Hi
Helping a friend out with his computer. This computer had popups, Norton found and remove some stuff before it was brought to me. Haven't had any popups that I have seen. I have run MBAM and it found some PUPs. Ran ADWcleaner and Hitman pro. Hitman found proxy server 127.0.0.1:14932 and some PUP's
Helping to make sure computer is clean. You guys have been a big help in the past.
Thanks, Doug
OTS logfile created on: 7/5/2014 7:31:16 PM - Run 1 OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\Casey\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16921) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free 5.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 687.42 Gb Total Space | 621.21 Gb Free Space | 90.37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VANTURMAN Current User Name: Casey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Quick Scan [Processes - Safe List] ots.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | M] (OldTimer Tools) n360.exe -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe -> [2014/05/23 17:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) mbamservice.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -> [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) mbamscheduler.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -> [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) mbam.exe -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe -> [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) nat.exe -> C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -> [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) tsleepsrv.exe -> C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe -> [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) ccsvchst.exe -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -> [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) symcpcculaunchsvc.exe -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -> [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) intelmefwservice.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) jhi_service.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Modules - No Company Name] grooveintlresource.dll -> C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll -> [2014/06/17 07:43:42 | 008,890,536 | ---- | M] () [Win32 Services - Safe List] 64bit-(ClickToRunSvc) [Auto | Running] -> C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -> [2014/05/21 03:28:26 | 002,279,608 | ---- | M] (Microsoft Corporation) 64bit-(LSM) [Unknown | Running] -> C:\Windows\SysNative\lsm.dll -> [2014/04/12 04:08:17 | 000,439,808 | ---- | M] (Microsoft Corporation) 64bit-(WinDefend) [Unknown | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2014/03/29 03:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) 64bit-(WSService) [Unknown | Running] -> C:\Windows\SysNative\WSService.dll -> [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) 64bit-(TMachInfo) [On_Demand | Running] -> C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -> [2013/07/31 12:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation) 64bit-(Wcmsvc) [Auto | Running] -> C:\Windows\SysNative\wcmsvc.dll -> [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) 64bit-(DsmSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\DeviceSetupManager.dll -> [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) 64bit-(netprofm) [On_Demand | Running] -> C:\Windows\SysNative\netprofmsvc.dll -> [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) 64bit-(BrokerInfrastructure) [Unknown | Running] -> C:\Windows\SysNative\bisrv.dll -> [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) 64bit-(AudioEndpointBuilder) [Auto | Running] -> C:\Windows\SysNative\AudioEndpointBuilder.dll -> [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) 64bit-(TimeBroker) [Unknown | Running] -> C:\Windows\SysNative\TimeBrokerServer.dll -> [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) 64bit-(SystemEventsBroker) [Unknown | Running] -> C:\Windows\SysNative\SystemEventsBrokerServer.dll -> [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) 64bit-(wlidsvc) [On_Demand | Running] -> C:\Windows\SysNative\wlidsvc.dll -> [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) 64bit-(PrintNotify) [On_Demand | Stopped] -> C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -> [2012/09/20 03:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) 64bit-(fhsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\fhsvc.dll -> [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) 64bit-(TOSHIBA eco Utility Service) [Auto | Stopped] -> C:\Program Files\Toshiba\Teco\TecoService.exe -> [2012/08/24 19:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) 64bit-(THAccelSvc) [Auto | Running] -> C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe -> [2012/08/10 15:56:26 | 000,214,488 | ---- | M] (TOSHIBA CORPORATION) 64bit-(TPCHSrv) [On_Demand | Running] -> C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -> [2012/07/28 11:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) 64bit-(WiaRpc) [On_Demand | Stopped] -> C:\Windows\SysNative\wiarpc.dll -> [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) 64bit-(svsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\svsvc.dll -> [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) 64bit-(NcaSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\NcaSvc.dll -> [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) 64bit-(NcdAutoSetup) [On_Demand | Stopped] -> C:\Windows\SysNative\NcdAutoSetup.dll -> [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-(EFS) [Unknown | Running] -> C:\Windows\SysNative\efssvc.dll -> [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) 64bit-(DeviceAssociationService) [Auto | Running] -> C:\Windows\SysNative\das.dll -> [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) 64bit-(AllUserInstallAgent) [On_Demand | Stopped] -> C:\Windows\SysNative\AUInstallAgent.dll -> [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) 64bit-(vmicvss) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(vmictimesync) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(vmicshutdown) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(vmicrdv) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(vmickvpexchange) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(vmicheartbeat) [On_Demand | Stopped] -> C:\Windows\SysNative\icsvc.dll -> [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) 64bit-(Intel(R) Capability Licensing Service Interface) [Auto | Running] -> C:\Program Files\Intel\iCLS Client\HeciServer.exe -> [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) 64bit-(TODDSrv) [Auto | Running] -> C:\Windows\SysNative\TODDSrv.exe -> [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) (N360) Norton Security Suite [Unknown | Running] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe -> [2014/05/23 17:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) (MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -> [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) (MBAMScheduler) MBAMScheduler [Auto | Running] -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -> [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) (AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) (NAT) Norton Anti-Theft [Unknown | Running] -> C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe -> [2013/10/11 14:12:42 | 000,232,424 | R--- | M] (Symantec Corporation) (cphs) Intel(R) Content Protection HECI Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\IntelCpHeciSvc.exe -> [2012/08/08 06:58:38 | 000,276,288 | ---- | M] (Intel Corporation) (StorSvc) Storage Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\StorSvc.dll -> [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) (PCCUJobMgr) Common Client Job Manager Service [Unknown | Running] -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -> [2012/07/23 13:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) (Norton PC Checkup Application Launcher) Norton PC Checkup Application Launcher [Auto | Running] -> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe -> [2012/07/23 13:42:46 | 000,123,320 | R--- | M] (Symantec Corporation) (UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) (NOBU) Norton Online Backup [Auto | Running] -> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -> [2012/07/11 11:47:04 | 003,939,008 | ---- | M] (Symantec Corporation) (Intel(R) ME Service) Intel(R) ME Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -> [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) (jhi_service) Intel(R) Dynamic Application Loader Host Interface Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -> [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) (GamesAppService) GamesAppService [On_Demand | Stopped] -> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -> [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Driver Services - Safe List] 64bit-(MBAMSwissArmy) MBAMSwissArmy [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -> [2014/07/05 19:26:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation) 64bit-(MBAMWebAccessControl) MBAMWebAccessControl [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\mwac.sys -> [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) 64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\mbam.sys -> [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) 64bit-(WdBoot) Windows Defender Boot Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\WdBoot.sys -> [2014/03/28 14:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) 64bit-(WdFilter) Windows Defender Mini-Filter Driver [File_System | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\WdFilter.sys -> [2014/03/23 17:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) 64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symefa64.sys -> [2014/03/03 23:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) 64bit-(SymNetS) Symantec Network Security WFP Driver [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symnets.sys -> [2014/02/17 20:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) 64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\srtsp64.sys -> [2014/02/12 20:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) 64bit-(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\nuidfltr.sys -> [2014/01/07 09:02:04 | 000,029,904 | ---- | M] (Microsoft Corporation) 64bit-(dc3d) MS Hardware Device Detection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\dc3d.sys -> [2014/01/07 08:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) 64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -> [2013/12/09 10:31:52 | 000,177,752 | ---- | M] (Symantec Corporation) 64bit-(WFPLWFS) Microsoft Windows Filtering Platform [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\wfplwfs.sys -> [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) 64bit-(spaceport) Storage Spaces Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\spaceport.sys -> [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) 64bit-(USBHUB3) SuperSpeed Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\USBHUB3.SYS -> [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) 64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\ironx64.sys -> [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) 64bit-(ccSet_N360) N360 Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\ccsetx64.sys -> [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) 64bit-(SymELAM) Symantec ELAM Driver [Kernel | Boot | Stopped] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symelam.sys -> [2013/09/09 21:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) 64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\symds64.sys -> [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) 64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\N360x64\1503000.00C\srtspx64.sys -> [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) 64bit-(dam) Desktop Activity Moderator Driver [Kernel | System | Stopped] -> C:\Windows\SysNative\Drivers\dam.sys -> [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) 64bit-(TPM) TPM [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\tpm.sys -> [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) 64bit-(ccSet_NAT) Norton Anti-Theft Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\NATx64\010A000.009\ccSetx64.sys -> [2013/07/29 12:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) 64bit-(GPIOClx0101) Microsoft GPIO Class Extension Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\msgpioclx.sys -> [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) 64bit-(USBXHCI) USB xHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\USBXHCI.SYS -> [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) 64bit-(UCX01000) USB Controller Extension [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UCX01000.SYS -> [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) 64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\sdbus.sys -> [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) 64bit-(BthAvrcpTg) Bluetooth Audio/Video Remote Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -> [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) 64bit-(storahci) Microsoft Standard SATA AHCI Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\storahci.sys -> [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) 64bit-(pdc) pdc [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\pdc.sys -> [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) 64bit-(msgpiowin32) GPIO Buttons Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\msgpiowin32.sys -> [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) 64bit-(bthhfhid) Bluetooth Hands-Free Call Control HID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BthhfHid.sys -> [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) 64bit-(hidi2c) Microsoft I2C HID Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\hidi2c.sys -> [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) 64bit-(FxPPM) Power Framework Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\fxppm.sys -> [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) 64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\rdpvideominiport.sys -> [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) 64bit-(sdstor) SD Storage Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\sdstor.sys -> [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\evbda.sys -> [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\bxvbda.sys -> [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -> [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\SynTP.sys -> [2012/08/16 17:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) 64bit-(SmbDrvI) SmbDrvI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -> [2012/08/16 17:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) 64bit-(THAccel) THAccel [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\THAccel.sys -> [2012/08/10 12:56:56 | 000,131,520 | ---- | M] (TOSHIBA CORPORATION) 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\igdkmd64.sys -> [2012/08/06 09:36:12 | 008,987,456 | ---- | M] (Intel Corporation) 64bit-(Thotkey) Toshiba Hotkey Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\Thotkey.sys -> [2012/07/31 14:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) 64bit-(iaStorA) iaStorA [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\iaStorA.sys -> [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) 64bit-(condrv) Console Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\condrv.sys -> [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) 64bit-(VSTXRAID) VIA StorX Storage Controller Windows Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\VSTXRAID.SYS -> [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) 64bit-(VerifierExt) VerifierExt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\VerifierExt.sys -> [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) 64bit-(UASPStor) USB Attached SCSI (UAS) Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\uaspstor.sys -> [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) 64bit-(acpiex) Microsoft ACPIEx Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\acpiex.sys -> [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) 64bit-(mvumis) mvumis [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\mvumis.sys -> [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\stexstor.sys -> [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\lsi_sas2.sys -> [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) 64bit-(LSI_SSS) LSI_SSS [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\lsi_sss.sys -> [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\HpSAMD.sys -> [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) 64bit-(EhStorTcgDrv) Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -> [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) 64bit-(EhStorClass) Enhanced Storage Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\EhStorClass.sys -> [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdsbs.sys -> [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) 64bit-(3ware) 3ware [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\3ware.sys -> [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdsata.sys -> [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\amdxata.sys -> [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) 64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\Drivers\clfs.sys -> [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) 64bit-(vpci) Microsoft Hyper-V Virtual PCI Bus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\vpci.sys -> [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) 64bit-(terminpt) Microsoft Remote Desktop Input Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\terminpt.sys -> [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) 64bit-(WSDPrintDevice) WSD Print Support [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\WSDPrint.sys -> [2012/07/25 21:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) 64bit-(mshidumdf) Pass-through HID to UMDF Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\mshidumdf.sys -> [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) 64bit-(BasicDisplay) BasicDisplay [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\BasicDisplay.sys -> [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) 64bit-(HyperVideo) HyperVideo [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\HyperVideo.sys -> [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) 64bit-(BasicRender) BasicRender [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\BasicRender.sys -> [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) 64bit-(gencounter) Microsoft Hyper-V Generation Counter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\vmgencounter.sys -> [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) 64bit-(kdnic) Microsoft Kernel Debug Network Miniport (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\kdnic.sys -> [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) 64bit-(acpitime) ACPI Wake Alarm Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\acpitime.sys -> [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) 64bit-(npsvctrig) Named pipe service trigger provider [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\npsvctrig.sys -> [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) 64bit-(WpdUpFltr) WPD Upper Class Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\WpdUpFltr.sys -> [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) 64bit-(acpipagr) ACPI Processor Aggregator Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\acpipagr.sys -> [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-(hyperkbd) hyperkbd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\hyperkbd.sys -> [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) 64bit-(SerCx) Serial UART Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\SerCx.sys -> [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) 64bit-(SpbCx) Simple Peripheral Bus Support Library [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\SpbCx.sys -> [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\TsUsbGD.sys -> [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) 64bit-(BthHFEnum) Bluetooth Hands-Free Audio and Call Control HID Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\bthhfenum.sys -> [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) 64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\dmvsc.sys -> [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\TsUsbFlt.sys -> [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) 64bit-(wpcfltr) Family Safety Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\wpcfltr.sys -> [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) 64bit-(NdisImPlatform) Microsoft Network Adapter Multiplexor Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\NdisImPlatform.sys -> [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) 64bit-(MsLldp) Microsoft Link-Layer Discovery Protocol [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\Drivers\mslldp.sys -> [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) 64bit-(Ndu) Windows Network Data Usage Monitoring Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\Ndu.sys -> [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) 64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\TVALZ_O.SYS -> [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) 64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\tdcmdpst.sys -> [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) 64bit-(TVALZFL) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\Drivers\TVALZFL.sys -> [2012/07/21 17:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) 64bit-(L1C) NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\L1C63x64.sys -> [2012/07/13 16:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) 64bit-(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\FwLnk.sys -> [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) 64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\HECIx64.sys -> [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) 64bit-(RTWlanE) Realtek Wireless LAN 802.11n PCI-E Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\rtwlane.sys -> [2012/06/29 21:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation ) 64bit-(RTL8192Ce) Realtek Wireless LAN 802.11n PCI-E NIC Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\rtwlane.sys -> [2012/06/29 21:00:53 | 001,119,232 | ---- | M] (Realtek Semiconductor Corporation ) 64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\IntcDAud.sys -> [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) 64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\tos_sps64.sys -> [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) 64bit-(ccSet_NARA) NARA Settings Manager [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\NARAx64\0401000.00B\ccSetx64.sys -> [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140705.001\ex64.sys -> [2014/06/30 21:06:01 | 002,099,288 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140705.001\eng64.sys -> [2014/06/30 21:06:01 | 000,126,040 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2014/06/11 06:58:06 | 000,486,192 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2014/06/11 06:58:06 | 000,142,128 | ---- | M] (Symantec Corporation) (BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -> [2014/05/09 20:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) (IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140703.001\IDSviA64.sys -> [2014/03/26 11:50:34 | 000,525,016 | ---- | M] (Symantec Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://toshiba13.msn.com -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://toshiba13.msn.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://toshiba13.msn.com -> HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Search Page" -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.comcast.net/ -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN\] -> [2014/07/05 19:28:22 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF] -> [2013/12/10 20:57:47 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2012/07/26 00:26:49 | 000,000,824 | ---- | M] - 21 lines) -> C:\windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Lync Browser Helper] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll [Norton Identity Protection] -> [2014/04/28 07:51:08 | 000,916,320 | R--- | M] (Symantec Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2014/06/09 18:18:00 | 000,256,456 | ---- | M] (Google Inc.) {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2014/06/17 07:44:09 | 002,335,960 | ---- | M] (Microsoft Corporation) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Lync Browser Helper] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll [Norton Identity Protection] -> [2014/04/28 07:51:07 | 000,654,176 | R--- | M] (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll [Norton Vulnerability Protection] -> [2014/02/20 23:45:55 | 000,392,344 | R--- | M] (Symantec Corporation) {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] -> [Updater For XFIN_PORTAL] -> File not found {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL [Microsoft SkyDrive Pro Browser Helper] -> [2014/06/17 07:44:03 | 001,730,264 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll [Norton Toolbar] -> [2014/04/28 07:51:08 | 000,916,320 | R--- | M] (Symantec Corporation) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll [Norton Toolbar] -> [2014/04/28 07:51:07 | 000,654,176 | R--- | M] (Symantec Corporation) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\windows\system32\hkcmd.exe] -> [2012/08/08 06:58:20 | 000,398,656 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\windows\system32\igfxtray.exe] -> [2012/08/08 06:58:32 | 000,170,304 | ---- | M] (Intel Corporation) "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\windows\system32\igfxpers.exe] -> [2012/08/08 06:58:26 | 000,440,640 | ---- | M] (Intel Corporation) "SRS Premium Sound HD" -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe ["C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h] -> [2012/08/19 21:30:30 | 002,170,784 | ---- | M] (SRS Labs, Inc.) "TCrdMain" -> C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [%ProgramFiles%\TOSHIBA\Hotkey\TCrdMain_Win8.exe] -> [2012/08/13 21:43:42 | 002,608,040 | ---- | M] (TOSHIBA Corporation) "TecoResident" -> [C:\Program Files\TOSHIBA\Teco\TecoResident.exe] -> File not found "TODDMain" -> C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe] -> [2012/08/04 17:01:56 | 000,213,136 | ---- | M] () "TosWaitSrv" -> C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe] -> [2012/07/11 15:54:06 | 000,356,776 | ---- | M] (TOSHIBA Corporation) "TSleepSrv" -> C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe [C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe] -> [2012/08/04 17:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) "Norton Online Backup" -> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe] -> [2012/07/11 11:48:20 | 002,995,904 | ---- | M] (Symantec Corporation) "ToshibaAppPlace" -> C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe ["C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"] -> [2010/09/23 13:03:36 | 000,552,960 | ---- | M] (Toshiba) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktopChanges" -> [1] -> File not found \\"NoActiveDesktop" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found \\"EnableCursorSuppression" -> [1] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2014/06/17 07:36:04 | 025,701,536 | ---- | M] (Microsoft Corporation) Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE [res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000] -> [2014/06/17 07:36:04 | 025,701,536 | ---- | M] (Microsoft Corporation) Se&nd to OneNote -> C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll [res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Button: Send to OneNote] -> [2014/06/17 07:43:56 | 000,615,128 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2014/06/17 07:43:56 | 000,615,128 | ---- | M] (Microsoft Corporation) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Button: Lync Click to Call] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [Menu: Lync Click to Call] -> [2014/06/17 07:44:14 | 000,218,784 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2014/06/17 07:44:00 | 000,578,264 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2014/06/17 07:44:00 | 000,578,264 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Button: Send to OneNote] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2014/06/17 07:44:20 | 000,496,856 | ---- | M] (Microsoft Corporation) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Button: Lync Click to Call] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation) {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}:{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll [Menu: Lync Click to Call] -> [2014/06/17 07:43:53 | 000,153,248 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2014/06/17 07:44:39 | 000,467,160 | ---- | M] (Microsoft Corporation) {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2014/06/17 07:44:39 | 000,467,160 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {539A2830-12ED-41F0-8128-2732C01ACB8A}\\DhcpNameServer -> 192.168.254.254 (Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)) -> {8082A7BD-9D52-4602-A29B-303B1812B027}\\DhcpNameServer -> 192.168.254.254 (Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\windows\explorer.exe -> [2013/06/01 06:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2012/07/25 22:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\windows\SysNative\SystemPropertiesPerformance.exe -> [2012/07/25 22:08:48 | 000,082,944 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\windows\SysWow64\explorer.exe -> [2013/06/01 05:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> userinit.exe -> C:\windows\SysWow64\userinit.exe -> [2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\windows\SysNative\igfxdev.dll -> [2012/08/06 09:36:18 | 000,439,296 | ---- | M] (Intel Corporation) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> livessp -> -> File not found *MultiFile Done* -> -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0AE8EE16-8BC2-4FD2-8714-B8720201EA02} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | {1101BCC2-BFDF-4B13-A4DC-4359DF2C79C4} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files\microsoft office 15\root\office15\outlook.exe | {14D052E1-9361-40D1-93A7-4CBD8246438E} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {1D0679E7-6BB9-48C4-A34F-BD3A87DFF007} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {3B6DB83B-63FE-4C77-B834-2E30428A87FF} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {4CA52156-2BB9-4CC5-83DB-34E73CDA4F93} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {57CD342D-8F77-41D9-A8ED-83E1F8167276} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {6B98EDA0-CAE6-483B-B631-C7CE63F015B2} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | {74218798-CF66-43A7-A3C9-D8CFA4C277C0} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | {7D75C920-D361-4610-9F2D-DEC119EB6608} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {80A23B66-0313-4174-83CC-A33F322A58B9} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {8CF9127C-91D4-4E14-A32A-2EF1DC92F801} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {97DCFDDE-BFDF-4219-8908-3EE7C4D873DA} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | {A377D49C-93CA-434F-8D2C-762A061D8C3C} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | {A96835FD-1C67-4BA7-A670-E1AA3ADB4CF2} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | {AEA47C3A-8991-43D1-991C-8CA5D040A8F4} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | {BF7E7EF6-B4A9-4813-99A6-A029BF731382} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {C278AF23-CB33-4AD2-9766-8DB8B66F2B1A} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | {C3CB10CA-7BFC-4233-AB17-BCBF5F1A5CB5} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | {CB369AB9-00FA-430A-8447-D8F33E58529B} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {CFEEAF84-2B28-4D8D-B4D0-A3F1A0E8454D} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | {DC371F7E-A884-4D0A-A13F-6C121DFC2B6C} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | {ED8E71CD-9D55-4CA3-9A00-B8C13E88D5B7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {F6BDB2AD-F261-4F35-9688-7E39DAA06778} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {FA974ED8-DB8A-4162-9E50-953470CF3FB8} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | {FEB7ED31-A273-4E33-982A-A283290A92A5} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {00D37076-AA25-4CDA-972F-62E161E5D0FA} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | {01865CBB-CA5E-4524-A043-2AD5018CF367} -> profile=domain | dir=out | action=allow | name=deals & offers | {04A75DE7-5C95-423C-8315-96E2A1132AA1} -> profile=private | protocol=6 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs2479\hpdiagnosticcoreui.exe | {04D7FE1C-223B-43EB-AF1C-445448CBBE8B} -> profile=domain | dir=out | action=allow | name=hulu plus | {088B00DA-95D9-4587-98A7-C70662690621} -> profile=public | protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe | {08AEC667-9EB9-40E8-A2B0-DCAE81CCCF9E} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | {09FA97F5-EE67-4E8D-9FF6-C7DA322C36B4} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | {0A1EC10A-6C21-4F75-AFD4-FEB0C6050154} -> profile=domain | dir=out | action=allow | name=winzip | {0C1EBD56-4987-4206-B787-B1C04A7673E5} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | {0C3BF455-400E-4D7D-BA4D-722092843574} -> profile=domain | dir=out | action=allow | name=- games app - | {0D8A5E60-812C-45B8-BD98-8132A4C32733} -> profile=domain | dir=out | action=allow | name=vimeo | {11610526-5372-41B8-8B76-31EEACD768F0} -> profile=domain | dir=out | action=allow | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | {13FDE399-A104-417E-B996-BA18A0B554EE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {1CF01B7D-2780-4791-8CE9-3FAE8F7A60E8} -> profile=private | protocol=17 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs2479\hpdiagnosticcoreui.exe | {1D3173AE-1DC0-47C1-B15D-72FAAF5B39BB} -> profile=domain | dir=out | action=allow | name=icookbook se | {1DDA2706-524B-49C7-BB3E-05477BDECAFE} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | {28A8DD11-2486-433B-B604-BFD73E028EFF} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {29974710-A595-48C5-9BA8-C5A1850913E8} -> profile=domain | dir=out | action=allow | name=icookbook se | {2E5AB8AA-D46E-44BE-A116-BA7E42AB118A} -> profile=domain | dir=out | action=allow | name=ebay | {31111A94-C6C6-470B-95E4-322EED84A0E6} -> profile=domain | dir=out | action=allow | name=norton studio | {35296BAC-DA50-43BA-8C1E-2A21D134C3DC} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | {3A08AF19-D95F-478A-B62C-186A5330FC44} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | {3C32F072-EE68-491C-A329-CF78258D8654} -> profile=domain | dir=out | action=allow | name=book place | {3D042F24-511A-4D4D-8CB9-5DDF8E592690} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {4277BA8B-C738-4384-9C30-B2CC273D68F1} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | {432C232B-2252-40D6-BB0C-68824316E597} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | {4384A9ED-73AC-44B2-9C3A-A91AC12D0751} -> profile=domain | dir=out | action=allow | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | {4449992E-9FB7-4572-BAEA-359C3372B3CD} -> profile=private | protocol=6 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe | {49AAFBA7-1CEA-4476-83CA-93C7B2B5AA06} -> profile=domain | dir=out | action=allow | name=iheartradio | {4D257096-9854-43EC-B105-09B65129BA9C} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | {510D8207-0CA5-43BF-890E-75F4D765BBC1} -> profile=domain | dir=in | action=allow | name=ebay | {53BB6FF5-47CE-42E1-A1B6-4719B6CDB160} -> profile=domain | dir=in | action=allow | name=toshiba media player by smedio truelink+ | {597A8948-946A-4AA8-ADEA-5BA43038FFCA} -> profile=domain | dir=out | action=allow | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | {5A4F3AAD-5999-4AA3-BCCE-2C1039FD3C4D} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {5B9BBBC2-2CCA-4C5F-A45A-812F0BB7FF10} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | {5D69B7FD-3B8B-41AE-AF10-5CC50277703A} -> profile=domain | dir=out | action=allow | name=skype | {5F7F3610-4C05-43B2-9A69-B1DB554F6BB2} -> profile=domain | dir=out | action=allow | name=deals & offers | {606EEE95-5559-41B9-B532-46397120E3B5} -> profile=domain | dir=out | action=allow | name=norton studio | {618F236B-F9EF-42F1-95F8-75AF67BEE5D8} -> profile=domain | dir=out | action=allow | name=toshiba media player by smedio truelink+ | {63360F44-B396-4326-B551-57275DC67178} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | {634D3675-0685-4678-A2E9-828AFE35D64C} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | {645FB1A5-2886-447C-BEA6-570F23901BCD} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | {65044C02-6C2A-46D7-A288-ADCFF8C7F662} -> profile=domain | dir=out | action=allow | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | {661BF13D-2495-470E-88AF-0F7A111E3324} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {67C8BB22-423B-469E-96ED-B04A04A8F12A} -> profile=private | protocol=17 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs215c\hpdiagnosticcoreui.exe | {683D64C9-65CA-436B-A109-F3CA4BA059CE} -> profile=domain | dir=out | action=allow | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | {6B8020BD-F96F-45D8-BAA9-9E313894B01D} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | {6BD1D196-A046-475C-B6C4-59FC34A103F3} -> profile=domain | dir=out | action=allow | name=merriam-webster dictionary | {6CA9EF51-944F-4317-A242-F7E5ABB714C1} -> profile=domain | dir=in | action=allow | name=toshiba media player by smedio truelink+ | {7077F10C-4377-437F-A3AD-66B19B8A72C5} -> profile=domain | dir=out | action=allow | name=merriam-webster dictionary | {7124542B-C08C-4F38-9913-43734E6761DB} -> profile=domain | dir=in | action=allow | name=hp printer control | {7664E9B7-4446-4FFA-9151-D1B862FD6061} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | {7B7EB468-1D30-426D-B692-64F352827A0C} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | {7C1AA0B8-7409-4583-B6DB-A2946D72228D} -> profile=domain | dir=out | action=allow | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | {7E5DBB05-0355-4949-82AD-F29CA9CD7D0A} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | {808F1451-4108-46FD-ADBB-F17324B5F0BD} -> profile=domain | dir=out | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | {8231F956-6EEC-4F96-AA87-317369A0F485} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | {82A4EBF3-3DD5-4FE4-BA91-25E01FDF35A3} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | {8510376E-3ADC-4144-938B-464C06E6AA8A} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | {8A3717BB-405B-49A1-8929-804C8F0C91B1} -> profile=private | protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe | {8C218A76-F9B0-4996-B126-175D3963F32D} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | {8C489F30-4338-484E-A78B-BC56FB7F918B} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | {8D71CF4F-F2EA-400F-9C1B-9D5F38BA0019} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync ucmapi | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | {8DCCD9A1-54D8-4D56-A182-740E0BA5AF50} -> profile=domain | dir=out | action=allow | name=encyclopaedia britannica | {9034B92E-D3E8-4608-986B-F1871FC9C336} -> profile=domain | dir=out | action=allow | name=news place | {933DDE42-6F66-410A-AB90-5740102FC349} -> profile=domain | dir=out | action=allow | name=encyclopaedia britannica | {9785D2CC-588E-4809-9AD8-1266E80C3DC9} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe | {996F6F8D-53FF-48E4-8DA7-9418B51118EE} -> profile=domain | dir=out | action=allow | name=news place | {9A06772E-7BA4-44C6-8EC3-4B6171D9BD40} -> profile=domain | dir=out | action=allow | name=netflix | {9AB68142-8C80-405B-978C-780EC61D4184} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | {9DB4562C-0E9F-4D37-99E6-A85728A2A2CF} -> profile=domain | dir=in | action=allow | name=skype | {A1D443E6-B0F0-47B2-A6BC-6D53E96268E5} -> profile=domain | dir=out | action=allow | name=hulu plus | {A6030A3E-2C39-4870-A8C4-941E2381555E} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | {A90A59FF-BF97-4BF5-BAC8-F9938540F642} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | {AAEE2E2A-3921-4665-B7A5-41E3D1E076CD} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | {AB4E3DA2-D3E4-4249-B9E7-C38166A52679} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | {ABD7C207-C5CF-431A-8BA1-AB320594C1D5} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {AD6F6695-876C-4E1C-93AB-5A24096EF135} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {AF6C0E12-7718-4F00-B8A9-E5FA2B6D126A} -> profile=domain | dir=in | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | {B155F8B6-ABCB-4398-8350-ECABFB95C37F} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | {B19D9DD9-45D6-4945-96BA-44DD70EF3E40} -> profile=domain | dir=out | action=allow | name=amazon for windows | {B1FFE2EE-69E2-4E26-9132-BED1109EEBC5} -> profile=domain | dir=out | action=allow | name=amazon | {B3697FEF-3ED4-4763-AE92-8D078C2DE380} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft lync | app=c:\program files\microsoft office 15\root\office15\lync.exe | {B4FDDD36-A2D8-45D4-8406-62304B8CA97D} -> profile=domain | dir=out | action=allow | name=stumbleupon | {B6012906-C2DD-4DE8-B060-30A368BA1406} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | {BA9428DE-1170-4791-B892-C57D63093B31} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | {BB23E9A7-834E-4ED1-B8E3-A7E2F164E150} -> profile=domain | dir=out | action=allow | name=vimeo | {BB6B8DC8-A7AA-4B00-8F41-B65ADD1393CE} -> profile=domain | dir=out | action=allow | name=toshiba media player by smedio truelink+ | {C3E7F810-C47E-48AE-93B0-2F365AC92234} -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires iii | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | {C42C9C11-7201-4803-8F22-D676678AA92C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {C6CD1ED6-8A6E-4212-8A57-6C6A28DC9FE0} -> profile=domain | dir=out | action=allow | name=stumbleupon | {C8FA63FE-09DB-47F6-AA03-458702E77290} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {CC11B8BD-43DF-4D29-BCEE-8F2962ED3492} -> profile=domain | dir=out | action=allow | name=toshiba central | {CD15E40D-5CE7-48E8-993A-9E4109CD0375} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | {D23CBAB6-585E-439E-A4ED-FCDC79CC02FE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | {D2A5D207-D141-4119-8C87-7639069BE77D} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | {D40626E2-CB06-4F1A-8605-AA05431F3AA5} -> profile=domain | dir=out | action=allow | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | {D449057C-9769-45D7-BF03-196BAA391236} -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires iii | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | {D4B57171-48D2-4DFC-BC5B-F263B81FCC20} -> profile=domain | dir=out | action=allow | name=iheartradio | {D5E9F646-E749-413E-A042-57B7158833B5} -> profile=domain | dir=out | action=allow | name=@{microsoft.zunemusic_1.5.214.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | {DAF19B3F-AB39-431F-B153-9FBEFB3F400C} -> profile=public | protocol=17 | dir=in | action=allow | name=ilivid | app=c:\users\karyn\appdata\local\ilivid\ilivid.exe | {DD19A53A-3CB9-4659-AF0E-79D32F7D3570} -> profile=domain | dir=out | action=allow | name=book place | {E03317F6-4EDC-46EF-A73E-C91CFA606887} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {E0C82861-3B00-4808-A240-C49E1FBE4DA7} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {E7985E1D-C36F-4787-80A8-6350D07E9266} -> profile=domain | dir=in | action=allow | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | {E80A9C95-2664-491C-B944-3E75A49881A2} -> profile=domain | dir=in | action=allow | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | {E8235609-D419-4324-BFEE-723F0507AE81} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | {E8887946-678D-4EFE-B09B-EA49AEAB79AC} -> profile=domain | dir=out | action=allow | name=windows_ie_ac_001 | {E9F7AF3A-DC90-4D12-B574-534BD16B016A} -> profile=domain | dir=in | action=allow | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | {EB6FFC70-57B7-4098-BCE8-B96F206779FC} -> profile=domain | dir=out | action=allow | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | {EBFA4315-CF8C-4704-A1F0-A6A007C98C05} -> profile=domain | dir=out | action=allow | name=ebay | {F0946E1D-6207-4582-B96A-5526CA2E7376} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | {F2F67478-570C-4398-944B-8B63D7BDC1E4} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {F35737F7-98C3-43A7-9524-112D63B1888C} -> profile=domain | dir=out | action=allow | name=hp printer control | {F5D327E7-9598-48F9-A5CD-0F1C67E6AF79} -> profile=domain | dir=out | action=allow | name=toshiba central | {F9A987D9-82F9-4183-A940-3EC1DE1D8388} -> profile=domain | dir=in | action=allow | name=amazon for windows | {FB149523-1F1E-48B5-A683-8A2A6F14D694} -> profile=domain | dir=out | action=allow | name=- games app - | {FC335A2D-4EDD-45F7-BC52-C7E1548C5D0F} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | {FC580799-6EA2-4A9E-A850-0720F3CA430D} -> profile=domain | dir=out | action=allow | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | {FF824EDE-66AA-4115-8A59-5A070598E22C} -> profile=domain | dir=out | action=allow | name=netflix | {FFA928CE-3E67-4C64-95F5-89D076D60F88} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | {FFF19288-2F84-4828-82A7-94B807746267} -> profile=domain | dir=in | action=allow | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | {FFF44B28-29E8-452A-8A98-49B2E208E292} -> profile=private | protocol=6 | dir=in | action=allow | name=hpsaps | app=c:\users\casey\appdata\local\temp\7zs215c\hpdiagnosticcoreui.exe | TCP Query User{50A7BDC6-FA73-4DB9-8261-F5F191723F64}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=private | protocol=6 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | TCP Query User{87FC5BCB-DAF6-4C24-9AEA-139076931952}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=public | protocol=6 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | UDP Query User{8DE18A2C-7ABC-4ADE-907B-4C5E0156FB51}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=public | protocol=17 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | UDP Query User{F06A9C48-BF6D-4451-845E-028F72CE8CA9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe -> profile=private | protocol=17 | dir=in | action=block | name=norton online backup service | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> @cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver -> "ImagePath" -> [\SystemRoot\System32\drivers\cdrom.sys] -> File not found < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | C] (OldTimer Tools) HitmanPro -> C:\ProgramData\HitmanPro -> [2014/07/05 18:57:40 | 000,000,000 | ---D | C] AdwCleaner -> C:\AdwCleaner -> [2014/07/04 14:55:50 | 000,000,000 | ---D | C] MBAMSwissArmy.sys -> C:\windows\SysNative\drivers\MBAMSwissArmy.sys -> [2014/07/04 14:38:38 | 000,122,584 | ---- | C] (Malwarebytes Corporation) mbamchameleon.sys -> C:\windows\SysNative\drivers\mbamchameleon.sys -> [2014/07/04 14:37:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) mwac.sys -> C:\windows\SysNative\drivers\mwac.sys -> [2014/07/04 14:37:55 | 000,064,216 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2014/07/04 14:37:55 | 000,025,816 | ---- | C] (Malwarebytes Corporation) Malwarebytes Anti-Malware -> C:\Program Files (x86)\Malwarebytes Anti-Malware -> [2014/07/04 14:37:55 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2014/07/04 14:37:55 | 000,000,000 | ---D | C] SoftwareDistribution -> C:\windows\SoftwareDistribution -> [2014/06/30 20:27:33 | 000,000,000 | ---D | C] SMR410 -> C:\ProgramData\SMR410 -> [2014/06/30 18:15:55 | 000,000,000 | ---D | C] Apple Computer -> C:\Users\Casey\AppData\Local\Apple Computer -> [2014/06/28 14:47:41 | 000,000,000 | ---D | C] NPE -> C:\Users\Casey\AppData\Local\NPE -> [2014/06/28 14:44:55 | 000,000,000 | ---D | C] InstallSightSDK -> C:\ProgramData\InstallSightSDK -> [2014/06/28 09:04:25 | 000,000,000 | ---D | C] webinstr.sys -> C:\windows\SysNative\drivers\webinstr.sys -> [2014/06/20 21:25:28 | 000,057,528 | ---- | C] (Corsica) Google -> C:\Program Files\Google -> [2014/06/09 18:08:07 | 000,000,000 | ---D | C] Google -> C:\Users\Casey\AppData\Local\Google -> [2014/06/09 18:03:49 | 000,000,000 | ---D | C] Google -> C:\Program Files (x86)\Google -> [2014/06/09 18:03:44 | 000,000,000 | ---D | C] Common Files -> C:\ProgramData\Common Files -> [2014/06/09 17:58:49 | 000,000,000 | -H-D | C] [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\Casey\Desktop\OTS.exe -> [2014/07/05 19:30:38 | 000,646,656 | ---- | M] (OldTimer Tools) bootstat.dat -> C:\windows\bootstat.dat -> [2014/07/05 19:27:49 | 000,067,584 | --S- | M] () GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/07/05 19:26:41 | 000,000,912 | ---- | M] () MBAMSwissArmy.sys -> C:\windows\SysNative\drivers\MBAMSwissArmy.sys -> [2014/07/05 19:26:38 | 000,122,584 | ---- | M] (Malwarebytes Corporation) BetterMarkIt_wd.job -> C:\windows\tasks\BetterMarkIt_wd.job -> [2014/07/05 19:26:37 | 000,000,408 | ---- | M] () swapfile.sys -> C:\swapfile.sys -> [2014/07/05 19:25:45 | 268,435,456 | -HS- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2014/07/05 19:25:42 | 3338,846,208 | -HS- | M] () GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/07/05 19:23:23 | 000,000,916 | ---- | M] () Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2014/07/04 14:38:00 | 000,001,113 | ---- | M] () VT20140701.003 -> C:\windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003 -> [2014/07/01 04:23:42 | 000,040,105 | ---- | M] () PerfStringBackup.INI -> C:\windows\SysNative\PerfStringBackup.INI -> [2014/06/30 09:13:30 | 000,848,230 | ---- | M] () perfh009.dat -> C:\windows\SysNative\perfh009.dat -> [2014/06/30 09:13:30 | 000,719,418 | ---- | M] () perfc009.dat -> C:\windows\SysNative\perfc009.dat -> [2014/06/30 09:13:30 | 000,132,748 | ---- | M] () Msft_Kernel_webinstr_01009.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf -> [2014/06/20 21:25:34 | 000,000,000 | -H-- | M] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/06/20 21:25:28 | 000,000,258 | RHS- | M] () Cat.DB -> C:\windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB -> [2014/06/15 18:26:25 | 002,701,284 | ---- | M] () Msft_Kernel_dc3d_01011.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf -> [2014/06/12 09:18:39 | 000,000,000 | -H-- | M] () Norton Security Suite.lnk -> C:\Users\Public\Desktop\Norton Security Suite.lnk -> [2014/06/12 09:09:11 | 000,002,451 | ---- | M] () webinstr.sys -> C:\windows\SysNative\drivers\webinstr.sys -> [2014/06/10 04:46:14 | 000,057,528 | ---- | M] (Corsica) 4 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> 4 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> [Files - No Company Name] Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2014/07/04 14:37:59 | 000,001,113 | ---- | C] () Msft_Kernel_webinstr_01009.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf -> [2014/06/20 21:25:34 | 000,000,000 | -H-- | C] () ntuser.pol -> C:\ProgramData\ntuser.pol -> [2014/06/20 21:25:28 | 000,000,258 | RHS- | C] () Msft_Kernel_dc3d_01011.Wdf -> C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf -> [2014/06/12 09:18:39 | 000,000,000 | -H-- | C] () ApnDatabase.xml -> C:\windows\SysNative\ApnDatabase.xml -> [2014/06/12 09:18:14 | 000,387,268 | ---- | C] () BetterMarkIt_wd.job -> C:\windows\tasks\BetterMarkIt_wd.job -> [2014/06/09 18:10:00 | 000,000,408 | ---- | C] () GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2014/06/09 18:07:59 | 000,000,916 | ---- | C] () GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2014/06/09 18:07:57 | 000,000,912 | ---- | C] () SAH_Install.ini -> C:\ProgramData\SAH_Install.ini -> [2013/12/31 12:17:30 | 000,000,097 | ---- | C] () OEMLicense.dll -> C:\windows\SysWow64\OEMLicense.dll -> [2013/09/10 15:03:53 | 000,083,968 | ---- | C] () ISSRemoveSP.exe -> C:\windows\SysWow64\ISSRemoveSP.exe -> [2013/04/23 08:29:58 | 000,451,072 | ---- | C] () igvpkrng700.bin -> C:\windows\SysWow64\igvpkrng700.bin -> [2012/08/06 09:36:22 | 000,598,780 | ---- | C] () igdde32.dll -> C:\windows\SysWow64\igdde32.dll -> [2012/08/06 09:36:08 | 000,064,512 | ---- | C] () igcodeckrng700.bin -> C:\windows\SysWow64\igcodeckrng700.bin -> [2012/08/06 09:36:06 | 000,755,048 | ---- | C] () dssec.dat -> C:\windows\SysWow64\dssec.dat -> [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () NOISE.DAT -> C:\windows\SysWow64\NOISE.DAT -> [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () bootstat.dat -> C:\windows\bootstat.dat -> [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () BWContextHandler.dll -> C:\windows\SysWow64\BWContextHandler.dll -> [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () mib.bin -> C:\windows\mib.bin -> [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () msjetoledb40.dll -> C:\windows\SysWow64\msjetoledb40.dll -> [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () [File - Lop Check] ID Vault -> C:\Users\Casey\AppData\Roaming\ID Vault -> [2013/10/13 16:47:25 | 000,000,000 | ---D | M] sMedio -> C:\Users\Casey\AppData\Roaming\sMedio -> [2013/08/25 18:19:38 | 000,000,000 | ---D | M] WinBatch -> C:\Users\Casey\AppData\Roaming\WinBatch -> [2013/08/24 09:14:05 | 000,000,000 | ---D | M] BetterMarkIt_wd.job -> C:\windows\Tasks\BetterMarkIt_wd.job -> [2014/07/05 19:26:37 | 000,000,408 | ---- | M] () [File - Purity Scan] < End of report >