146-A119-569C33AF00ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{81BFBAFB-10DC-4B20-84B0-A9C4787FDC5C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{820C0FB6-A4BF-427B-8962-261E17415F70}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8227E9A4-0840-4258-9EF6-F4B9F7DB5B98}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{82474D09-4EBD-468B-A250-B41D26BBD17C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8281EEB1-C70D-4E6E-B5F3-48EC859D4541}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{829DCCC4-1ED8-4804-9603-F7FCCFB558F6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{830F9BA3-63EF-4AFE-9889-4BE36800CB6D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8353C738-C3C3-43C5-8C0E-ABA352208053}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{83CDB63C-22AF-447D-B837-8B655DB1A9B4}" = protocol=17 | dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{852298C9-C701-45BD-99F7-8BF58F7D0EC6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{85E97207-FCF0-489D-B77C-0DAE8B5EECBB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8601EE85-39D2-4308-9353-F6810A2455EB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{860931FA-9F32-48B7-B3C2-CB416C55FB8A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{87D7C2B8-D73B-4E68-A65B-F1B1E6D364DB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{88483B4C-5DD4-429B-90C7-DC5424C1A218}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{886CFAE2-4525-4B51-A346-814957C02174}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{887591DC-8177-46BD-BB9E-DF6D8F140547}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |

pjoseph · Jun 5, 2013

"{89683D50-01B5-4FC8-A7F0-203518DD5772}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{89CDFE1A-3A5F-4834-AEC0-7AE367DB6BE1}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8A23B706-D0A8-47B2-B0CB-D916EC4DAA73}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8A5A16D0-37B6-4521-97BE-238F4BDE6D94}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8A6253BE-4E41-4749-AE92-9F0C881D2AD7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8A7FCDA4-B72A-4ED3-81F7-CCC6FFDCB072}" = protocol=17 | dir=in | app=c:\program files\landesk\ldclient\tmcsvc.exe |
"{8ADDBD49-F1FC-41D8-B409-D3C69A27EF3C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8B67F362-AC5B-4E56-9E5D-4E2248244A4E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8BAD463B-5A1B-4ECB-B1EB-70804630CD1B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8BAE3830-02D2-43AB-AF5E-4B2239744253}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8BE49284-2E3A-4D2B-A9E8-D187DE20374E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8C1DF1FC-12B2-49E6-9D3D-E773630C295D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8C374EBE-D2E6-44F7-A500-DFAA3F1CAF5B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8C7B55D2-20A4-4F64-9465-58EEFF201D42}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8CC11961-04E0-47B4-87ED-7A0CA4F2A324}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8DB9E59E-5456-448F-AE96-F9B8C812CDA1}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8DBA2B59-50A8-4AD1-9024-719ED6BFB7A0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8DCF4509-7EF9-4351-85EA-01DCE6746B7F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8DDA5BB6-5039-4A1C-95E5-2B6AF3738CBD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8E696B0D-7ED4-4F6D-8DAB-54C4AB53AC74}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{8E6C93FB-0DDD-4867-B177-D9FB16EDA1CC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{90AF31F2-A205-4858-98B7-F2D7C4C6535E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{90CCBA6D-F1BE-4CFE-B994-B182CEA69774}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{90E40ABF-76ED-4138-9835-30F407BEA4FE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{91F3399E-12A7-4EE0-AE1B-53CD42ECC119}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{92A8A811-98A5-4168-B03B-B1C0AACF6BC2}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{930EC1D1-68A1-434C-8FCF-CD9C73785D0D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{93458E25-F57D-4ECE-8E6E-E309218F9CFF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{93C0EFB7-388C-4F3A-B2B8-BE8ABF754D0B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{94130B0E-1618-44BF-A5B9-264EF8DEBEE4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{942BDFB8-98A4-43F2-B895-A68CBECA3FB1}" = protocol=6 | dir=in | app=c:\program files\landesk\ldclient\issuser.exe |
"{9462FF36-82B7-4022-8085-3E86D02FD601}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{949CE9EA-211E-4697-A791-19973F7A30A1}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{94B9D449-D1F2-44EA-A3F0-AC82B555CB9D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{94CF61B9-1778-456E-9417-03763392DD66}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9610BF29-16EB-4102-A73C-788824F51C52}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{961AB7D4-3217-457B-91F1-D94E4137D81A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9629EEE5-49B8-425F-BEBF-534B2DD5D408}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9761DC5B-0171-402B-89A4-CCC9B32BF79B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{97FFC9AD-A033-4434-A996-A7C9C4E593ED}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{981B89EB-B33A-49AC-BEC0-38123EBA369E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{993398D2-746C-4985-BFB1-58477D976AEB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{99AA6265-DC75-4A5F-B481-94F5E5C41791}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9ABAB18C-BE00-427A-9D7D-4E7A5A456D5B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9AE273FB-F322-4B19-8392-5C8EA38726FE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9B371E2F-BEDF-4DE7-96A0-0DD7D9083865}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9B42C3E8-7DA4-42AB-B363-AA66C5BFB7DF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9B606B4C-F770-4F8B-BFDF-8640EFFFEA3D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9BF13A90-A16F-44F5-8B5D-0B42BD128E3D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9C0FB3B6-BD8A-4E50-9E3C-8679072E5F4A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{9C874F97-7668-4580-BEB7-D970E5A1FA46}" = protocol=17 | dir=in | app=c:\program files\landesk\shared files\residentagent.exe |
"{9DEE79AF-A3DA-4318-B10A-EAB72BA97FE3}" = protocol=17 | dir=in | app=c:\program files\landesk\shared files\residentagent.exe |
"{9FA539E7-DD43-4AD1-BFB7-37E4EF43D0DB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A0CA18C7-02EC-4EE1-89F8-5AFCDB15A898}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A0CD777B-63A3-40C2-BB0C-3D757425A907}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A13B8025-16F1-41B0-828C-51917C0DD446}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A2CC60DE-9045-4BF0-9902-9E8C35777440}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A3B6CF9F-E8F0-4EA7-9E0B-58C9DED3F291}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A40CE7D8-9447-446B-B461-7E0EFB259E38}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A438D6E2-EBA1-40C9-8C34-31FB77AA4D11}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A453D269-1A72-49E3-B551-C76B9E3E8470}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A67F707C-B6E9-43BE-AB98-79005C1C31E4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A691667B-D1F1-4E1E-A8D9-64EE34B31E80}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A8CCA27C-7ECD-402D-AE8D-0603F4FA8BEB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{A8E458E8-21B3-4431-8093-4F5DCB655B32}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AAF36821-7889-4549-95DE-9ECF371409D5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AB9AF333-F395-4A8C-84E0-DC8B870A4AFD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AC6A4045-7CEF-4E13-A96C-40EBED150B13}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{ACC5FF04-73B0-4CCB-BCB2-4D3BF0BC26A3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AD81B575-4C77-4BA1-9850-7118257D35E2}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AE4F958E-28D4-470C-93EE-EE9F1124949E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AE80E7B8-A095-45F3-9E52-B01C897C118B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AE8E9D89-1A08-4CA6-BB2B-AE997ECEA5CC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{AE927CBA-243C-4446-A06B-8C4936E43803}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B0B81B11-F831-4DE6-9580-546A41681AEF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B0F645BA-D524-470C-B3EF-6194C1AA50F7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B1CD5204-BF6C-46AD-A859-C5FF65391AB3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B24CF060-08C7-4723-82C0-1B57818DDFF0}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B34ACB97-9071-4E66-8009-A97FFDC0D596}" = protocol=6 | dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B3DB6F80-1AE1-4B40-B0F3-62B12E3698E5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B419F1E8-CD44-4B96-925E-A850D6CD58F4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B4414C2E-316A-4C74-BDE0-44091907A7B9}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B4CE53E6-A80C-4115-A4B1-9B95586A42C7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B559281A-0A95-4BD3-9EC8-90F83DDB86B4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B58808EF-E854-472C-A45A-21D7DD7E9796}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B5C3D4DF-F453-4784-BEEA-B059D53862CC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B74E7C50-B780-4870-988D-FA1EC04D1151}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B86617E2-BE30-427D-BAB8-96C1F3A75BD7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B8EC37F3-3EBA-4015-B2CE-E35325A6F1F2}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B9CFC2E5-9A5C-4CAF-BCB7-83DBC2C484AC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B9D2C737-CAEA-4F86-A775-DC38CD8400C3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{B9D635E9-B79F-4F5B-AC56-B3A5E4E5F9C5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BA42C20B-7B1B-4757-BB04-28236018054B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BA8A467C-1A63-4FE9-AACF-935842389B6F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BB145C99-2285-4FED-A3A6-33E7F5CAC365}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{BB73182F-5689-403F-9D9A-59C5E48DB33F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BB8748D1-4CEE-4850-8E5B-122F0FD66520}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BB934299-F504-471D-8C95-D151F63B6653}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BBDEB19D-121D-4CC9-9B09-9AFD3073538A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BC2BC886-B27A-48E1-88B2-AA02029AF299}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BCFD4DCF-A7A0-49B5-A44B-69AC41EF1157}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BDD29D8F-4C4B-46EC-A74B-6E226CAF2CEA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BE37322F-7BE2-4A0C-BDDC-F664FD362186}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BEE72BB1-322F-473D-B70E-C303837601C4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{BF49403C-E227-4CD1-82A7-E1066C45FE68}" = protocol=17 | dir=in | app=c:\windows\system32\cba\pds.exe |
"{C003FD06-148B-4682-AFD5-D3DD43BC1853}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C033FDFD-0C6C-4E36-88A2-3EB76A942470}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C207033C-52CA-4AB3-825B-278823A2D6DC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C2296429-44BE-4EE4-B002-C06088712CF7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C22D1637-FD30-4AC1-9F76-220842B4C636}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C316696F-678B-42EB-9E17-FC01020BDDC9}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C35C4E62-EBC9-4A03-B9DB-2B8DF53B1C24}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C3672D3D-7C64-4ECE-B2C9-4D0B8467BC9E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C48423A4-4687-4B38-890B-D9BC12F7B6E6}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C49A035A-026B-437E-9D7B-92361464E60B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C4FCBF96-1895-45CE-853F-0C9E423E690A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C5911570-6375-4835-975B-5BE583C8C6BE}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{C5F7BA32-A43D-4ECB-A5BF-7F53625593E4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C5F93183-4CFC-43D4-9074-41492BF80F3C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C644E8DF-0A93-47ED-B57F-FC1CC21C423D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C65B95B3-3085-49F4-9E52-97AAE1AF63F4}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C688E02F-15D9-4C28-A6F2-69E79F2AD6A7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C6E90432-B88C-4B08-A884-F2422342AB68}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C6EEEE89-45FE-4C05-A9C2-B493462FA6D7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C7B09878-7B1E-4315-9E96-DF05DC70B33B}" = protocol=6 | dir=in | app=%windir%\system32\msgsys.exe |
"{C86B1424-E968-4DFA-802B-7E7910907AEA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C9406863-5113-4980-B17B-BF52A5A92E1F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C9555B6D-B4C8-40AA-B214-89529619C1C8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C977F309-F252-44AA-9397-0703FCCF6D3A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{C9A5BF5C-4D71-4530-9639-4F58B13DBEE5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CA17DF26-D3D2-4FB8-9EE7-5949DEF3932C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CA2E89B4-5C5B-42F9-AE50-F6C9AA9EAED8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CA416FA4-5C60-4BC3-BE0C-1DE59ECA2660}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CA4DA257-6873-457F-895E-EAFBBB160F22}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CACBDECB-3729-416F-84CE-DF250C3C8903}" = protocol=1 | dir=in | name=icmp echo request |
"{CBA76533-CDD6-4CD9-961E-69AF2EAC8AE3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CCC87E54-980D-40EE-A1D9-4E64DF8445BE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CDF398BD-37C0-4CE9-AFF5-D35482F470E8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CE257A63-8845-47E6-B150-5126D2C2508B}" = protocol=6 | dir=in | app=c:\program files\landesk\ldclient\tmcsvc.exe |
"{CEA6767B-5C89-46F9-BD87-F54848C32DF9}" = protocol=17 | dir=in | app=c:\program files\landesk\ldclient\tmcsvc.exe |
"{CF599B9D-71E6-49CF-BD84-09122A9679A2}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CF71772C-9F64-403A-B4FC-086B9455C1D7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{CFFCA174-5FD7-4C7F-9B58-41B788E828D8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D01F15AF-64D6-447F-AFB9-DE782EDC480A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D02C207D-F452-4867-B3E7-0D6521D29692}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D0F1322C-C1CA-4B0F-8D1D-794FE4FA2A9F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D179A736-8925-4DC6-8E27-0821FCFEFE9E}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D1B2CB97-521C-4FAF-AABC-7D9BFA643FCD}" = protocol=6 | dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D30B980F-5068-4C08-8782-BF29BFA3AF8F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D3C4DCCD-ED95-4F0F-8278-6DF84ADAF1D3}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D44CB58E-F11B-4290-914B-D5954950C1FC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D523574D-50DC-4A9D-9D34-A323968F0F4C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D76B1D81-0401-4A63-91D5-D1FE52CC8190}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D7F2AA57-DDAB-4C93-8583-2F298FBBA023}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{D8A121F0-ED33-4D94-AFA1-6461BBB26510}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DB1B3CE5-15D1-411C-B1F3-EC575B00F0F7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DBB6EDC6-A44D-4CA1-B1AC-5FF96D9629B8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DD97F9CE-4062-4A4D-809B-86FC64801DCA}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DEAECCC4-72F4-4575-8FA1-85CEFD656B41}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DEB0F798-0494-4568-B41B-2EA2E7EC09BE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{DEF60C17-EF03-46A7-8348-E9B51E9CE192}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E2D4D387-1730-4FB2-B476-BE3554416A24}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E31A1187-7DED-4FD8-B440-624F5B303488}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E3DA1C61-A643-4DF2-9C0F-29B9B6BB8B1C}" = protocol=6 | dir=in | app=c:\program files\landesk\shared files\residentagent.exe |
"{E3F75B6E-DEED-49F0-AEDC-9F634E1A1ABE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E41D766A-9EAF-49EE-ACFC-C46612F6288F}" = protocol=17 | dir=in | app=c:\program files\landesk\ldclient\issuser.exe |
"{E424D753-60AA-4D9B-9FDC-71F02E7A892C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E461790A-3802-4850-B4C9-B8BA6F396872}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E4FA25A9-AC55-4ADC-8F7C-279BEE4B7267}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E577512A-B004-4121-9E33-E3E165C9974C}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E63BE4D4-FBBC-416D-88A8-0AC7727C4299}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E6B5B714-E756-46E1-9460-7CC6DC0978AC}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E6D963AF-F15D-4500-AF26-F5DB19F175DB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E6F6F28F-5511-411D-B98C-204C92109D89}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E7227DBC-EB00-4912-8453-B42D56BC38D7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E8D60069-9F9C-4A47-8520-85148221CFA5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E9A55880-7235-476A-A96F-AF0CC1A59B97}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{E9F87649-7774-4DDA-9F6C-C3F1AB076EEE}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{EA823494-FC3B-459A-A95E-70B6E619E5D7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EB6B4300-7710-46CF-81B4-842DA209C53A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EC01DEA2-ACF9-49BE-B071-DBDA66DC1731}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{ECD4EACD-6056-44AC-98FE-DF454E90D20E}" = protocol=6 | dir=in | app=c:\windows\system32\cba\pds.exe |
"{ECE8E0CA-E30F-4F68-9EDE-693F958630CD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{ED629F5E-CC40-4B1D-9B84-C7EDDC5FBD81}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EDABC246-A740-45F3-A7F6-5E7A6C5100CB}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EDC3E70F-3E83-4C62-9CE6-AC04A0DFA59F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EE8BB662-5A80-4503-8E92-82E057ABDB2D}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EEA38EE0-B71C-45E7-9022-801AF4C47C0D}" = protocol=6 | dir=in | app=c:\program files\landesk\shared files\residentagent.exe |
"{EEC2E2AE-9B41-4C0C-BE39-CDB735DD200F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{EF18F855-EC93-42E3-88BD-B6E5A1E509EF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F00E8A0D-742C-4D78-AB78-3C53478D61AE}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F0A2501F-D947-4EF0-8EEC-2BCF2EE3E2BD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F0B0B034-9A2B-47F3-93F2-03ABF9211619}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F29FD20F-4F4D-4C08-9C91-91171EDB791B}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F2A95492-E44D-4884-B727-519FE2718162}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F4C5D60B-5D41-4D7C-AF99-3E0AF479284A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F4D2484F-3134-43FF-A055-FC9669E38DCF}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F5ED899B-CBA7-4C05-9053-736FEC936916}" = protocol=17 | dir=in | app=c:\windows\system32\msgsys.exe |
"{F5FF6E5D-DF38-421F-B172-04386C13EF0A}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F7CAB5DB-95B1-46D2-AA08-03442881B626}" = protocol=17 | dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F8168023-8816-493C-909E-AF0E2B2D599F}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F8ADE412-87E9-40BD-9A28-37308496CEC5}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F933E038-F6F7-4B8F-B14B-D3B6E07842E7}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{F954A079-3DA1-4483-9A4E-B34FEA600E96}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FAE2F2F2-26D7-4161-874F-4791D4060091}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FB96F776-E070-4BAC-8040-77BAFB962E21}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FC2FB216-6426-4AE2-A018-07C89A277554}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FE0292AB-25C5-4718-96E4-69DE928464BD}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FE6C2B83-48E2-443B-A5D3-D235373049EB}" = protocol=6 | dir=in | app=c:\program files\landesk\ldclient\tmcsvc.exe |
"{FF7ADD4C-477B-48F2-9046-59B8306F26D9}" = dir=in | app=e:\itunes.exe |
"{FF7B0AD3-D367-4766-B5BA-6108F4D573E8}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |
"{FFA470F2-749F-44C9-9B6B-4862D04D1835}" = dir=in | app=c:\program files\mandiant\mandiant intelligent response agent\miragent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2D2675BF-358D-44B3-AAB6-72D069B305B9}" = LANDesk Advance Agent
"{31B33270-24D7-4307-84F2-A3288636B83A}" = Check Point Endpoint Security - Full Disk Encryption
"{35CC2635-60EB-451F-BECB-4F5B25FABE6D}" = Nuance PDF Converter Professional 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{5783F2D7-A009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2012 - English
"{5783F2D7-A009-0409-1002-0060B0CE6BBA}" = AutoCAD LT 2012 Language Pack - English
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{945F844A-769E-37E3-A945-FEF421298C60}" = Multi-Targeting Pack for the Microsoft .NET Framework 4.0.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{AC76BA86-1033-0000-BA7E-000000000005}" = Adobe Acrobat X Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DE889CC8-F305-4C4C-BAE0-EF626E45CB9D}" = Symantec Endpoint Protection
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{EBDEC0A3-B98A-4BBE-96F4-6669869E66DC}" = MANDIANT Intelligent Response Agent
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7D011B7-EF6B-4FCF-9571-44D60282329A}" = Microsoft AntiXSS v4.2.1
"{FA8FCCB3-0BFC-4730-9C7F-68270287C968}" = Cisco AnyConnect Diagnostics and Reporting Tool
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"AutoCAD LT 2012 - English" = AutoCAD LT 2012 - English
"CameraUserGuide-PSELPH100HS_IXUS115HS" = Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Digital Editions" = Adobe Digital Editions
"DWG TrueView 2008" = DWG TrueView 2008
"ENP messaging screen saver" = ENP messaging screen saver
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.1.15
"GoToAssist" = GoToAssist Corporate
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"RUMBA 95 NT DeinstKey" = RUMBA 2000
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"sp6" = Logitech SetPoint 6.52
"VLC media player" = VLC media player 1.1.11
"X10Hardware" = X10 Hardware(TM)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2013 2:28:41 PM | Computer Name = enpusreml0278.emrsn.org | Source = SceCli | ID = 1001
Description = Security policy cannot be propagated. Cannot access the template. Error
code = 3. \\emrsn.org\SysVol\emrsn.org\Policies\{CAC32F26-2360-4B1C-802D-20F0D835C771}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf.

Error - 6/4/2013 2:28:41 PM | Computer Name = enpusreml0278.emrsn.org | Source = SceCli | ID = 1001
Description = Security policy cannot be propagated. Cannot access the template. Error
code = 3. \\emrsn.org\sysvol\emrsn.org\Policies\{A851EDAB-8798-4358-A4DB-9BF020E1CF6F}\Machine\Microsoft\Windows
NT\SecEdit\GptTmpl.inf.

Error - 6/4/2013 2:28:41 PM | Computer Name = enpusreml0278.emrsn.org | Source = Group Policy Registry | ID = 100737026
Description = The client-side extension could not apply computer policy settings
for 'NPAMRAP_Workstation General Settings {CAC32F26-2360-4B1C-802D-20F0D835C771}'
because it failed with error code '0x80070035 The network path was not found.'%100790275

Error - 6/4/2013 5:24:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/4/2013 5:24:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2370888

Error - 6/4/2013 5:24:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2370888

Error - 6/4/2013 9:39:11 PM | Computer Name = enpusreml0278.emrsn.org | Source = Application Error | ID = 1000
Description = Faulting application name: ZeroConfigService.exe, version: 15.1.1.2,
time stamp: 0x4f7468fc Faulting module name: PfMgrApi.dll, version: 15.1.1.0, time
stamp: 0x4f7467bf Exception code: 0xc0000005 Fault offset: 0x000709a4 Faulting process
id: 0x25cc Faulting application start time: 0x01ce614e87a82b56 Faulting application
path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path:
C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll Report Id: b8233334-cd80-11e2-901b-5c260a8047d6

Error - 6/4/2013 9:53:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/4/2013 9:53:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 76503

Error - 6/4/2013 9:53:10 PM | Computer Name = enpusreml0278.emrsn.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 76503

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 6/4/2013 2:09:27 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:09:27 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport:

ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:30 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
357 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:30 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:30 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport:

ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:38 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:38 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport:

ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 6/4/2013 2:28:38 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1023 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 6/4/2013 2:28:38 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
859 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 6/4/2013 2:28:38 PM | Computer Name = enpusreml0278.emrsn.org | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
192 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ Media Center Events ]
Error - 11/23/2011 11:47:42 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 7:47:42 AM - Error connecting to the internet. 7:47:42 AM - Unable
to contact server..

Error - 11/23/2011 11:48:03 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 7:47:47 AM - Error connecting to the internet. 7:47:47 AM - Unable
to contact server..

Error - 12/23/2011 1:41:01 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 9:40:49 PM - Error connecting to the internet. 9:40:49 PM - Unable
to contact server..

Error - 1/4/2012 12:47:59 PM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 8:47:59 AM - Error connecting to the internet. 8:47:59 AM - Unable
to contact server..

Error - 1/4/2012 12:48:08 PM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 8:48:04 AM - Error connecting to the internet. 8:48:04 AM - Unable
to contact server..

Error - 1/13/2012 4:17:16 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 12:17:16 AM - Error connecting to the internet. 12:17:16 AM - Unable
to contact server..

Error - 1/13/2012 4:17:26 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 12:17:21 AM - Error connecting to the internet. 12:17:21 AM - Unable
to contact server..

Error - 1/16/2012 3:02:24 PM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 11:02:24 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 1/17/2012 11:27:37 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 7:27:37 AM - Error connecting to the internet. 7:27:37 AM - Unable
to contact server..

Error - 1/17/2012 11:27:47 AM | Computer Name = enpusreml0278.emrsn.org | Source = MCUpdate | ID = 0
Description = 7:27:42 AM - Error connecting to the internet. 7:27:42 AM - Unable
to contact server..

[ OSession Events ]
Error - 5/3/2012 10:20:59 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/3/2012 10:21:12 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/3/2012 10:21:31 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/13/2012 10:59:00 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2549
seconds with 420 seconds of active time. This session ended with a crash.

Error - 8/11/2012 4:49:17 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84909
seconds with 840 seconds of active time. This session ended with a crash.

Error - 11/10/2012 4:45:47 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 23592
seconds with 9480 seconds of active time. This session ended with a crash.

Error - 4/30/2013 10:54:24 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 286
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/1/2013 12:14:26 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2452
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/6/2013 12:43:34 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 238
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/7/2013 12:05:29 AM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40898
seconds with 10680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/4/2013 4:31:15 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 6/4/2013 5:25:46 PM | Computer Name = enpusreml0278.emrsn.org | Source = TermService | ID = 1067
Description =

Error - 6/4/2013 5:28:08 PM | Computer Name = enpusreml0278.emrsn.org | Source = TermService | ID = 1067
Description =

Error - 6/4/2013 6:06:17 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 6/4/2013 7:42:19 PM | Computer Name = enpusreml0278.emrsn.org | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain EMRSN due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/4/2013 7:42:20 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 6/4/2013 9:29:20 PM | Computer Name = enpusreml0278.emrsn.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 6/4/2013 9:39:15 PM | Computer Name = enpusreml0278.emrsn.org | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Zero Configuration Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 6/4/2013 9:55:02 PM | Computer Name = enpusreml0278.emrsn.org | Source = TermService | ID = 1067
Description =

Error - 6/4/2013 9:57:37 PM | Computer Name = enpusreml0278.emrsn.org | Source = TermService | ID = 1067
Description =

< End of report >

pjoseph · Jun 5, 2013

no idea, i did do a complete shutdown when you previously told me to,
should i remove any of the 5 threats the program found?

thanks again

help with fbi lockout screen virus Please

Administrator

Member

Administrator

Member

Administrator

Member

Administrator

Administrator

Member

Administrator

Member

Administrator

Member

Member

Administrator

Administrator

Member

Member

Member

Member