Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible bugs


  • This topic is locked This topic is locked

#1
Reddoug

Reddoug

    Member

  • Member
  • PipPipPip
  • 291 posts

Hi

 

Helping a friend out with his computer. This computer had popups, Norton found and remove some stuff before it was brought to me. Haven't had any popups that I have seen. I have run MBAM and it found some PUPs. Ran ADWcleaner and Hitman pro. Hitman found proxy server 127.0.0.1:14932 and some PUP's

Helping to make sure computer is clean. You guys have been a big help in the past.

 

Thanks, Doug

 

OTS logfile created on: 7/5/2014 7:31:16 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Casey\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16921)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.42 Gb Total Space | 621.21 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VANTURMAN
Current User Name: Casey
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
ots.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | M] (OldTimer Tools)
n360.exe -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe -> [2014/05/23 17:20:17 | 000,265,040 | R--- | M] (Symantec Corporation)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -> [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation)
mbamscheduler.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -> [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation)
mbam.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe -> [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated)
nat.exe -> C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -> [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation)
tsleepsrv.exe -> C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe -> [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation)
ccsvchst.exe -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -> [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation)
symcpcculaunchsvc.exe -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -> [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation)
intelmefwservice.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation)
jhi_service.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation)
 
[Modules - No Company Name]
grooveintlresource.dll -> C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll -> [2014/06/17 07:43:42 | 008,890,536 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(ClickToRunSvc)  [Auto | Running] -> C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -> [2014/05/21 03:28:26 | 002,279,608 | ---- | M] (Microsoft Corporation)
64bit-(LSM)  [Unknown | Running] -> C:\Windows\SysNative\lsm.dll -> [2014/04/12 04:08:17 | 000,439,808 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [Unknown | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2014/03/29 03:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation)
64bit-(WSService)  [Unknown | Running] -> C:\Windows\SysNative\WSService.dll -> [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation)
64bit-(TMachInfo)  [On_Demand | Running] -> C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2013/07/31 12:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation)
64bit-(Wcmsvc)  [Auto | Running] -> C:\Windows\SysNative\wcmsvc.dll -> [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation)
64bit-(DsmSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\DeviceSetupManager.dll -> [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation)
64bit-(netprofm)  [On_Demand | Running] -> C:\Windows\SysNative\netprofmsvc.dll -> [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation)
64bit-(BrokerInfrastructure)  [Unknown | Running] -> C:\Windows\SysNative\bisrv.dll -> [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation)
64bit-(AudioEndpointBuilder)  [Auto | Running] -> C:\Windows\SysNative\AudioEndpointBuilder.dll -> [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation)
64bit-(TimeBroker)  [Unknown | Running] -> C:\Windows\SysNative\TimeBrokerServer.dll -> [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation)
64bit-(SystemEventsBroker)  [Unknown | Running] -> C:\Windows\SysNative\SystemEventsBrokerServer.dll -> [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation)
64bit-(wlidsvc)  [On_Demand | Running] -> C:\Windows\SysNative\wlidsvc.dll -> [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation)
64bit-(PrintNotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -> [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation)
64bit-(fhsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\fhsvc.dll -> [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation)
64bit-(TOSHIBA eco Utility Service)  [Auto | Stopped] -> C:\Program Files\Toshiba\Teco\TecoService.exe -> [2012/08/24 19:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation)
64bit-(THAccelSvc)  [Auto | Running] -> C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -> [2012/08/10 15:56:26 | 000,214,488 | ---- | M] (TOSHIBA CORPORATION)
64bit-(TPCHSrv)  [On_Demand | Running] -> C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -> [2012/07/28 11:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation)
64bit-(WiaRpc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wiarpc.dll -> [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(svsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\svsvc.dll -> [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NcaSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\NcaSvc.dll -> [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation)
64bit-(NcdAutoSetup)  [On_Demand | Stopped] -> C:\Windows\SysNative\NcdAutoSetup.dll -> [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-(EFS)  [Unknown | Running] -> C:\Windows\SysNative\efssvc.dll -> [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation)
64bit-(DeviceAssociationService)  [Auto | Running] -> C:\Windows\SysNative\das.dll -> [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation)
64bit-(AllUserInstallAgent)  [On_Demand | Stopped] -> C:\Windows\SysNative\AUInstallAgent.dll -> [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation)
64bit-(vmicvss)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(vmictimesync)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(vmicshutdown)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(vmicrdv)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(vmickvpexchange)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(vmicheartbeat)  [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation)
64bit-(Intel(R) Capability Licensing Service Interface)  [Auto | Running] -> C:\Program Files\Intel\iCLS Client\HeciServer.exe -> [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation)
64bit-(TODDSrv)  [Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation)
(N360) Norton Security Suite [Unknown | Running] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe -> [2014/05/23 17:20:17 | 000,265,040 | R--- | M] (Symantec Corporation)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -> [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation)
(MBAMScheduler) MBAMScheduler [Auto | Running] -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -> [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated)
(NAT) Norton Anti-Theft [Unknown | Running] -> C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -> [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation)
(cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/08/08 06:58:38 | 000,276,288 | ---- | M] (Intel Corporation)
(StorSvc) Storage Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\StorSvc.dll -> [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation)
(PCCUJobMgr) Common Client Job Manager Service [Unknown | Running] -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -> [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation)
(Norton PC Checkup Application Launcher) Norton PC Checkup Application Launcher [Auto | Running] -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -> [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation)
(UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation)
(NOBU) Norton Online Backup [Auto | Running] -> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -> [2012/07/11 11:47:04 | 003,939,008 | ---- | M] (Symantec Corporation)
(Intel(R) ME Service) Intel(R) ME Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation)
(jhi_service) Intel(R) Dynamic Application Loader Host Interface Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation)
(GamesAppService) GamesAppService [On_Demand | Stopped] -> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -> [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.)
 
[Driver Services - Safe List]
64bit-(MBAMSwissArmy) MBAMSwissArmy [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -> [2014/07/05 19:26:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation)
64bit-(MBAMWebAccessControl) MBAMWebAccessControl [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\mwac.sys -> [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation)
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\mbam.sys -> [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation)
64bit-(WdBoot) Windows Defender Boot Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\WdBoot.sys -> [2014/03/28 14:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation)
64bit-(WdFilter) Windows Defender Mini-Filter Driver [File_System | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\WdFilter.sys -> [2014/03/23 17:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symefa64.sys -> [2014/03/03 23:18:12 | 001,148,120 | ---- | M] (Symantec Corporation)
64bit-(SymNetS) Symantec Network Security WFP Driver [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symnets.sys -> [2014/02/17 20:32:41 | 000,593,112 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\srtsp64.sys -> [2014/02/12 20:59:49 | 000,875,736 | ---- | M] (Symantec Corporation)
64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\nuidfltr.sys -> [2014/01/07 09:02:04 | 000,029,904 | ---- | M] (Microsoft Corporation)
64bit-(dc3d) MS Hardware Device Detection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\dc3d.sys -> [2014/01/07 08:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation)
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -> [2013/12/09 10:31:52 | 000,177,752 | ---- | M] (Symantec Corporation)
64bit-(WFPLWFS) Microsoft Windows Filtering Platform [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\wfplwfs.sys -> [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation)
64bit-(spaceport) Storage Spaces Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\spaceport.sys -> [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation)
64bit-(USBHUB3) SuperSpeed Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\USBHUB3.SYS -> [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation)
64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\ironx64.sys -> [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation)
64bit-(ccSet_N360) N360 Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\ccsetx64.sys -> [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation)
64bit-(SymELAM) Symantec ELAM Driver [Kernel | Boot | Stopped] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symelam.sys -> [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation)
64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symds64.sys -> [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\srtspx64.sys -> [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation)
64bit-(dam) Desktop Activity Moderator Driver [Kernel | System | Stopped] -> C:\Windows\SysNative\Drivers\dam.sys -> [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation)
64bit-(TPM) TPM [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\tpm.sys -> [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation)
64bit-(ccSet_NAT) Norton Anti-Theft Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys -> [2013/07/29 12:24:22 | 000,150,104 | R--- | M] (Symantec Corporation)
64bit-(GPIOClx0101) Microsoft GPIO Class Extension Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\msgpioclx.sys -> [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation)
64bit-(USBXHCI) USB xHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\USBXHCI.SYS -> [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation)
64bit-(UCX01000) USB Controller Extension [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UCX01000.SYS -> [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\sdbus.sys -> [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation)
64bit-(BthAvrcpTg) Bluetooth Audio/Video Remote Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -> [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation)
64bit-(storahci) Microsoft Standard SATA AHCI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\storahci.sys -> [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation)
64bit-(pdc) pdc [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\pdc.sys -> [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation)
64bit-(msgpiowin32) GPIO Buttons Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\msgpiowin32.sys -> [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation)
64bit-(bthhfhid) Bluetooth Hands-Free Call Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BthhfHid.sys -> [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation)
64bit-(hidi2c) Microsoft I2C HID Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\hidi2c.sys -> [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation)
64bit-(FxPPM) Power Framework Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\fxppm.sys -> [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\rdpvideominiport.sys -> [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation)
64bit-(sdstor) SD Storage Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\sdstor.sys -> [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\evbda.sys -> [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\bxvbda.sys -> [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -> [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\SynTP.sys -> [2012/08/16 17:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated)
64bit-(SmbDrvI) SmbDrvI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -> [2012/08/16 17:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated)
64bit-(THAccel) THAccel [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\THAccel.sys -> [2012/08/10 12:56:56 | 000,131,520 | ---- | M] (TOSHIBA CORPORATION)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\igdkmd64.sys -> [2012/08/06 09:36:12 | 008,987,456 | ---- | M] (Intel Corporation)
64bit-(Thotkey) Toshiba Hotkey Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\Thotkey.sys -> [2012/07/31 14:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(iaStorA) iaStorA [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\iaStorA.sys -> [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation)
64bit-(condrv) Console Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\condrv.sys -> [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation)
64bit-(VSTXRAID) VIA StorX Storage Controller Windows Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\VSTXRAID.SYS -> [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation)
64bit-(VerifierExt) VerifierExt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\VerifierExt.sys -> [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation)
64bit-(UASPStor) USB Attached SCSI (UAS) Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\uaspstor.sys -> [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation)
64bit-(acpiex) Microsoft ACPIEx Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\acpiex.sys -> [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation)
64bit-(mvumis) mvumis [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\mvumis.sys -> [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\stexstor.sys -> [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\lsi_sas2.sys -> [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation)
64bit-(LSI_SSS) LSI_SSS [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\lsi_sss.sys -> [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\HpSAMD.sys -> [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company)
64bit-(EhStorTcgDrv) Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -> [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation)
64bit-(EhStorClass) Enhanced Storage Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\EhStorClass.sys -> [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdsbs.sys -> [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.)
64bit-(3ware) 3ware [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\3ware.sys -> [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdsata.sys -> [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdxata.sys -> [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices)
64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\Drivers\clfs.sys -> [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation)
64bit-(vpci) Microsoft Hyper-V Virtual PCI Bus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\vpci.sys -> [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation)
64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\terminpt.sys -> [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation)
64bit-(WSDPrintDevice) WSD Print Support [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\WSDPrint.sys -> [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation)
64bit-(mshidumdf) Pass-through HID to UMDF Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\mshidumdf.sys -> [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation)
64bit-(BasicDisplay) BasicDisplay [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\BasicDisplay.sys -> [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation)
64bit-(HyperVideo) HyperVideo [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\HyperVideo.sys -> [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(BasicRender) BasicRender [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\BasicRender.sys -> [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(gencounter) Microsoft Hyper-V Generation Counter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\vmgencounter.sys -> [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(kdnic) Microsoft Kernel Debug Network Miniport (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\kdnic.sys -> [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation)
64bit-(acpitime) ACPI Wake Alarm Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\acpitime.sys -> [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation)
64bit-(npsvctrig) Named pipe service trigger provider [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\npsvctrig.sys -> [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation)
64bit-(WpdUpFltr) WPD Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\WpdUpFltr.sys -> [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation)
64bit-(acpipagr) ACPI Processor Aggregator Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\acpipagr.sys -> [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-(hyperkbd) hyperkbd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\hyperkbd.sys -> [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation)
64bit-(SerCx) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\SerCx.sys -> [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation)
64bit-(SpbCx) Simple Peripheral Bus Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\SpbCx.sys -> [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\TsUsbGD.sys -> [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation)
64bit-(BthHFEnum) Bluetooth Hands-Free Audio and Call Control HID Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\bthhfenum.sys -> [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\dmvsc.sys -> [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\TsUsbFlt.sys -> [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation)
64bit-(wpcfltr) Family Safety Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\wpcfltr.sys -> [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation)
64bit-(NdisImPlatform) Microsoft Network Adapter Multiplexor Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\NdisImPlatform.sys -> [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation)
64bit-(MsLldp) Microsoft Link-Layer Discovery Protocol [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\mslldp.sys -> [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation)
64bit-(Ndu) Windows Network Data Usage Monitoring Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\Ndu.sys -> [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation)
64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\TVALZ_O.SYS -> [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation)
64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\tdcmdpst.sys -> [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.)
64bit-(TVALZFL) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\TVALZFL.sys -> [2012/07/21 17:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation)
64bit-(L1C) NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\L1C63x64.sys -> [2012/07/13 16:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.)
64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\FwLnk.sys -> [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation)
64bit-(MEIx64) Intel(R) Management Engine Interface  [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\HECIx64.sys -> [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation)
64bit-(RTWlanE) Realtek Wireless LAN 802.11n PCI-E Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\rtwlane.sys -> [2012/06/29 21:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation                           )
64bit-(RTL8192Ce) Realtek Wireless LAN 802.11n PCI-E NIC Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\rtwlane.sys -> [2012/06/29 21:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation                           )
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\IntcDAud.sys -> [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation)
64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\tos_sps64.sys -> [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation)
64bit-(ccSet_NARA) NARA Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -> [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140705.001\ex64.sys -> [2014/06/30 21:06:01 | 002,099,288 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140705.001\eng64.sys -> [2014/06/30 21:06:01 | 000,126,040 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2014/06/11 06:58:06 | 000,486,192 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2014/06/11 06:58:06 | 000,142,128 | ---- | M] (Symantec Corporation)
(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -> [2014/05/09 20:07:23 | 001,530,160 | ---- | M] (Symantec Corporation)
(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140703.001\IDSviA64.sys -> [2014/03/26 11:50:34 | 000,525,016 | ---- | M] (Symantec Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://toshiba13.msn.com ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://toshiba13.msn.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Search Page" ->  ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.comcast.net/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN\] -> [2014/07/05 19:28:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF] -> [2013/12/10 20:57:47 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2012/07/26 00:26:49 | 000,000,824 | ---- | M] - 21 lines) -> C:\windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Lync Browser Helper] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll [Norton Identity Protection] -> [2014/04/28 07:51:08 | 000,916,320 | R--- | M] (Symantec Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2014/06/09 18:18:00 | 000,256,456 | ---- | M] (Google Inc.)
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2014/06/17 07:44:09 | 002,335,960 | ---- | M] (Microsoft Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Lync Browser Helper] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll [Norton Identity Protection] -> [2014/04/28 07:51:07 | 000,654,176 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll [Norton Vulnerability Protection] -> [2014/02/20 23:45:55 | 000,392,344 | R--- | M] (Symantec Corporation)
{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] ->  [Updater For XFIN_PORTAL] -> File not found
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2014/06/17 07:44:03 | 001,730,264 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll [Norton Toolbar] -> [2014/04/28 07:51:08 | 000,916,320 | R--- | M] (Symantec Corporation)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll [Norton Toolbar] -> [2014/04/28 07:51:07 | 000,654,176 | R--- | M] (Symantec Corporation)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" ->  [] -> File not found
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\windows\system32\hkcmd.exe] -> [2012/08/08 06:58:20 | 000,398,656 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\windows\system32\igfxtray.exe] -> [2012/08/08 06:58:32 | 000,170,304 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\windows\system32\igfxpers.exe] -> [2012/08/08 06:58:26 | 000,440,640 | ---- | M] (Intel Corporation)
"SRS Premium Sound HD" -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe ["C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h] -> [2012/08/19 21:30:30 | 002,170,784 | ---- | M] (SRS Labs, Inc.)
"TCrdMain" -> C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [%ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe] -> [2012/08/13 21:43:42 | 002,608,040 | ---- | M] (TOSHIBA Corporation)
"TecoResident" ->  [C:\Program Files\TOSHIBA\Teco\TecoResident.exe] -> File not found
"TODDMain" -> C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe] -> [2012/08/04 17:01:56 | 000,213,136 | ---- | M] ()
"TosWaitSrv" -> C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe] -> [2012/07/11 15:54:06 | 000,356,776 | ---- | M] (TOSHIBA Corporation)
"TSleepSrv" -> C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe [C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe] -> [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.)
"Norton Online Backup" -> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe] -> [2012/07/11 11:48:20 | 002,995,904 | ---- | M] (Symantec Corporation)
"ToshibaAppPlace" -> C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe ["C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"] -> [2010/09/23 13:03:36 | 000,552,960 | ---- | M] (Toshiba)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"NoActiveDesktop" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"EnableCursorSuppression" ->  [1] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2014/06/17 07:36:04 | 025,701,536 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2014/06/17 07:36:04 | 025,701,536 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Button: Send to OneNote] -> [2014/06/17 07:43:56 | 000,615,128 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2014/06/17 07:43:56 | 000,615,128 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Button: Lync Click to Call] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Menu: Lync Click to Call] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2014/06/17 07:44:00 | 000,578,264 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2014/06/17 07:44:00 | 000,578,264 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Button: Send to OneNote] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Button: Lync Click to Call] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation)
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Menu: Lync Click to Call] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2014/06/17 07:44:39 | 000,467,160 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2014/06/17 07:44:39 | 000,467,160 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{539A2830-12ED-41F0-8128-2732C01ACB8A}\\DhcpNameServer -> 192.168.254.254   (Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)) ->
{8082A7BD-9D52-4602-A29B-303B1812B027}\\DhcpNameServer -> 192.168.254.254   (Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\windows\explorer.exe -> [2013/06/01 06:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2012/07/25 22:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\windows\SysNative\SystemPropertiesPerformance.exe -> [2012/07/25 22:08:48 | 000,082,944 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\windows\SysWow64\explorer.exe -> [2013/06/01 05:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
userinit.exe -> C:\windows\SysWow64\userinit.exe -> [2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\windows\SysNative\igfxdev.dll -> [2012/08/06 09:36:18 | 000,439,296 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
livessp ->  -> File not found
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0AE8EE16-8BC2-4FD2-8714-B8720201EA02} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{1101BCC2-BFDF-4B13-A4DC-4359DF2C79C4} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
{14D052E1-9361-40D1-93A7-4CBD8246438E} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{1D0679E7-6BB9-48C4-A34F-BD3A87DFF007} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{3B6DB83B-63FE-4C77-B834-2E30428A87FF} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{4CA52156-2BB9-4CC5-83DB-34E73CDA4F93} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{57CD342D-8F77-41D9-A8ED-83E1F8167276} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{6B98EDA0-CAE6-483B-B631-C7CE63F015B2} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{74218798-CF66-43A7-A3C9-D8CFA4C277C0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
{7D75C920-D361-4610-9F2D-DEC119EB6608} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{80A23B66-0313-4174-83CC-A33F322A58B9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) |
{8CF9127C-91D4-4E14-A32A-2EF1DC92F801} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{97DCFDDE-BFDF-4219-8908-3EE7C4D873DA} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
{A377D49C-93CA-434F-8D2C-762A061D8C3C} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
{A96835FD-1C67-4BA7-A670-E1AA3ADB4CF2} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system |
{AEA47C3A-8991-43D1-991C-8CA5D040A8F4} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system |
{BF7E7EF6-B4A9-4813-99A6-A029BF731382} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{C278AF23-CB33-4AD2-9766-8DB8B66F2B1A} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{C3CB10CA-7BFC-4233-AB17-BCBF5F1A5CB5} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{CB369AB9-00FA-430A-8447-D8F33E58529B} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{CFEEAF84-2B28-4D8D-B4D0-A3F1A0E8454D} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{DC371F7E-A884-4D0A-A13F-6C121DFC2B6C} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system |
{ED8E71CD-9D55-4CA3-9A00-B8C13E88D5B7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) |
{F6BDB2AD-F261-4F35-9688-7E39DAA06778} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{FA974ED8-DB8A-4162-9E50-953470CF3FB8} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{FEB7ED31-A273-4E33-982A-A283290A92A5} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{00D37076-AA25-4CDA-972F-62E161E5D0FA} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{01865CBB-CA5E-4524-A043-2AD5018CF367} -> profile=domain | dir=out | action=allow | name=deals & offers |
{04A75DE7-5C95-423C-8315-96E2A1132AA1} -> profile=private | protocol=6 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs2479\hpdiagnosticcoreui.exe |
{04D7FE1C-223B-43EB-AF1C-445448CBBE8B} -> profile=domain | dir=out | action=allow | name=hulu plus |
{088B00DA-95D9-4587-98A7-C70662690621} -> profile=public | protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe |
{08AEC667-9EB9-40E8-A2B0-DCAE81CCCF9E} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
{09FA97F5-EE67-4E8D-9FF6-C7DA322C36B4} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{0A1EC10A-6C21-4F75-AFD4-FEB0C6050154} -> profile=domain | dir=out | action=allow | name=winzip |
{0C1EBD56-4987-4206-B787-B1C04A7673E5} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
{0C3BF455-400E-4D7D-BA4D-722092843574} -> profile=domain | dir=out | action=allow | name=- games app - |
{0D8A5E60-812C-45B8-BD98-8132A4C32733} -> profile=domain | dir=out | action=allow | name=vimeo |
{11610526-5372-41B8-8B76-31EEACD768F0} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
{13FDE399-A104-417E-B996-BA18A0B554EE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{1CF01B7D-2780-4791-8CE9-3FAE8F7A60E8} -> profile=private | protocol=17 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs2479\hpdiagnosticcoreui.exe |
{1D3173AE-1DC0-47C1-B15D-72FAAF5B39BB} -> profile=domain | dir=out | action=allow | name=icookbook se |
{1DDA2706-524B-49C7-BB3E-05477BDECAFE} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{28A8DD11-2486-433B-B604-BFD73E028EFF} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{29974710-A595-48C5-9BA8-C5A1850913E8} -> profile=domain | dir=out | action=allow | name=icookbook se |
{2E5AB8AA-D46E-44BE-A116-BA7E42AB118A} -> profile=domain | dir=out | action=allow | name=ebay |
{31111A94-C6C6-470B-95E4-322EED84A0E6} -> profile=domain | dir=out | action=allow | name=norton studio |
{35296BAC-DA50-43BA-8C1E-2A21D134C3DC} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
{3A08AF19-D95F-478A-B62C-186A5330FC44} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
{3C32F072-EE68-491C-A329-CF78258D8654} -> profile=domain | dir=out | action=allow | name=book place |
{3D042F24-511A-4D4D-8CB9-5DDF8E592690} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{4277BA8B-C738-4384-9C30-B2CC273D68F1} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{432C232B-2252-40D6-BB0C-68824316E597} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
{4384A9ED-73AC-44B2-9C3A-A91AC12D0751} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
{4449992E-9FB7-4572-BAEA-359C3372B3CD} -> profile=private | protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe |
{49AAFBA7-1CEA-4476-83CA-93C7B2B5AA06} -> profile=domain | dir=out | action=allow | name=iheartradio |
{4D257096-9854-43EC-B105-09B65129BA9C} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{510D8207-0CA5-43BF-890E-75F4D765BBC1} -> profile=domain | dir=in | action=allow | name=ebay |
{53BB6FF5-47CE-42E1-A1B6-4719B6CDB160} -> profile=domain | dir=in | action=allow | name=toshiba media player by smedio truelink+ |
{597A8948-946A-4AA8-ADEA-5BA43038FFCA} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
{5A4F3AAD-5999-4AA3-BCCE-2C1039FD3C4D} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
{5B9BBBC2-2CCA-4C5F-A45A-812F0BB7FF10} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{5D69B7FD-3B8B-41AE-AF10-5CC50277703A} -> profile=domain | dir=out | action=allow | name=skype |
{5F7F3610-4C05-43B2-9A69-B1DB554F6BB2} -> profile=domain | dir=out | action=allow | name=deals & offers |
{606EEE95-5559-41B9-B532-46397120E3B5} -> profile=domain | dir=out | action=allow | name=norton studio |
{618F236B-F9EF-42F1-95F8-75AF67BEE5D8} -> profile=domain | dir=out | action=allow | name=toshiba media player by smedio truelink+ |
{63360F44-B396-4326-B551-57275DC67178} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
{634D3675-0685-4678-A2E9-828AFE35D64C} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{645FB1A5-2886-447C-BEA6-570F23901BCD} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{65044C02-6C2A-46D7-A288-ADCFF8C7F662} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
{661BF13D-2495-470E-88AF-0F7A111E3324} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{67C8BB22-423B-469E-96ED-B04A04A8F12A} -> profile=private | protocol=17 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs215c\hpdiagnosticcoreui.exe |
{683D64C9-65CA-436B-A109-F3CA4BA059CE} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
{6B8020BD-F96F-45D8-BAA9-9E313894B01D} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{6BD1D196-A046-475C-B6C4-59FC34A103F3} -> profile=domain | dir=out | action=allow | name=merriam-webster dictionary |
{6CA9EF51-944F-4317-A242-F7E5ABB714C1} -> profile=domain | dir=in | action=allow | name=toshiba media player by smedio truelink+ |
{7077F10C-4377-437F-A3AD-66B19B8A72C5} -> profile=domain | dir=out | action=allow | name=merriam-webster dictionary |
{7124542B-C08C-4F38-9913-43734E6761DB} -> profile=domain | dir=in | action=allow | name=hp printer control |
{7664E9B7-4446-4FFA-9151-D1B862FD6061} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{7B7EB468-1D30-426D-B692-64F352827A0C} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{7C1AA0B8-7409-4583-B6DB-A2946D72228D} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
{7E5DBB05-0355-4949-82AD-F29CA9CD7D0A} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{808F1451-4108-46FD-ADBB-F17324B5F0BD} -> profile=domain | dir=out | action=allow | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{8231F956-6EEC-4F96-AA87-317369A0F485} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
{82A4EBF3-3DD5-4FE4-BA91-25E01FDF35A3} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{8510376E-3ADC-4144-938B-464C06E6AA8A} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
{8A3717BB-405B-49A1-8929-804C8F0C91B1} -> profile=private | protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe |
{8C218A76-F9B0-4996-B126-175D3963F32D} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
{8C489F30-4338-484E-A78B-BC56FB7F918B} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{8D71CF4F-F2EA-400F-9C1B-9D5F38BA0019} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
{8DCCD9A1-54D8-4D56-A182-740E0BA5AF50} -> profile=domain | dir=out | action=allow | name=encyclopaedia britannica |
{9034B92E-D3E8-4608-986B-F1871FC9C336} -> profile=domain | dir=out | action=allow | name=news place |
{933DDE42-6F66-410A-AB90-5740102FC349} -> profile=domain | dir=out | action=allow | name=encyclopaedia britannica |
{9785D2CC-588E-4809-9AD8-1266E80C3DC9} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe |
{996F6F8D-53FF-48E4-8DA7-9418B51118EE} -> profile=domain | dir=out | action=allow | name=news place |
{9A06772E-7BA4-44C6-8EC3-4B6171D9BD40} -> profile=domain | dir=out | action=allow | name=netflix |
{9AB68142-8C80-405B-978C-780EC61D4184} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
{9DB4562C-0E9F-4D37-99E6-A85728A2A2CF} -> profile=domain | dir=in | action=allow | name=skype |
{A1D443E6-B0F0-47B2-A6BC-6D53E96268E5} -> profile=domain | dir=out | action=allow | name=hulu plus |
{A6030A3E-2C39-4870-A8C4-941E2381555E} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{A90A59FF-BF97-4BF5-BAC8-F9938540F642} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{AAEE2E2A-3921-4665-B7A5-41E3D1E076CD} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{AB4E3DA2-D3E4-4249-B9E7-C38166A52679} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{ABD7C207-C5CF-431A-8BA1-AB320594C1D5} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{AD6F6695-876C-4E1C-93AB-5A24096EF135} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{AF6C0E12-7718-4F00-B8A9-E5FA2B6D126A} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{B155F8B6-ABCB-4398-8350-ECABFB95C37F} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
{B19D9DD9-45D6-4945-96BA-44DD70EF3E40} -> profile=domain | dir=out | action=allow | name=amazon for windows |
{B1FFE2EE-69E2-4E26-9132-BED1109EEBC5} -> profile=domain | dir=out | action=allow | name=amazon |
{B3697FEF-3ED4-4763-AE92-8D078C2DE380} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe |
{B4FDDD36-A2D8-45D4-8406-62304B8CA97D} -> profile=domain | dir=out | action=allow | name=stumbleupon |
{B6012906-C2DD-4DE8-B060-30A368BA1406} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe |
{BA9428DE-1170-4791-B892-C57D63093B31} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
{BB23E9A7-834E-4ED1-B8E3-A7E2F164E150} -> profile=domain | dir=out | action=allow | name=vimeo |
{BB6B8DC8-A7AA-4B00-8F41-B65ADD1393CE} -> profile=domain | dir=out | action=allow | name=toshiba media player by smedio truelink+ |
{C3E7F810-C47E-48AE-93B0-2F365AC92234} -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires iii | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
{C42C9C11-7201-4803-8F22-D676678AA92C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
{C6CD1ED6-8A6E-4212-8A57-6C6A28DC9FE0} -> profile=domain | dir=out | action=allow | name=stumbleupon |
{C8FA63FE-09DB-47F6-AA03-458702E77290} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{CC11B8BD-43DF-4D29-BCEE-8F2962ED3492} -> profile=domain | dir=out | action=allow | name=toshiba central |
{CD15E40D-5CE7-48E8-993A-9E4109CD0375} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
{D23CBAB6-585E-439E-A4ED-FCDC79CC02FE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system |
{D2A5D207-D141-4119-8C87-7639069BE77D} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
{D40626E2-CB06-4F1A-8605-AA05431F3AA5} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
{D449057C-9769-45D7-BF03-196BAA391236} -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires iii | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
{D4B57171-48D2-4DFC-BC5B-F263B81FCC20} -> profile=domain | dir=out | action=allow | name=iheartradio |
{D5E9F646-E749-413E-A042-57B7158833B5} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.zunemusic_1.5.214.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
{DAF19B3F-AB39-431F-B153-9FBEFB3F400C} -> profile=public | protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe |
{DD19A53A-3CB9-4659-AF0E-79D32F7D3570} -> profile=domain | dir=out | action=allow | name=book place |
{E03317F6-4EDC-46EF-A73E-C91CFA606887} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{E0C82861-3B00-4808-A240-C49E1FBE4DA7} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{E7985E1D-C36F-4787-80A8-6350D07E9266} -> profile=domain | dir=in | action=allow | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
{E80A9C95-2664-491C-B944-3E75A49881A2} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
{E8235609-D419-4324-BFEE-723F0507AE81} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
{E8887946-678D-4EFE-B09B-EA49AEAB79AC} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 |
{E9F7AF3A-DC90-4D12-B574-534BD16B016A} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
{EB6FFC70-57B7-4098-BCE8-B96F206779FC} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
{EBFA4315-CF8C-4704-A1F0-A6A007C98C05} -> profile=domain | dir=out | action=allow | name=ebay |
{F0946E1D-6207-4582-B96A-5526CA2E7376} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{F2F67478-570C-4398-944B-8B63D7BDC1E4} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{F35737F7-98C3-43A7-9524-112D63B1888C} -> profile=domain | dir=out | action=allow | name=hp printer control |
{F5D327E7-9598-48F9-A5CD-0F1C67E6AF79} -> profile=domain | dir=out | action=allow | name=toshiba central |
{F9A987D9-82F9-4183-A940-3EC1DE1D8388} -> profile=domain | dir=in | action=allow | name=amazon for windows |
{FB149523-1F1E-48B5-A683-8A2A6F14D694} -> profile=domain | dir=out | action=allow | name=- games app - |
{FC335A2D-4EDD-45F7-BC52-C7E1548C5D0F} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{FC580799-6EA2-4A9E-A850-0720F3CA430D} -> profile=domain | dir=out | action=allow | [email protected]{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
{FF824EDE-66AA-4115-8A59-5A070598E22C} -> profile=domain | dir=out | action=allow | name=netflix |
{FFA928CE-3E67-4C64-95F5-89D076D60F88} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{FFF19288-2F84-4828-82A7-94B807746267} -> profile=domain | dir=in | action=allow | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
{FFF44B28-29E8-452A-8A98-49B2E208E292} -> profile=private | protocol=6 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs215c\hpdiagnosticcoreui.exe |
TCP Query User{50A7BDC6-FA73-4DB9-8261-F5F191723F64}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=private | protocol=6 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
TCP Query User{87FC5BCB-DAF6-4C24-9AEA-139076931952}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=public | protocol=6 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
UDP Query User{8DE18A2C-7ABC-4ADE-907B-4C5E0156FB51}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=public | protocol=17 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
UDP Query User{F06A9C48-BF6D-4451-845E-028F72CE8CA9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=private | protocol=17 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> @cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver ->
"ImagePath" ->  [\SystemRoot\System32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | C] (OldTimer Tools)
 HitmanPro -> C:\ProgramData\HitmanPro -> [2014/07/05 18:57:40 | 000,000,000 | ---D | C]
 AdwCleaner -> C:\AdwCleaner -> [2014/07/04 14:55:50 | 000,000,000 | ---D | C]
 MBAMSwissArmy.sys -> C:\windows\SysNative\drivers\MBAMSwissArmy.sys -> [2014/07/04 14:38:38 | 000,122,584 | ---- | C] (Malwarebytes Corporation)
 mbamchameleon.sys -> C:\windows\SysNative\drivers\mbamchameleon.sys -> [2014/07/04 14:37:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation)
 mwac.sys -> C:\windows\SysNative\drivers\mwac.sys -> [2014/07/04 14:37:55 | 000,064,216 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2014/07/04 14:37:55 | 000,025,816 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes Anti-Malware -> C:\Program Files (x86)\Malwarebytes Anti-Malware -> [2014/07/04 14:37:55 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2014/07/04 14:37:55 | 000,000,000 | ---D | C]
 SoftwareDistribution -> C:\windows\SoftwareDistribution -> [2014/06/30 20:27:33 | 000,000,000 | ---D | C]
 SMR410 -> C:\ProgramData\SMR410 -> [2014/06/30 18:15:55 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Users\Casey\AppData\Local\Apple Computer -> [2014/06/28 14:47:41 | 000,000,000 | ---D | C]
 NPE -> C:\Users\Casey\AppData\Local\NPE -> [2014/06/28 14:44:55 | 000,000,000 | ---D | C]
 InstallSightSDK -> C:\ProgramData\InstallSightSDK -> [2014/06/28 09:04:25 | 000,000,000 | ---D | C]
 webinstr.sys -> C:\windows\SysNative\drivers\webinstr.sys -> [2014/06/20 21:25:28 | 000,057,528 | ---- | C] (Corsica)
 Google -> C:\Program Files\Google -> [2014/06/09 18:08:07 | 000,000,000 | ---D | C]
 Google -> C:\Users\Casey\AppData\Local\Google -> [2014/06/09 18:03:49 | 000,000,000 | ---D | C]
 Google -> C:\Program Files (x86)\Google -> [2014/06/09 18:03:44 | 000,000,000 | ---D | C]
 Common Files -> C:\ProgramData\Common Files -> [2014/06/09 17:58:49 | 000,000,000 | -H-D | C]
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | M] (OldTimer Tools)
 bootstat.dat -> C:\windows\bootstat.dat -> [2014/07/05 19:27:49 | 000,067,584 | --S- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/07/05 19:26:41 | 000,000,912 | ---- | M] ()
 MBAMSwissArmy.sys -> C:\windows\SysNative\drivers\MBAMSwissArmy.sys -> [2014/07/05 19:26:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation)
 BetterMarkIt_wd.job -> C:\windows\tasks\BetterMarkIt_wd.job -> [2014/07/05 19:26:37 | 000,000,408 | ---- | M] ()
 swapfile.sys -> C:\swapfile.sys -> [2014/07/05 19:25:45 | 268,435,456 | -HS- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2014/07/05 19:25:42 | 3338,846,208 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/07/05 19:23:23 | 000,000,916 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2014/07/04 14:38:00 | 000,001,113 | ---- | M] ()
 VT20140701.003 -> C:\windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003 -> [2014/07/01 04:23:42 | 000,040,105 | ---- | M] ()
 PerfStringBackup.INI -> C:\windows\SysNative\PerfStringBackup.INI -> [2014/06/30 09:13:30 | 000,848,230 | ---- | M] ()
 perfh009.dat -> C:\windows\SysNative\perfh009.dat -> [2014/06/30 09:13:30 | 000,719,418 | ---- | M] ()
 perfc009.dat -> C:\windows\SysNative\perfc009.dat -> [2014/06/30 09:13:30 | 000,132,748 | ---- | M] ()
 Msft_Kernel_webinstr_01009.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf -> [2014/06/20 21:25:34 | 000,000,000 | -H-- | M] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/06/20 21:25:28 | 000,000,258 | RHS- | M] ()
 Cat.DB -> C:\windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB -> [2014/06/15 18:26:25 | 002,701,284 | ---- | M] ()
 Msft_Kernel_dc3d_01011.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf -> [2014/06/12 09:18:39 | 000,000,000 | -H-- | M] ()
 Norton Security Suite.lnk -> C:\Users\Public\Desktop\Norton Security Suite.lnk -> [2014/06/12 09:09:11 | 000,002,451 | ---- | M] ()
 webinstr.sys -> C:\windows\SysNative\drivers\webinstr.sys -> [2014/06/10 04:46:14 | 000,057,528 | ---- | M] (Corsica)
 4 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp ->
 4 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp ->
 
[Files - No Company Name]
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2014/07/04 14:37:59 | 000,001,113 | ---- | C] ()
 Msft_Kernel_webinstr_01009.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf -> [2014/06/20 21:25:34 | 000,000,000 | -H-- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/06/20 21:25:28 | 000,000,258 | RHS- | C] ()
 Msft_Kernel_dc3d_01011.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf -> [2014/06/12 09:18:39 | 000,000,000 | -H-- | C] ()
 ApnDatabase.xml -> C:\windows\SysNative\ApnDatabase.xml -> [2014/06/12 09:18:14 | 000,387,268 | ---- | C] ()
 BetterMarkIt_wd.job -> C:\windows\tasks\BetterMarkIt_wd.job -> [2014/06/09 18:10:00 | 000,000,408 | ---- | C] ()
 GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/06/09 18:07:59 | 000,000,916 | ---- | C] ()
 GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/06/09 18:07:57 | 000,000,912 | ---- | C] ()
 SAH_Install.ini -> C:\ProgramData\SAH_Install.ini -> [2013/12/31 12:17:30 | 000,000,097 | ---- | C] ()
 OEMLicense.dll -> C:\windows\SysWow64\OEMLicense.dll -> [2013/09/10 15:03:53 | 000,083,968 | ---- | C] ()
 ISSRemoveSP.exe -> C:\windows\SysWow64\ISSRemoveSP.exe -> [2013/04/23 08:29:58 | 000,451,072 | ---- | C] ()
 igvpkrng700.bin -> C:\windows\SysWow64\igvpkrng700.bin -> [2012/08/06 09:36:22 | 000,598,780 | ---- | C] ()
 igdde32.dll -> C:\windows\SysWow64\igdde32.dll -> [2012/08/06 09:36:08 | 000,064,512 | ---- | C] ()
 igcodeckrng700.bin -> C:\windows\SysWow64\igcodeckrng700.bin -> [2012/08/06 09:36:06 | 000,755,048 | ---- | C] ()
 dssec.dat -> C:\windows\SysWow64\dssec.dat -> [2012/07/26 03:13:10 | 000,215,943 | ---- | C] ()
 NOISE.DAT -> C:\windows\SysWow64\NOISE.DAT -> [2012/07/26 03:13:09 | 000,000,741 | ---- | C] ()
 bootstat.dat -> C:\windows\bootstat.dat -> [2012/07/26 02:21:26 | 000,067,584 | --S- | C] ()
 BWContextHandler.dll -> C:\windows\SysWow64\BWContextHandler.dll -> [2012/07/25 20:17:42 | 000,043,520 | ---- | C] ()
 mib.bin -> C:\windows\mib.bin -> [2012/07/25 15:37:29 | 000,043,131 | ---- | C] ()
 msjetoledb40.dll -> C:\windows\SysWow64\msjetoledb40.dll -> [2012/07/25 15:28:31 | 000,364,544 | ---- | C] ()
 
[File - Lop Check]
 ID Vault -> C:\Users\Casey\AppData\Roaming\ID Vault -> [2013/10/13 16:47:25 | 000,000,000 | ---D | M]
 sMedio -> C:\Users\Casey\AppData\Roaming\sMedio -> [2013/08/25 18:19:38 | 000,000,000 | ---D | M]
 WinBatch -> C:\Users\Casey\AppData\Roaming\WinBatch -> [2013/08/24 09:14:05 | 000,000,000 | ---D | M]
 BetterMarkIt_wd.job -> C:\windows\Tasks\BetterMarkIt_wd.job -> [2014/07/05 19:26:37 | 000,000,408 | ---- | M] ()
 
[File - Purity Scan]
 
< End of report >

  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi Reddoug,

I apologize for the delay! If you still require help, kindly follow the below instructions.
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.

      SNBlQhy.png

    • Copy and paste the following into the Custom Scans/Fixes box:
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      rpcss.dll
      Userinit.exe
      svchost.exe
      /md5stop
    • Click Run Scan.
    • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
    • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Extras.txt (OTL)
    • OTL.txt (OTL)

  • 0

#3
Reddoug

Reddoug

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 291 posts

I do not have the computer any more.


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi Reddoug,

Oh, that's unfortunate. Please feel free to post a new thread or PM me if ever you come to acquire it again and we will gladly assist you. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP