# Windows Firewall issue - Virus?



## AndrewRLP (Aug 3, 2014)

Hi, I've been asked to move my topic here ---> http://forums.techguy.org/windows-7/1130866-windows-firewall-2.html

Can anyone help please?

Thanks.
OS: Windows 7 Home Premium with Service Pack 1


----------



## Mark1956 (May 7, 2011)

I've just been reading your other thread, before we try Combofix I'd like to see a full report of what is on your system. Please run the following scan and post both of the logs produced.

Check that the download location is set to the Desktop in which ever browser you will be using to download any of the tools we may use: How to change the download location in IE, Firefox, Chrome and Opera

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the* Scan* button. *DO NOT* check any of the Optional Scan options unless requested.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## AndrewRLP (Aug 3, 2014)

FRST Logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Suzie (administrator) on SUZIE-VAIO on 04-08-2014 16:36:22
Running from C:\Users\Suzie\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-27] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-25] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-21] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x63AF7EF88AADCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm064^YYA^au&si=wiseconvert&ptb=092E6B19-E14C-45D4-AE14-C5196424C31C&ind=2014041208&n=780bd478&psa=&st=sb&searchfor={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://www.sony.com.au/HP/script/supt/VaioInfo.CAB
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: tmpx - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: tmpx - No CLSID Value - 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: bing.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Skype Click to Call) - C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-10]
CHR Extension: (Google Wallet) - C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-19] (ArcSoft Inc.)
S4 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-01-20] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S4 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
S4 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-08] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] () [File not signed]
S4 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-22] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-24] (ArcSoft, Inc.)
S4 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-30] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-27] (Sony Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-20] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
U5 b57nd60a; C:\Windows\System32\Drivers\b57nd60a.sys [270848 2009-06-11] (Broadcom Corporation)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-01-20] (Atheros)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-05] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-04] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-24] (Microsoft Corporation) [File not signed]
S3 TVICHW32; C:\Windows\system32\DRIVERS\TVICHW32.SYS [21200 2013-06-22] (EnTech Taiwan)
S3 TVICHW32; C:\Windows\SysWOW64\DRIVERS\TVICHW32.SYS [29536 2013-06-22] (EnTech Taiwan)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 16:36 - 2014-08-04 16:37 - 00014823 _____ () C:\Users\Suzie\Desktop\FRST.txt
2014-08-04 16:36 - 2014-08-04 16:36 - 00000000 ___DC () C:\FRST
2014-08-04 16:34 - 2014-08-04 16:34 - 02094080 _____ (Farbar) C:\Users\Suzie\Desktop\FRST64.exe
2014-08-04 09:15 - 2014-08-04 14:43 - 00002140 _____ () C:\Windows\system32\0
2014-08-04 08:17 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\InstallShield
2014-08-04 08:14 - 2014-08-04 08:14 - 00004406 _____ () C:\Windows\DPINST.LOG
2014-08-04 08:10 - 2014-08-04 08:17 - 00000000 _____ () C:\Windows\Model.log
2014-08-03 23:35 - 2014-08-03 23:36 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-08-03 23:18 - 2014-08-04 16:36 - 00060468 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 23:17 - 2014-08-04 16:33 - 00000560 _____ () C:\Windows\setupact.log
2014-08-03 23:17 - 2014-08-03 23:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 23:16 - 2014-08-04 08:25 - 00002938 _____ () C:\Windows\PFRO.log
2014-08-03 22:29 - 2014-08-04 08:30 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-03 22:29 - 2014-08-03 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-03 22:25 - 2014-08-03 22:25 - 04806744 _____ () C:\Users\Suzie\Desktop\RogueKiller.exe
2014-08-03 22:22 - 2014-08-03 22:22 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Suzie\Downloads\rkill.com
2014-08-03 20:54 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-08-03 20:49 - 2014-08-03 20:54 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\IObit
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Apple Computer
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\ProgramData\IObit
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-03 20:43 - 2014-08-03 21:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-03 20:37 - 2014-08-03 20:37 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\BlueSprig
2014-08-03 20:37 - 2014-08-03 20:37 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-08-02 01:07 - 2014-08-02 01:07 - 00003205 _____ () C:\Users\Suzie\Desktop\Sophos Virus Removal Tool.lnk
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-01 22:58 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 22:58 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 22:58 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 22:58 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 22:58 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 22:58 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 22:58 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 22:58 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 22:58 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 22:58 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 22:58 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 22:58 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 22:58 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 22:58 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 22:55 - 2014-08-01 22:55 - 01166232 _____ (Magical Jelly Bean ) C:\Users\Suzie\Downloads\KeyFinderInstaller.exe
2014-07-25 19:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 19:32 - 2014-07-25 19:33 - 00000000 ____D () C:\Users\Suzie\Downloads\RemoteDll
2014-07-25 19:32 - 2014-07-25 19:32 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2014-07-25 19:14 - 2014-08-04 16:33 - 00000396 _____ () C:\Windows\Tasks\RegInOut on user logon - Suzie.job
2014-07-25 19:14 - 2014-07-25 19:14 - 00002760 _____ () C:\Windows\System32\Tasks\RegInOut on user logon - Suzie
2014-07-25 19:14 - 2014-07-25 19:14 - 00000000 ____D () C:\ProgramData\RegInOut
2014-07-22 22:48 - 2014-07-22 22:48 - 00001074 _____ () C:\Users\Suzie\Documents\cc_20140722_224831.reg
2014-07-22 22:48 - 2014-07-22 22:48 - 00000164 _____ () C:\Users\Suzie\Documents\cc_20140722_224845.reg
2014-07-20 21:51 - 2014-07-22 22:44 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-07-20 21:44 - 2014-07-25 06:39 - 00002072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
2014-07-20 20:20 - 2014-07-20 20:20 - 00000000 ___RD () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-20 19:34 - 2014-07-20 18:19 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.backup
2014-07-20 19:31 - 2014-07-20 19:33 - 00000000 ____D () C:\ProgramData\Max Secure
2014-07-20 19:16 - 2014-07-20 19:17 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\GetRightToGo
2014-07-20 18:28 - 2014-07-20 18:28 - 00002180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xperia Link.lnk
2014-07-20 16:48 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\BitOptimizer
2014-07-20 16:48 - 2014-07-20 16:48 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\BitOptimizer
2014-07-20 16:22 - 2014-08-04 08:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 16:22 - 2014-07-20 16:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 16:22 - 2014-07-20 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 16:21 - 2014-07-20 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 16:21 - 2014-07-20 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 16:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 16:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 16:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 16:15 - 2014-07-20 16:15 - 00013179 _____ () C:\Users\Suzie\Downloads\hijackthis.log
2014-07-20 16:14 - 2014-07-20 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Suzie\Downloads\HijackThis.exe
2014-07-20 16:11 - 2014-08-04 08:17 - 00000023 _____ () C:\Windows\Model.txt
2014-07-20 15:47 - 2014-07-20 15:56 - 551293744 _____ () C:\Users\Suzie\Downloads\Windows6.1-KB947821-v33-x64 (1).msu
2014-07-20 08:53 - 2014-07-20 08:53 - 00000000 ___DC () C:\f9390e4f15566e16a6ac
2014-07-20 08:51 - 2014-07-20 08:52 - 29611712 _____ (Microsoft Corporation) C:\Users\Suzie\Downloads\Windows-KB890830-x64-V5.14 (1).exe
2014-07-19 23:49 - 2014-07-19 23:49 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-07-19 21:31 - 2014-07-19 21:52 - 551293744 _____ () C:\Users\Suzie\Downloads\Windows6.1-KB947821-v33-x64.msu
2014-07-10 21:58 - 2014-07-10 21:58 - 00842220 _____ () C:\Users\Suzie\Desktop\suzie tax 2013-14.fp3
2014-07-10 19:28 - 2014-07-10 22:00 - 00079520 _____ () C:\Users\Suzie\Documents\SUZIEF.TAX
2014-07-10 19:28 - 2014-07-10 21:57 - 00078368 _____ () C:\Users\Suzie\Documents\SUZIEF.BAK
2014-07-10 19:09 - 2014-07-10 19:19 - 00010864 _____ () C:\Users\Suzie\Documents\SUSANF.TAX
2014-07-10 19:09 - 2014-07-10 19:14 - 00010224 _____ () C:\Users\Suzie\Documents\SUSANF.BAK
2014-07-09 23:42 - 2014-07-09 23:42 - 29611712 _____ (Microsoft Corporation) C:\Users\Suzie\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-09 23:38 - 2014-07-09 23:38 - 00002430 _____ () C:\Users\Suzie\Documents\cc_20140709_233758.reg
2014-07-09 23:38 - 2014-07-09 23:38 - 00000164 _____ () C:\Users\Suzie\Documents\cc_20140709_233812.reg
2014-07-09 10:34 - 2014-06-30 12:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 10:34 - 2014-06-30 12:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 10:34 - 2014-06-21 06:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:34 - 2014-06-21 05:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:34 - 2014-06-19 11:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:34 - 2014-06-19 11:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:34 - 2014-06-19 11:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 10:34 - 2014-06-19 10:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:34 - 2014-06-19 10:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 10:34 - 2014-06-19 10:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 10:34 - 2014-06-19 10:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 10:34 - 2014-06-19 10:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 10:34 - 2014-06-19 10:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:34 - 2014-06-19 10:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 10:34 - 2014-06-19 10:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 10:34 - 2014-06-19 10:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 10:34 - 2014-06-19 10:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 10:34 - 2014-06-19 10:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 10:34 - 2014-06-19 10:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:34 - 2014-06-19 10:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 10:34 - 2014-06-19 10:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:34 - 2014-06-19 09:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 10:34 - 2014-06-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:34 - 2014-06-19 09:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 10:34 - 2014-06-19 09:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:34 - 2014-06-19 09:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:34 - 2014-06-19 09:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:34 - 2014-06-19 09:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:34 - 2014-06-19 09:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:34 - 2014-06-19 09:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:34 - 2014-06-19 09:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 10:34 - 2014-06-19 09:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 10:34 - 2014-06-19 09:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:34 - 2014-06-19 09:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:34 - 2014-06-19 09:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:34 - 2014-06-19 09:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:34 - 2014-06-19 09:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:34 - 2014-06-19 09:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 10:34 - 2014-06-19 09:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:34 - 2014-06-19 09:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:34 - 2014-06-19 09:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 10:34 - 2014-06-19 09:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:34 - 2014-06-19 09:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 10:34 - 2014-06-19 09:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:34 - 2014-06-19 08:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:34 - 2014-06-19 08:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:34 - 2014-06-19 08:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:34 - 2014-06-19 08:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:34 - 2014-06-19 08:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:34 - 2014-06-19 08:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:34 - 2014-06-19 08:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 10:34 - 2014-06-19 08:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:34 - 2014-06-19 08:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:34 - 2014-06-19 08:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:34 - 2014-06-19 08:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:34 - 2014-06-19 08:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:34 - 2014-06-19 08:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:34 - 2014-06-19 08:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:34 - 2014-06-18 12:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:34 - 2014-06-18 11:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:34 - 2014-06-18 11:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:34 - 2014-06-06 20:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 10:34 - 2014-06-06 19:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 10:34 - 2014-05-30 18:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 10:34 - 2014-05-30 17:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 10:34 - 2014-05-30 16:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:33 - 2014-06-06 00:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 10:33 - 2014-06-06 00:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 10:33 - 2014-06-06 00:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 12:43 - 2014-07-08 12:43 - 00001307 _____ () C:\Users\Suzie\Downloads\RecentTripData.csv
2014-07-08 10:03 - 2014-07-08 13:10 - 00012416 _____ () C:\Users\Suzie\Documents\SF2014.TAX
2014-07-08 10:03 - 2014-07-08 13:10 - 00012416 _____ () C:\Users\Suzie\Documents\SF2014.BAK
2014-07-08 10:01 - 2014-07-08 10:01 - 00000000 ____D () C:\Users\Suzie\AppData\Local\etax2014
2014-07-08 09:59 - 2014-07-08 09:59 - 00001923 _____ () C:\Users\Suzie\Desktop\e-tax 2014.lnk
2014-07-08 09:59 - 2014-07-08 09:59 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-07-08 09:58 - 2014-07-08 09:59 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-07-08 09:56 - 2014-07-08 09:57 - 30777344 _____ () C:\Users\Suzie\Downloads\etax2014_1.msi
2014-07-08 09:56 - 2014-07-08 09:57 - 24409000 _____ () C:\Users\Suzie\Downloads\etax2014_1.dmg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 16:37 - 2014-08-04 16:36 - 00014823 _____ () C:\Users\Suzie\Desktop\FRST.txt
2014-08-04 16:36 - 2014-08-04 16:36 - 00000000 ___DC () C:\FRST
2014-08-04 16:36 - 2014-08-03 23:18 - 00060468 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 16:36 - 2013-04-30 19:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 16:34 - 2014-08-04 16:34 - 02094080 _____ (Farbar) C:\Users\Suzie\Desktop\FRST64.exe
2014-08-04 16:33 - 2014-08-03 23:17 - 00000560 _____ () C:\Windows\setupact.log
2014-08-04 16:33 - 2014-07-25 19:14 - 00000396 _____ () C:\Windows\Tasks\RegInOut on user logon - Suzie.job
2014-08-04 16:33 - 2013-04-30 19:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 16:33 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 15:58 - 2009-07-14 14:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:58 - 2009-07-14 14:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:17 - 2013-04-30 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 14:43 - 2014-08-04 09:15 - 00002140 _____ () C:\Windows\system32\0
2014-08-04 14:41 - 2013-05-14 19:38 - 00000000 ____D () C:\Users\Suzie\Documents\Outlook Files
2014-08-04 12:24 - 2013-05-14 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-04 08:38 - 2014-07-20 16:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 08:30 - 2014-08-03 22:29 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-04 08:25 - 2014-08-03 23:16 - 00002938 _____ () C:\Windows\PFRO.log
2014-08-04 08:25 - 2013-04-30 06:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-04 08:25 - 2013-04-30 06:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-04 08:18 - 2013-04-30 16:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-08-04 08:17 - 2014-08-04 08:17 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\InstallShield
2014-08-04 08:17 - 2014-08-04 08:10 - 00000000 _____ () C:\Windows\Model.log
2014-08-04 08:17 - 2014-07-20 16:11 - 00000023 _____ () C:\Windows\Model.txt
2014-08-04 08:17 - 2013-04-30 16:10 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-08-04 08:14 - 2014-08-04 08:14 - 00004406 _____ () C:\Windows\DPINST.LOG
2014-08-03 23:36 - 2014-08-03 23:35 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-08-03 23:17 - 2014-08-03 23:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-03 22:29 - 2014-08-03 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-03 22:25 - 2014-08-03 22:25 - 04806744 _____ () C:\Users\Suzie\Desktop\RogueKiller.exe
2014-08-03 22:22 - 2014-08-03 22:22 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Suzie\Downloads\rkill.com
2014-08-03 21:22 - 2009-07-14 14:54 - 00000749 ___RH () C:\Windows\WindowsShell.Manifest
2014-08-03 21:22 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-03 21:06 - 2014-08-03 20:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-03 21:02 - 2013-04-30 06:01 - 00000000 ____D () C:\Users\Suzie
2014-08-03 20:54 - 2014-08-03 20:49 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\IObit
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Apple Computer
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\ProgramData\IObit
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-08-03 20:49 - 2014-08-03 20:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-03 20:37 - 2014-08-03 20:37 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\BlueSprig
2014-08-03 20:37 - 2014-08-03 20:37 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2014-08-02 09:34 - 2013-07-06 18:30 - 00000000 ____D () C:\Users\Suzie\Desktop\My Shared Folder
2014-08-02 01:07 - 2014-08-02 01:07 - 00003205 _____ () C:\Users\Suzie\Desktop\Sophos Virus Removal Tool.lnk
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-02 01:07 - 2014-08-02 01:07 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-01 23:45 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 22:55 - 2014-08-01 22:55 - 01166232 _____ (Magical Jelly Bean ) C:\Users\Suzie\Downloads\KeyFinderInstaller.exe
2014-08-01 20:31 - 2013-11-02 10:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-27 17:14 - 2013-04-30 07:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 17:14 - 2013-04-30 07:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 22:34 - 2013-04-30 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 20:40 - 2014-06-16 21:59 - 00004982 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Suzie-VAIO-Suzie Suzie-VAIO
2014-07-25 19:33 - 2014-07-25 19:32 - 00000000 ____D () C:\Users\Suzie\Downloads\RemoteDll
2014-07-25 19:32 - 2014-07-25 19:32 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2014-07-25 19:14 - 2014-07-25 19:14 - 00002760 _____ () C:\Windows\System32\Tasks\RegInOut on user logon - Suzie
2014-07-25 19:14 - 2014-07-25 19:14 - 00000000 ____D () C:\ProgramData\RegInOut
2014-07-25 06:45 - 2013-04-30 06:43 - 00000000 ____D () C:\Update
2014-07-25 06:39 - 2014-07-20 21:44 - 00002072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
2014-07-22 22:48 - 2014-07-22 22:48 - 00001074 _____ () C:\Users\Suzie\Documents\cc_20140722_224831.reg
2014-07-22 22:48 - 2014-07-22 22:48 - 00000164 _____ () C:\Users\Suzie\Documents\cc_20140722_224845.reg
2014-07-22 22:44 - 2014-07-20 21:51 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-07-21 19:15 - 2009-07-14 12:34 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140803-204628.backup
2014-07-20 21:44 - 2013-04-30 16:38 - 00000000 ____D () C:\Program Files\Sony
2014-07-20 21:44 - 2013-04-30 16:19 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-07-20 21:44 - 2013-04-30 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 20:20 - 2014-07-20 20:20 - 00000000 ___RD () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-20 20:06 - 2013-04-30 16:45 - 00000000 ____D () C:\ProgramData\Temp
2014-07-20 19:58 - 2013-04-30 06:03 - 00121456 _____ () C:\Users\Suzie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 19:53 - 2009-07-14 14:45 - 00474576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 19:38 - 2013-04-30 06:02 - 00002267 _____ () C:\Users\Suzie\Desktop\Internet Explorer.lnk
2014-07-20 19:33 - 2014-07-20 19:31 - 00000000 ____D () C:\ProgramData\Max Secure
2014-07-20 19:17 - 2014-07-20 19:16 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\GetRightToGo
2014-07-20 18:28 - 2014-07-20 18:28 - 00002180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xperia Link.lnk
2014-07-20 18:28 - 2013-04-30 16:19 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-07-20 18:19 - 2014-07-20 19:34 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.backup
2014-07-20 18:19 - 2009-07-14 12:34 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140721-191520.backup
2014-07-20 17:04 - 2014-07-20 16:48 - 00000000 ____D () C:\ProgramData\BitOptimizer
2014-07-20 16:48 - 2014-07-20 16:48 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\BitOptimizer
2014-07-20 16:22 - 2014-07-20 16:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 16:22 - 2014-07-20 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 16:21 - 2014-07-20 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 16:21 - 2014-07-20 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 16:15 - 2014-07-20 16:15 - 00013179 _____ () C:\Users\Suzie\Downloads\hijackthis.log
2014-07-20 16:14 - 2014-07-20 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Suzie\Downloads\HijackThis.exe
2014-07-20 15:56 - 2014-07-20 15:47 - 551293744 _____ () C:\Users\Suzie\Downloads\Windows6.1-KB947821-v33-x64 (1).msu
2014-07-20 15:35 - 2013-04-30 16:38 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-07-20 08:53 - 2014-07-20 08:53 - 00000000 ___DC () C:\f9390e4f15566e16a6ac
2014-07-20 08:52 - 2014-07-20 08:51 - 29611712 _____ (Microsoft Corporation) C:\Users\Suzie\Downloads\Windows-KB890830-x64-V5.14 (1).exe
2014-07-20 08:23 - 2013-05-08 06:46 - 00000000 ____D () C:\Users\Suzie\AppData\Local\CrashDumps
2014-07-20 01:30 - 2010-11-21 13:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2014-07-20 01:30 - 2010-11-21 13:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-07-20 01:30 - 2009-07-14 10:10 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll
2014-07-20 01:30 - 2009-07-14 09:11 - 00052816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSHED.DLL
2014-07-20 01:29 - 2009-07-14 10:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2014-07-20 01:29 - 2009-07-14 10:10 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\icmp.dll
2014-07-20 01:29 - 2009-07-14 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\mpnotify.exe
2014-07-20 01:29 - 2009-07-14 09:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psbase.dll
2014-07-20 01:29 - 2009-07-14 09:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\expand.exe
2014-07-20 01:29 - 2009-07-14 09:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2014-07-20 01:29 - 2009-07-14 06:18 - 00066594 _____ () C:\Windows\system32\C_862.NLS
2014-07-19 23:49 - 2014-07-19 23:49 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-07-19 21:52 - 2014-07-19 21:31 - 551293744 _____ () C:\Users\Suzie\Downloads\Windows6.1-KB947821-v33-x64.msu
2014-07-19 20:59 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Suzie\Desktop\The Great Gatsby Soundtrack
2014-07-10 22:00 - 2014-07-10 19:28 - 00079520 _____ () C:\Users\Suzie\Documents\SUZIEF.TAX
2014-07-10 21:58 - 2014-07-10 21:58 - 00842220 _____ () C:\Users\Suzie\Desktop\suzie tax 2013-14.fp3
2014-07-10 21:57 - 2014-07-10 19:28 - 00078368 _____ () C:\Users\Suzie\Documents\SUZIEF.BAK
2014-07-10 19:19 - 2014-07-10 19:09 - 00010864 _____ () C:\Users\Suzie\Documents\SUSANF.TAX
2014-07-10 19:14 - 2014-07-10 19:09 - 00010224 _____ () C:\Users\Suzie\Documents\SUSANF.BAK
2014-07-10 04:17 - 2013-04-30 16:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 04:17 - 2013-04-30 16:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 04:17 - 2013-04-30 16:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 00:09 - 2014-04-25 21:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 00:09 - 2012-02-24 12:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 00:09 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 00:09 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 23:42 - 2014-07-09 23:42 - 29611712 _____ (Microsoft Corporation) C:\Users\Suzie\Downloads\Windows-KB890830-x64-V5.14.exe
2014-07-09 23:38 - 2014-07-09 23:38 - 00002430 _____ () C:\Users\Suzie\Documents\cc_20140709_233758.reg
2014-07-09 23:38 - 2014-07-09 23:38 - 00000164 _____ () C:\Users\Suzie\Documents\cc_20140709_233812.reg
2014-07-09 23:23 - 2009-07-14 12:34 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140720-181929.backup
2014-07-08 13:10 - 2014-07-08 10:03 - 00012416 _____ () C:\Users\Suzie\Documents\SF2014.TAX
2014-07-08 13:10 - 2014-07-08 10:03 - 00012416 _____ () C:\Users\Suzie\Documents\SF2014.BAK
2014-07-08 12:43 - 2014-07-08 12:43 - 00001307 _____ () C:\Users\Suzie\Downloads\RecentTripData.csv
2014-07-08 10:01 - 2014-07-08 10:01 - 00000000 ____D () C:\Users\Suzie\AppData\Local\etax2014
2014-07-08 09:59 - 2014-07-08 09:59 - 00001923 _____ () C:\Users\Suzie\Desktop\e-tax 2014.lnk
2014-07-08 09:59 - 2014-07-08 09:59 - 00000000 ____D () C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-07-08 09:59 - 2014-07-08 09:58 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-07-08 09:57 - 2014-07-08 09:56 - 30777344 _____ () C:\Users\Suzie\Downloads\etax2014_1.msi
2014-07-08 09:57 - 2014-07-08 09:56 - 24409000 _____ () C:\Users\Suzie\Downloads\etax2014_1.dmg

Some content of TEMP:
====================
C:\Users\Suzie\AppData\Local\Temp\GLF284.EXE
C:\Users\Suzie\AppData\Local\Temp\GLF373B.EXE
C:\Users\Suzie\AppData\Local\Temp\GLF3A86.EXE
C:\Users\Suzie\AppData\Local\Temp\GLF74C6.EXE
C:\Users\Suzie\AppData\Local\Temp\GLF802D.EXE
C:\Users\Suzie\AppData\Local\Temp\GLF938.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-30 21:08

==================== End Of Log ============================


----------



## AndrewRLP (Aug 3, 2014)

Addition Logfile:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Suzie at 2014-08-04 16:38:05
Running from C:\Users\Suzie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{59CFDD96-728A-A88C-36E5-1163342C814F}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Ares 2.2.4 (HKLM-x32\...\Ares) (Version: 2.2.4-Build#3048 - Ares Development Group)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.120 - Atheros)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.2.2.09110 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (ARA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (CHS) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (CHT) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyVirtualHome (HKLM-x32\...\{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}) (Version: 2.0.0.3417 - MyVirtualHome)
MyVirtualHome (x32 Version: 2.0.0.3417 - MyVirtualHome) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM-x32\...\InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}) (Version: 2.2.00.18250 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ with BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.1.03270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Tập đoàn Microsoft) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Tập đoàn Microsoft) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

24-07-2014 20:18:03 Windows Update
24-07-2014 20:38:38 Installed VAIO Gate
25-07-2014 09:10:01 Installed Microsoft Fix it 50043
25-07-2014 12:32:41 Windows Update
30-07-2014 09:45:52 Windows Update
01-08-2014 12:58:02 Windows Update
01-08-2014 15:06:51 Installed Sophos Virus Removal Tool.
03-08-2014 10:40:44 Windows Update
03-08-2014 12:15:07 Windows Update
03-08-2014 14:05:58 Installed VAIO Care Recovery.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-08-03 20:46 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E0AA2C-71EE-4440-9069-5D93BB9D396B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {14E167FD-C3D2-48F9-A507-6B53BD9FA3A2} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {153092AF-38A1-4B8B-A79D-5F4EDCC881D7} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-28] (Sony Corporation)
Task: {2A6E60A4-85B0-41AF-B475-07CC9BF69790} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {3272DBB5-D0DA-48D3-8F88-E91782222A61} - System32\Tasks\RegInOut on user logon - Suzie => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: {362E57CD-D808-4A52-9E92-C24B790D2E1B} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {3FACAF79-E8A4-42E6-A6F6-4C05B71E6DED} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {4B1A4661-FBC6-44F3-BDC5-B417E43E2174} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-03-26] (Sony Corporation)
Task: {5910A788-8A4A-4EA1-B2EB-86C4434E30F4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {5D6E7A2E-948E-40BE-A126-846D55EB496D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {5EC8F2C0-2B08-4619-964C-F147830E73E1} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {6979F632-A10B-47A2-A372-B7FE207B51FC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {6A5CF3F5-C5BB-41D7-B0CA-E679A0F809E3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {835FF41A-55C9-4C40-BDB5-2CF953382F9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {83AB993D-6924-472C-96E6-DBC709570BDE} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {860CE94C-3257-465A-8D47-107E8D23D542} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-08] (Sony Corporation)
Task: {87843B02-7DA3-4799-9DD8-249070CA5A31} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {87A97612-4154-4024-9B4F-9867DC534ADD} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9032E7D3-58BC-4A2A-AB00-A7B02CCDEE3C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {98BBED5D-CC84-4656-AC42-F50AA905762E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Suzie-VAIO-Suzie Suzie-VAIO => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: {9AA95FC4-59B6-45C4-8A9D-2DAA3F602E3D} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {A04EEC76-CA6A-4DAE-B5CA-952A5B1B1231} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-14] ()
Task: {B40DBF1D-42DD-424C-95AC-D63EB0EDF1A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {B535E9B3-0652-4880-A470-BA333B54DE73} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {BD3D84E3-7CFC-45BC-BD15-BD09DA1BBA29} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {BDDA8C3D-3535-4A0A-A39A-F5FCFC618BAE} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {C7B46E74-A206-4A6C-B211-F8BC243042DC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-28] (Sony Corporation)
Task: {CBB7EFB4-E934-42AF-87BE-61C1DEDAD0D2} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D4B9D031-1801-4FE2-B2B0-9C28635D349F} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D810C83D-6F74-4780-98B0-FC43EC6B8AE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {DD3C0EDF-4DD7-4589-9425-A45CBDBEF7D8} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {F34A823E-3562-46C7-A6AF-07E032EF5CAD} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut on user logon - Suzie.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe

==================== Loaded Modules (whitelisted) =============

2014-03-23 18:53 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-19 19:06 - 2014-06-19 19:06 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-01-14 06:44 - 2012-01-14 06:44 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-18 15:34 - 2012-01-18 15:34 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-19 19:06 - 2014-06-19 19:06 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-07-19 17:24 - 2014-07-15 19:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 17:24 - 2014-07-15 19:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 17:24 - 2014-07-15 19:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 17:24 - 2014-07-15 19:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 17:24 - 2014-07-15 19:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-04 08:18 - 2014-08-04 08:18 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-04-30 16:16 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: DCDhcpService => 3
MSCONFIG\Services: ESRV_SVC => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: USER_ESRV_SVC => 3
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VAIO Power Management => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VSNService => 2
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: ZAtheros Bt&Wlan Coex Agent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sony MSS.lnk => C:\Windows\pss\Sony MSS.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Suzie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2014 04:36:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 04:36:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 04:34:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 04:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VAIO Gate.exe, version: 2.4.2.2200, time stamp: 0x4f425c29
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0x40000015
Fault offset: 0x0000000000042686
Faulting process id: 0xb8c
Faulting application start time: 0xVAIO Gate.exe0
Faulting application path: VAIO Gate.exe1
Faulting module path: VAIO Gate.exe2
Report Id: VAIO Gate.exe3

Error: (08/04/2014 04:33:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

System errors:
=============
Error: (08/04/2014 04:33:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (08/04/2014 04:33:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 11:55:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (08/04/2014 11:55:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 10:39:05 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 10:38:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 10:38:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 10:38:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (08/04/2014 10:37:59 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Error: (08/04/2014 10:36:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%13.

Microsoft Office Sessions:
=========================
Error: (08/04/2014 04:36:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 04:36:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 04:34:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2014 04:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VAIO Gate.exe2.4.2.22004f425c29MSVCR90.dll9.0.30729.61614dace4e7400000150000000000042686b8c01cfafadfe19e481C:\Program Files\Sony\VAIO Gate\VAIO Gate.exeC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll47702876-1ba1-11e4-beff-08edb9c4908c

Error: (08/04/2014 04:33:21 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

Error: (08/04/2014 03:41:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4066.36 MB
Available physical RAM: 2473.24 MB
Total Pagefile: 8130.9 MB
Available Pagefile: 6233.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:580.27 GB) (Free:470.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 5A46CF73)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=580 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

The FRST logs are not showing any bad infections but do reveal you had another Registry Optimizer/Cleaner program: RegInOut System Utilities. As already pointed out to you in the other thread these kind of programs are bad news for PC's, don't believe all the hype, they should never be used on a PC not matter what performance issues it has, they won't fix the problem and can do more harm than good.

The logs above do show there is a problem in the registry related to user profiles which may well have been caused by this kind of software.

We will now run Combofix and see what it comes up with. If you have not done so already it would be a wise precaution to back up all your personal data to an external hard drive, flash drive or CD/DVD's.

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## AndrewRLP (Aug 3, 2014)

Here is the Combo Fix Log

ComboFix 14-08-05.01 - Suzie 06/08/2014 20:09:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4066.2630 [GMT 10:00]
Running from: c:\users\Suzie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-07-06 to 2014-08-06 )))))))))))))))))))))))))))))))
.
.
2014-08-06 10:15 . 2014-08-06 10:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-05 11:25 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E239701-248F-44E9-ACAB-56669FE29F04}\mpengine.dll
2014-08-05 10:09 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-04 06:36 . 2014-08-04 06:38	--------	dc----w-	C:\FRST
2014-08-03 22:17 . 2014-08-03 22:17	--------	d-----w-	c:\users\Suzie\AppData\Roaming\InstallShield
2014-08-03 13:35 . 2014-08-03 13:36	--------	d-----w-	c:\program files (x86)\NirSoft
2014-08-03 12:29 . 2014-08-03 22:30	29160	----a-w-	c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-03 12:29 . 2014-08-03 12:29	--------	d-----w-	c:\programdata\RogueKiller
2014-08-03 10:54 . 2013-04-17 10:20	26432	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2014-08-03 10:49 . 2014-08-03 10:49	--------	d-----w-	c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-08-03 10:49 . 2014-08-03 10:49	--------	d-----w-	c:\users\Suzie\AppData\Roaming\Apple Computer
2014-08-03 10:49 . 2014-08-03 10:54	--------	d-----w-	c:\users\Suzie\AppData\Roaming\IObit
2014-08-03 10:49 . 2014-08-03 10:49	--------	d-----w-	c:\programdata\IObit
2014-08-03 10:49 . 2014-08-03 10:49	--------	d-----w-	c:\program files (x86)\IObit
2014-08-03 10:43 . 2014-08-03 11:06	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-08-03 10:42 . 2014-05-03 06:54	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6489CC5-F90B-436D-B94C-F3BDCC3D4BF1}\gapaengine.dll
2014-08-03 10:37 . 2014-08-03 10:37	--------	d-----w-	c:\users\Suzie\AppData\Roaming\BlueSprig
2014-08-03 10:37 . 2014-08-03 10:37	--------	d-----w-	c:\program files (x86)\BlueSprig
2014-08-01 15:07 . 2014-08-01 15:07	--------	d-----w-	c:\programdata\Sophos
2014-08-01 15:07 . 2014-08-01 15:07	73728	----a-r-	c:\users\Suzie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-08-01 15:07 . 2014-08-01 15:07	73728	----a-r-	c:\users\Suzie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-08-01 15:07 . 2014-08-01 15:07	73728	----a-r-	c:\users\Suzie\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-08-01 15:07 . 2014-08-01 15:07	--------	d-----w-	c:\program files (x86)\Sophos
2014-07-25 09:38 . 2010-08-29 22:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-07-25 09:32 . 2014-07-25 09:32	--------	d-----w-	c:\program files (x86)\SecurityXploded
2014-07-25 09:14 . 2014-07-25 09:14	--------	d-----w-	c:\programdata\RegInOut
2014-07-20 11:51 . 2014-07-22 12:44	--------	d-----w-	c:\windows\system32\%LocalAppData%
2014-07-20 09:31 . 2014-07-20 09:33	--------	d-----w-	c:\programdata\Max Secure
2014-07-20 09:16 . 2014-07-20 09:17	--------	d-----w-	c:\users\Suzie\AppData\Roaming\GetRightToGo
2014-07-20 06:48 . 2014-07-20 06:48	--------	d-----w-	c:\users\Suzie\AppData\Roaming\BitOptimizer
2014-07-20 06:48 . 2014-07-20 07:04	--------	d-----w-	c:\programdata\BitOptimizer
2014-07-20 06:22 . 2014-08-03 22:38	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 06:21 . 2014-07-20 06:21	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-20 06:21 . 2014-07-20 06:21	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-20 06:21 . 2014-05-11 21:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-20 06:21 . 2014-05-11 21:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 06:21 . 2014-05-11 21:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-20 06:21 . 2014-07-20 06:21	--------	d-----w-	c:\users\Suzie\AppData\Local\Programs
2014-07-19 22:53 . 2014-07-19 22:53	--------	dc----w-	C:\f9390e4f15566e16a6ac
2014-07-09 00:35 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 00:33 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-09 00:33 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-09 00:33 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-08 00:01 . 2014-07-08 00:01	--------	d-----w-	c:\users\Suzie\AppData\Local\etax2014
2014-07-07 23:58 . 2014-07-07 23:59	--------	d-----w-	c:\program files (x86)\etax2014
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-19 15:30 . 2009-07-13 23:11	52816	----a-w-	c:\windows\SysWow64\PSHED.DLL
2014-07-19 15:30 . 2010-11-21 03:25	238080	----a-w-	c:\windows\system32\recdisc.exe
2014-07-19 15:30 . 2010-11-21 03:24	37376	----a-w-	c:\windows\SysWow64\rtutils.dll
2014-07-19 15:30 . 2009-07-14 00:10	216576	----a-w-	c:\windows\system32\mdminst.dll
2014-07-19 15:29 . 2009-07-13 23:11	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2014-07-19 15:29 . 2009-07-13 23:52	17408	----a-w-	c:\windows\system32\mpnotify.exe
2014-07-19 15:29 . 2009-07-14 00:40	67072	----a-w-	c:\windows\system32\findnetprinters.dll
2014-07-19 15:29 . 2009-07-13 23:32	50688	----a-w-	c:\windows\SysWow64\psbase.dll
2014-07-19 15:29 . 2009-07-14 00:10	3072	----a-w-	c:\windows\system32\icmp.dll
2014-07-19 15:29 . 2009-07-13 23:21	65536	----a-w-	c:\windows\system32\expand.exe
2014-07-09 18:17 . 2013-04-30 06:35	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 18:17 . 2013-04-30 06:35	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 07:40 . 2013-04-29 22:16	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-19 21:50 . 2014-06-19 21:50	6010880	----a-w-	c:\program files (x86)\GUT23C5.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-19 09:06	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-19 09:06	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-19 09:06	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-24 290688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-18 343168]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R4 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R4 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R4 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R4 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R4 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys;c:\windows\SYSNATIVE\drivers\btath_vdp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 07:23	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 18:17]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 09:26]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-19 09:06	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-19 09:06	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-19 09:06	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-27 1158248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-06 20:22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-06 10:22
.
Pre-Run: 507,926,167,552 bytes free
Post-Run: 507,457,388,544 bytes free
.
- - End Of File - - 8EFCF163D4814118DFCD8AA1EAE63723


----------



## Mark1956 (May 7, 2011)

Check to see if the Firewall will now stay on, if not please follow these instructions.

Click on Start,
Type *cmd* into the Search box, a list will pop up with *cmd* at the top.
Right click on it and select *Run as Administrator*.
A Command Prompt will open in a new window, Copy & Paste the following command at the prompt and hit the Enter key.

*dir /a %userprofile%\AppData\Local\Microsoft\Windows > 0 & notepad 0*

A Notepad document will open, Copy & Paste all of its contents into your next reply.

Then Copy & Paste this command in the box below at the command prompt and Copy the Notepad document into your reply, it may be quite a long log, make sure you copy all of it.

NOTE: I had to put this command in a code box as the sites software was creating a space in the command which would have caused an error. Make sure you copy the entire line.

```
[B]reg query "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /s > 0 & notepad 0[/B]
```


----------



## AndrewRLP (Aug 3, 2014)

Volume in drive C has no label.
Volume Serial Number is 80FC-F81D

Directory of C:\Users\Suzie\AppData\Local\Microsoft\Windows

25/04/2014 09:00 PM .
25/04/2014 09:00 PM ..
30/04/2013 08:16 PM 1024
30/04/2013 06:56 AM 1033
30/05/2014 11:27 PM AppCache
30/04/2013 06:02 AM Burn
23/06/2014 09:08 PM Caches
03/08/2014 11:17 PM Explorer
14/07/2009 12:34 PM GameExplorer
30/04/2013 06:01 AM History
30/04/2013 06:02 AM Ringtones
21/07/2014 09:55 PM Temporary Internet Files
10/10/2013 09:28 PM Themes
24/06/2014 06:37 PM 2,359,296 UsrClass.dat
24/06/2014 06:37 PM 262,144 UsrClass.dat.LOG1
30/04/2013 06:01 AM 0 UsrClass.dat.LOG2
24/09/2013 07:52 AM 65,536 UsrClass.dat{16f407ff-2497-11e3-94b6-5453ed2672ec}.TM.blf
24/09/2013 07:52 AM 524,288 UsrClass.dat{16f407ff-2497-11e3-94b6-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
24/09/2013 07:52 AM 524,288 UsrClass.dat{16f407ff-2497-11e3-94b6-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
11/02/2014 06:40 AM 0 UsrClass.dat{3006278f-928d-11e3-a719-08edb9c4908c}.TM.blf
11/02/2014 06:40 AM 524,288 UsrClass.dat{3006278f-928d-11e3-a719-08edb9c4908c}.TMContainer00000000000000000001.regtrans-ms
11/02/2014 06:40 AM 524,288 UsrClass.dat{3006278f-928d-11e3-a719-08edb9c4908c}.TMContainer00000000000000000002.regtrans-ms
01/12/2013 08:59 PM 65,536 UsrClass.dat{34d18092-5a77-11e3-9e4a-5453ed2672ec}.TM.blf
01/12/2013 08:59 PM 524,288 UsrClass.dat{34d18092-5a77-11e3-9e4a-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
01/12/2013 08:59 PM 524,288 UsrClass.dat{34d18092-5a77-11e3-9e4a-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
30/04/2013 06:48 AM 65,536 UsrClass.dat{53e5e95d-b107-11e2-8bb9-5453ed2672ec}.TM.blf
30/04/2013 06:48 AM 524,288 UsrClass.dat{53e5e95d-b107-11e2-8bb9-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
30/04/2013 06:48 AM 524,288 UsrClass.dat{53e5e95d-b107-11e2-8bb9-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
10/12/2013 05:59 PM 65,536 UsrClass.dat{67623467-616f-11e3-96c9-5453ed2672ec}.TM.blf
10/12/2013 05:59 PM 524,288 UsrClass.dat{67623467-616f-11e3-96c9-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
10/12/2013 05:59 PM 524,288 UsrClass.dat{67623467-616f-11e3-96c9-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
26/08/2013 10:53 PM 65,536 UsrClass.dat{79d4626f-0c91-11e3-9e16-5453ed2672ec}.TM.blf
26/08/2013 10:53 PM 524,288 UsrClass.dat{79d4626f-0c91-11e3-9e16-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
26/08/2013 10:53 PM 524,288 UsrClass.dat{79d4626f-0c91-11e3-9e16-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
16/04/2014 10:20 PM 65,536 UsrClass.dat{8db23006-c4e7-11e3-961b-08edb9c4908c}.TM.blf
16/04/2014 10:20 PM 524,288 UsrClass.dat{8db23006-c4e7-11e3-961b-08edb9c4908c}.TMContainer00000000000000000001.regtrans-ms
16/04/2014 10:20 PM 524,288 UsrClass.dat{8db23006-c4e7-11e3-961b-08edb9c4908c}.TMContainer00000000000000000002.regtrans-ms
09/02/2014 10:14 AM 65,536 UsrClass.dat{928ae6b3-911a-11e3-9b42-08edb9c4908c}.TM.blf
09/02/2014 10:14 AM 524,288 UsrClass.dat{928ae6b3-911a-11e3-9b42-08edb9c4908c}.TMContainer00000000000000000001.regtrans-ms
09/02/2014 10:14 AM 524,288 UsrClass.dat{928ae6b3-911a-11e3-9b42-08edb9c4908c}.TMContainer00000000000000000002.regtrans-ms
26/05/2013 10:45 PM 65,536 UsrClass.dat{df15aa6d-c5f3-11e2-aeb9-5453ed2672ec}.TM.blf
26/05/2013 10:45 PM 524,288 UsrClass.dat{df15aa6d-c5f3-11e2-aeb9-5453ed2672ec}.TMContainer00000000000000000001.regtrans-ms
26/05/2013 10:45 PM 524,288 UsrClass.dat{df15aa6d-c5f3-11e2-aeb9-5453ed2672ec}.TMContainer00000000000000000002.regtrans-ms
11/02/2014 09:52 PM 65,536 UsrClass.dat{f7a32f8f-9306-11e3-8574-08edb9c4908c}.TM.blf
11/02/2014 09:52 PM 524,288 UsrClass.dat{f7a32f8f-9306-11e3-8574-08edb9c4908c}.TMContainer00000000000000000001.regtrans-ms
11/02/2014 09:52 PM 524,288 UsrClass.dat{f7a32f8f-9306-11e3-8574-08edb9c4908c}.TMContainer00000000000000000002.regtrans-ms
06/08/2014 09:04 PM WebCache
31/05/2014 01:04 AM WebCache.old
25/04/2014 05:53 PM 0 WebCacheLock.dat
31/05/2013 07:07 AM WER
30/04/2013 08:16 PM Windows Anytime Upgrade
03/08/2014 10:15 PM 132,756 WindowsUpdate.log
35 File(s) 13,829,780 bytes
17 Dir(s) 507,500,306,432 bytes free


----------



## AndrewRLP (Aug 3, 2014)

Part 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
IPSecExempt REG_DWORD 0x9
DisableStatefulFTP REG_DWORD 0x0
DisableStatefulPPTP REG_DWORD 0x0
PolicyVersion REG_DWORD 0x20a

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging
LogDroppedPackets REG_DWORD 0x0
LogFilePath REG_SZ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogFileSize REG_DWORD 0x1000
LogSuccessfulConnections REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
SSTP-IN-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|
Netlogon-NamedPipe-In REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|
SNMPTRAP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|
SNMPTRAP-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|
WMP-In-UDP-x86 REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31023|[email protected],-31006|[email protected],-31002|
WMP-Out-UDP-x86 REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31024|[email protected],-31010|[email protected],-31002|
WMP-Out-TCP-x86 REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31025|[email protected],-31014|[email protected],-31002|
WMP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|
WMP-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|
WMP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|
WMPNSS-QWave-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
WMPNSS-QWave-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
WMPNSS-QWave-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
WMPNSS-QWave-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
WMPNSS-HTTPSTR-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
WMPNSS-HTTPSTR-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
WMPNSS-WMP-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
WMPNSS-WMP-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
WMPNSS-WMP-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
WMPNSS-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
WMPNSS-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
WMPNSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
WMPNSS-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
WMPNSS-QWave-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
WMPNSS-QWave-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected]ewallAPI.dll,-31260|[email protected],-31252|
WMPNSS-QWave-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
WMPNSS-QWave-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
WMPNSS-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|
WMPNSS-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|
WMPNSS-UPnPHost-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|
WMPNSS-UPnPHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|
WMPNSS-HTTPSTR-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
WMPNSS-HTTPSTR-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
WMPNSS-WMP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
WMPNSS-WMP-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
WMPNSS-WMP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
WMPNSS-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
WMPNSS-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
WMPNSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
WMPNSS-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
WMPNSS-UPnP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|
WMPNSS-RME-HTTP-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|
Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|[email protected]%systemroot%\system32\provsvc.dll,-200|[email protected]%systemroot%\system32\provsvc.dll,-201|[email protected]%systemroot%\system32\provsvc.dll,-202|
Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|[email protected]%systemroot%\system32\provsvc.dll,-203|[email protected]%systemroot%\system32\provsvc.dll,-204|[email protected]%systemroot%\system32\provsvc.dll,-202|
Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected]%systemroot%\system32\provsvc.dll,-205|[email protected]%systemroot%\system32\provsvc.dll,-206|[email protected]%systemroot%\system32\provsvc.dll,-202|
Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected]%systemroot%\system32\provsvc.dll,-207|[email protected]%systemroot%\system32\provsvc.dll,-208|[email protected]%systemroot%\system32\provsvc.dll,-202|
PNRPMNRS-PNRP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|
PNRPMNRS-PNRP-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|
PNRPMNRS-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|
PNRPMNRS-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|
RVM-VDS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|
RVM-VDSLDR-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|
RVM-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|EmbedCtx[email protected],-34501|
RVM-VDS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|
RVM-VDSLDR-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|
RVM-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|
Collab-P2PHost-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|
Collab-P2PHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|
Collab-P2PHost-WSD-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|
Collab-P2PHost-WSD-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|
Collab-PNRP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|
Collab-PNRP-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|
Collab-PNRP-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|
Collab-PNRP-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|
FPS-NB_Session-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
FPS-NB_Session-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
FPS-SMB-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
FPS-SMB-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
FPS-NB_Name-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
FPS-NB_Name-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
FPS-NB_Datagram-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
FPS-NB_Datagram-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
FPS-SpoolSvc-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
FPS-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
FPS-ICMP4-ERQ-In-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
FPS-ICMP4-ERQ-Out-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|
FPS-ICMP6-ERQ-In-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
FPS-ICMP6-ERQ-Out-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|
FPS-NB_Session-In-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
FPS-NB_Session-Out-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
FPS-SMB-In-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
FPS-SMB-Out-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
FPS-NB_Name-In-UDP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
FPS-NB_Name-Out-UDP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
FPS-NB_Datagram-In-UDP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
FPS-NB_Datagram-Out-UDP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
FPS-SpoolSvc-In-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
FPS-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
FPS-ICMP4-ERQ-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
FPS-ICMP4-ERQ-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
FPS-ICMP6-ERQ-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
FPS-ICMP6-ERQ-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|
FPS-LLMNR-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
FPS-LLMNR-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
CoreNet-ICMP6-DU-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-PTB-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-PTB-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|
CoreNet-ICMP6-TE-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-TE-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|
CoreNet-ICMP6-PP-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-PP-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|
CoreNet-ICMP6-NDS-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-NDS-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|
CoreNet-ICMP6-NDA-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|
CoreNet-ICMP6-NDA-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|
CoreNet-ICMP6-RA-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|
CoreNet-ICMP6-RA-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|
CoreNet-ICMP6-RS-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|
CoreNet-ICMP6-RS-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|
CoreNet-ICMP6-LQ-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|
CoreNet-ICMP6-LQ-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|
CoreNet-ICMP6-LR-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|
CoreNet-ICMP6-LR-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|
CoreNet-ICMP6-LR2-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|
CoreNet-ICMP6-LR2-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|
CoreNet-ICMP6-LD-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|
CoreNet-ICMP6-LD-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|
CoreNet-ICMP4-DUFRAG-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|
CoreNet-IGMP-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|
CoreNet-IGMP-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected]PI.dll,-25377|[email protected],-25382|[email protected],-25000|
CoreNet-DHCP-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|
CoreNet-DHCP-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|
CoreNet-DHCPV6-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|
CoreNet-DHCPV6-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|
CoreNet-Teredo-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|
CoreNet-Teredo-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|
CoreNet-IPHTTPS-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|
CoreNet-IPHTTPS-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|
CoreNet-IPv6-In REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|
CoreNet-IPv6-Out REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|
CoreNet-GP-NP-Out-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|
CoreNet-GP-Out-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|
CoreNet-DNS-Out-UDP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|
CoreNet-GP-LSASS-Out-TCP REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|
PerfLogsAlerts-PLASrv-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|
PerfLogsAlerts-DCOM-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|
PerfLogsAlerts-PLASrv-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|
PerfLogsAlerts-DCOM-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|
MsiScsi-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|
MsiScsi-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|
MsiScsi-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|
MsiScsi-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|
WMI-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
WMI-WINMGMT-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
WMI-WINMGMT-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
WMI-ASYNC-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
WMI-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
WMI-WINMGMT-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
WMI-WINMGMT-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
WMI-ASYNC-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
RRAS-GRE-In REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|
RRAS-GRE-Out REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|
RRAS-L2TP-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|
RRAS-L2TP-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|
RRAS-PPTP-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|
RRAS-PPTP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|
NETDIS-UPnPHost-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
NETDIS-UPnPHost-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
NETDIS-NB_Name-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
NETDIS-NB_Name-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
NETDIS-NB_Datagram-In-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected]PI.dll,-32752|
NETDIS-NB_Datagram-Out-UDP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
NETDIS-WSDEVNTS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
NETDIS-WSDEVNTS-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
NETDIS-WSDEVNT-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
NETDIS-WSDEVNT-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
NETDIS-SSDPSrv-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
NETDIS-SSDPSrv-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
NETDIS-UPnPHost-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
NETDIS-UPnPHost-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
NETDIS-UPnP-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
NETDIS-NB_Name-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
NETDIS-NB_Name-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
NETDIS-NB_Datagram-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
NETDIS-NB_Datagram-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
NETDIS-FDPHOST-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
NETDIS-FDPHOST-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
NETDIS-LLMNR-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
NETDIS-LLMNR-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
NETDIS-FDRESPUB-WSD-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
NETDIS-FDRESPUB-WSD-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
NETDIS-WSDEVNTS-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
NETDIS-WSDEVNTS-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
NETDIS-WSDEVNT-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
NETDIS-WSDEVNT-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
NETDIS-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
NETDIS-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
NETDIS-UPnP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
NETDIS-UPnPHost-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
NETDIS-UPnPHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
NETDIS-NB_Name-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected]wallAPI.dll,-32769|[email protected],-32772|[email protected],-32752|
NETDIS-NB_Name-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
NETDIS-NB_Datagram-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
NETDIS-NB_Datagram-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
NETDIS-FDPHOST-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
NETDIS-FDPHOST-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
NETDIS-LLMNR-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
NETDIS-LLMNR-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
NETDIS-FDRESPUB-WSD-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
NETDIS-FDRESPUB-WSD-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
NETDIS-WSDEVNTS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
NETDIS-WSDEVNTS-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
NETDIS-WSDEVNT-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
NETDIS-WSDEVNT-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|


----------



## AndrewRLP (Aug 3, 2014)

Part 2
NETDIS-SSDPSrv-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
NETDIS-SSDPSrv-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
NETDIS-UPnPHost-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
NETDIS-UPnPHost-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
NETDIS-UPnP-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
NETDIS-NB_Name-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
NETDIS-NB_Name-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
NETDIS-NB_Datagram-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
NETDIS-NB_Datagram-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
NETDIS-FDPHOST-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
NETDIS-FDPHOST-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
NETDIS-LLMNR-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
NETDIS-LLMNR-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
NETDIS-FDRESPUB-WSD-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
NETDIS-FDRESPUB-WSD-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
NETDIS-WSDEVNTS-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
NETDIS-WSDEVNTS-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
NETDIS-WSDEVNT-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
NETDIS-WSDEVNT-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
NETDIS-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
NETDIS-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
NETDIS-UPnP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
NETDIS-UPnPHost-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
NETDIS-UPnPHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
NETDIS-NB_Name-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
NETDIS-NB_Name-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
NETDIS-NB_Datagram-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
NETDIS-NB_Datagram-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
NETDIS-FDPHOST-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
NETDIS-FDPHOST-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
NETDIS-LLMNR-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
NETDIS-LLMNR-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
NETDIS-FDRESPUB-WSD-In-UDP  REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
NETDIS-FDRESPUB-WSD-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
NETDIS-WSDEVNTS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
NETDIS-WSDEVNTS-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
NETDIS-WSDEVNT-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
NETDIS-WSDEVNT-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
RemoteSvcAdmin-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|
RemoteSvcAdmin-NP-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|
RemoteSvcAdmin-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|
RemoteSvcAdmin-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|
RemoteSvcAdmin-NP-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|
RemoteSvcAdmin-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|
RemoteTask-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|
RemoteTask-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|
RemoteTask-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|De[email protected],-33256|[email protected],-33252|
RemoteTask-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|
MSDTC-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|
MSDTC-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|
MSDTC-KTMRM-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|
MSDTC-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|
MSDTC-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|
MSDTC-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|
MSDTC-KTMRM-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|
MSDTC-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|
RemoteEventLogSvc-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
RemoteEventLogSvc-NP-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
RemoteEventLogSvc-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
RemoteEventLogSvc-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
RemoteEventLogSvc-NP-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
RemoteEventLogSvc-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
WINRM-HTTP-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|
WINRM-HTTP-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|
WINRM-HTTP-Compat-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
WINRM-HTTP-Compat-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
RemoteFwAdmin-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|
RemoteFwAdmin-RPCSS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|
RemoteFwAdmin-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|
RemoteFwAdmin-RPCSS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|
RemoteAssistance-In-TCP-EdgeScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
RemoteAssistance-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
RemoteAssistance-PnrpSvc-UDP-In-EdgeScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
RemoteAssistance-PnrpSvc-UDP-OUT REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
RemoteAssistance-RAServer-In-TCP-NoScope-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|
RemoteAssistance-RAServer-Out-TCP-NoScope-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|
RemoteAssistance-DCOM-In-TCP-NoScope-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|
RemoteAssistance-In-TCP-EdgeScope-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
RemoteAssistance-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
RemoteAssistance-SSDPSrv-In-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|
RemoteAssistance-SSDPSrv-Out-UDP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|
RemoteAssistance-SSDPSrv-In-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|
RemoteAssistance-SSDPSrv-Out-TCP-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33031|[email protected],-33034|[email protected],-33002|
RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
RemoteAssistance-PnrpSvc-UDP-OUT-Active REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
NetPres-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|
NetPres-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|
NetPres-WSDEVNT-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|
NetPres-WSDEVNT-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|
NetPres-WSDEVNTS-In-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|
NetPres-WSDEVNTS-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|
NetPres-WSD-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|
NetPres-WSD-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|
NetPres-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|
NetPres-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|
NetPres-WSDEVNT-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|
NetPres-WSDEVNT-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|
NetPres-WSDEVNTS-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|
NetPres-WSDEVNTS-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|
MCX-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|
MCX-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|
MCX-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|
MCX-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|
MCX-QWave-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|
MCX-QWave-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|
MCX-QWave-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected].dll,-30780|[email protected],-30752|
MCX-QWave-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|
MCX-HTTPSTR-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|
MCX-TERMSRV-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|
MCX-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|
MCX-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|
MCX-MCX2SVC-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|
MCX-Prov-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|
MCX-PlayTo-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|
MCX-PlayTo-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|
MCX-McrMgr-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|
MCX-PlayTo-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|
MCX-FDPHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|
WPDMTP-Out-TCP-NoScope REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|
WPDMTP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|
WPDMTP-SSDPSrv-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|
WPDMTP-SSDPSrv-Out-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|
WPDMTP-UPnPHost-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|
WPDMTP-UPnPHost-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|
WPDMTP-UPnP-Out-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|
Microsoft-Windows-PeerDist-HttpTrans-In REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|
Microsoft-Windows-PeerDist-HttpTrans-Out REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|
Microsoft-Windows-PeerDist-WSD-In REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|
Microsoft-Windows-PeerDist-WSD-Out REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|
Microsoft-Windows-PeerDist-HostedServer-In REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|
Microsoft-Windows-PeerDist-HostedServer-Out REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|
Microsoft-Windows-PeerDist-HostedClient-Out REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|


----------



## AndrewRLP (Aug 3, 2014)

part 3

{A5589677-56C4-46C1-A86B-1F0B5425786F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|
{D3648D1D-2BA3-4973-9B7E-EDC907B6E342} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|
{61FB8AD2-C831-45AB-9DFB-D685C3A8300D} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|
{E926E57D-011D-4F63-BCC5-FFCFDC28D091} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31025|[email protected],-31014|[email protected],-31002|
{CE504808-152F-4073-8BB9-0F8E7C4D30C6} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31024|[email protected],-31010|[email protected],-31002|
{AB3FBA72-52C3-4476-9A38-230DBE05659B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31023|[email protected],-31006|[email protected],-31002|
{1473D86F-6F04-46A3-9153-CD04272511DC} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|
{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
{02A4D600-582A-4C14-ADFE-C125CF0CB18F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
{8642AF85-31DC-4BB3-8E9D-1E478C224084} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
{65901CFC-D156-4C8F-90EA-C26D256CA195} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
{62F27534-2769-4D2F-B42F-E96E62F64F44} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
{BE10AB93-C4A6-464B-BE93-069E778BFF99} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
{08E024BB-596A-4DFF-A430-159062EB67CE} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|
{AF8150A9-8B4A-4262-900E-D368942052B3} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|
{25B9D31D-64EC-44F5-900B-17177C3E5D3C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|
{C428A183-FD79-40B5-990D-895328F43AC8} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|
{2FA65B31-3A9D-4C20-AFC6-469495F0EF44} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
{CF0676E6-E2EC-438A-9741-7029DEBD00CE} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
{86444BB3-291D-4D31-A046-BB4AA3243C28} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
{6EFD3216-D4DB-448C-81DA-E8838C66FFD2} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
{E8715BB0-E132-4617-B344-62E03BFE2C1C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|Desc=[email protected],-28547|[email protected],-28502|
{003C7A18-60D9-4C89-94D8-DE42C1AA1D76} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
{56E808A1-BFD0-4B79-B567-B9FA848D697F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
{4084E937-EAAA-47EE-9520-7BE7CE434C09} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
{7C7BD74E-D59D-40F9-8481-A74C4729E9DD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
{F534D21D-02A4-4E48-A237-A3745ED5E6D3} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
{C232D951-55E7-4D04-9346-F88A07FC0B22} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
{0294BB2F-6178-459D-8C46-8D1C40D6AD6B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
{295EF879-34FC-4A05-A484-51AA1443280E} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
{6364B77A-8796-4078-B3CC-5963A3E70B4F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
RemoteDesktop-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|
RemoteDesktop-UserMode-In-TCP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|
{4EEEC600-40F5-4E6E-A48A-9A9B1C54075D} REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|[email protected]:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|[email protected]:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|[email protected]:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
{3B3F9E1B-B502-4D82-B55E-B31107C40110} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|App=C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe|Name=DC_HTTP_RULE_VAIO_Smart_Network|
{69B89EA6-8881-452A-86E5-90B01CC8644F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE|
{31745DC4-783C-4CAD-AAD0-D9DC42DF8E42} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|
{28A380D5-2FC4-4A5A-8174-D5539A184B07} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|
{BE3CB884-DC1D-40F1-88F3-E88F48D7ABBF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe|Name=Windows Live Messenger|Edge=TRUE|
{1CF9CE61-78AA-4EDA-9D63-EA44A35EEC9B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Mesh\MOE.exe|Name=Windows Live Mesh|Edge=TRUE|
{88CD22F5-A689-44C2-87AB-3A9342088F9F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31023|[email protected],-31006|[email protected],-31002|
{FFA241A4-C7BD-437D-B629-E03755BEF81F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31024|[email protected],-31010|[email protected],-31002|
{5392C5B6-CEEB-4D26-A7B4-D17C1E73106F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|[email protected],-31025|[email protected],-31014|[email protected],-31002|
{62432D2E-4646-475E-A9E0-6C207C8F4DC7} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|
{BE8A435E-D599-4FCF-9E0C-6E340D139D82} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|
{83133D80-E7A2-46C7-81C6-C273BF3F6388} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|
{9531D171-8CC2-4D81-8FB1-D9A8CCD4406F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
{5C39BB09-F9CB-448F-8BBE-66C5ED5C7E4C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
{7FFBD282-C6B5-4470-B5C1-9B24C64BA29B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
{6EA264AC-593C-40A6-B8CB-D1B46988E295} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
{7006ECFF-AFBB-430B-8744-A0F946ED838F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|
{674301DD-31D3-4FAB-B98A-3C78A29F2C14} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|
{A41BDC61-1B8C-46D1-A691-A0C6E9153366} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|
{55C24319-BBA1-481E-A41C-3E38B78D80F3} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|
{5D39FA11-C874-41F4-8DFE-F392E81826BA} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
{BF260874-F859-41A2-966F-0B0159BD69F5} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
{3D7C8382-A735-4513-B584-E749B929403B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
{B8AB3289-4F39-496C-8CE9-2E31FEB4FDFD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
{FA3ACD2F-4EBB-4A22-BA74-104D3F239469} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
{43BEDBD5-74C9-40D8-94AF-7F8AD42965AF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
{F1AABE5C-5A61-4AD9-B3F4-BF274B1E7044} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
{79972499-E64D-482C-89DA-B5B6068A3EF1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
{53DDA6B1-94E0-4510-B16E-226591BB53ED} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
{87660F7B-04A4-48E2-B415-96A11423DC3D} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|
{8F245CBA-53CF-4368-AE57-685A7B1CEA47} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
{DADCB8CA-75BE-40BC-9344-44F8A2F5325A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
{BC04DBED-87C0-4658-90FD-8A97B6C33F11} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
{6A2EEAD7-1CEB-44F3-AF25-4287DAF5572A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
{8DBA36FD-272D-4F10-A1E9-2324C7C082C4} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
{4CF407F3-E6EC-4DDC-A36D-7721B4C5D102} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
{7777C00D-95E9-4A14-B74E-1379E8BD13A5} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
{8A8684F4-9803-4EAB-B831-88BC44B999EF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
{43D481C7-6CD5-4F34-9A6E-B39478217044} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
{725A67BD-D26B-481B-972A-6C686341AA40} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
{79E82378-875C-4FF4-BBAF-017160F29E26} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
{6E489F0E-F2B7-483F-996B-5F886959989A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
{58169172-8DCA-4FFE-B516-57024DE9242A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
{31891CA1-B92E-4693-9AA5-CBFC4D1C190E} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|
{EB0047CA-D07E-4A23-AD9D-0D2C76A57A62} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
{12D84393-3F2C-47B7-A8B7-605F9330B517} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
RemoteDesktop-UserMode-In-UDP REG_SZ v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-101|[email protected],-102|[email protected],-28852|
{16307F97-D585-42DC-89ED-4853632FADAB} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe|Name=Microsoft Lync|
{D8944BE9-A338-4505-9F60-CB450347B593} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe|Name=Microsoft Lync UcMapi|
{B14C6CE7-B26A-44A8-BB2F-42F91C68639C} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe|Name=Microsoft Lync|
{42068BC4-B61E-4243-A656-417D7F1BABDD} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe|Name=Microsoft Lync UcMapi|
{836B3F25-CE85-48B8-B997-3A8D973B4922} REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|LPort=3888|App=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|Name=VAIO Movie Story(UDP-In)|Desc=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|EmbedCtxt=VAIO Creation|
{32BE70EB-501B-4C69-860C-F2280291888B} REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|LPort=3888|App=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|Name=VAIO Movie Story(TCP-In)|Desc=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|EmbedCtxt=VAIO Creation|
{CF09C4A5-5E2B-4334-931B-1B8334CB04F0} REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|LPort=3880|App=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|Name=VAIO Movie Story(TCP-In)|Desc=C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe|EmbedCtxt=VAIO Creation|
TCP Query User{DBBBB90D-9C6E-4C89-ACF1-E0FAF3BA5B22}C:\program files (x86)\ares\ares.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|Defer=User|
UDP Query User{4F926070-C942-4E93-92E8-1EB67CFB30EC}C:\program files (x86)\ares\ares.exe REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|Defer=User|
TCP Query User{739A2758-47C8-4B94-8D81-877D2F9AF318}C:\program files (x86)\ares\ares.exe REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|
UDP Query User{FA372AFD-3432-4138-A138-9FBBFB8BA95A}C:\program files (x86)\ares\ares.exe REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|
{6A78EECA-3ED9-4679-8672-4481E10F6C83} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=53|LPort=67|IFType=Wireless|App=C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe|Name=DC_DHCP / DNS_RULE|Desc=Allow incoming network traffic to Atheros DHCP/DNS Service|EmbedCtxt=Atheros Firewall Rule Group|
{3916CB9D-C3B4-4C2C-9DF8-C3AC60401C51} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=6004|App=C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe|Name=Microsoft Office Outlook|
{7DBB7BB9-F33B-4C55-85C1-EBE6A3AC8C3D} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
{82CE7387-F9AF-4A10-9C47-C32AB131E4EF} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=9999|App=C:\Program Files\Sony\VAIO Care\VCAgent.exe|Name=VCAgent|EmbedCtxt=VAIO Care|
{153E92ED-47D7-4167-B4BE-44360BAEBF6A} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=9998|App=C:\Program Files\Sony\VAIO Care\VCAdmin.exe|Name=VCAdmin|EmbedCtxt=VAIO Care|
{A2D8668D-B56C-4B2D-8284-B5058C4BEA9B} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=9996|App=C:\Program Files\Sony\VAIO Care\VCSystemTray.exe|Name=VAIOShell|EmbedCtxt=VAIO Care|
{B38A8F93-62C6-4854-98E8-8447F7D480F1} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=9997|App=C:\Program Files\Sony\VAIO Care\VAIOShell.exe|Name=VCSystemTray|EmbedCtxt=VAIO Care|
{417FD48B-57EF-4643-97B7-6DC1FA6B37C2} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
{4BB048F9-EAD7-4543-AB69-8CA9ACE0D7A7} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
{82712DB4-766C-4DAF-A90F-07B46EF414C6} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging
LogDroppedPackets REG_DWORD 0x0
LogFilePath REG_SZ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogFileSize REG_DWORD 0x1000
LogSuccessfulConnections REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable
PolicyVersion REG_DWORD 0x20a

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System
AxInstSV-1 REG_SZ V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|
AxInstSV-2 REG_SZ V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|
58c6a170-46eb-4aef-9a3e-66cd8a4551c0 REG_SZ v2.10|Action=Block|Active=TRUE|Dir=In|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Inbound service restriction rule for wlcrasvc|Desc=Block all inbound traffic to service wlcrasvc|
fe31f8bd-273e-4e49-8fd5-811d6327cdb2 REG_SZ v2.10|Action=Block|Active=TRUE|Dir=Out|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Outbound service restriction rule for wlcrasvc|Desc=Block all outbound traffic from service wlcrasvc|
{BB3371A7-8524-42AC-834C-21B42468C0DA} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=33701|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|[email protected]%ProgramFiles%\Windows Live\Mesh\WLRemoteServiceResource.dll,-103|Edge=TRUE|
{8EBCA615-7C0A-47E9-A37F-D1567FA6C410} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Windows Live Devices (Remote) - Outbound|
{C2E7766E-2C21-4563-A2E3-EA588AD423F2} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\System32\svchost.exe|Svc=wlcrasvc|Name=Windows Live Devices (Remote) - Outbound|
{53244BCC-E8A7-47A8-99A1-093F1975BE4F} REG_SZ v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|App=c:\Program Files\Microsoft Security Client\MsMpEng.exe|Svc=MsMpSvc|Name=MsMpSvc Outbound for HTTPS|

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System
PerfHost-1 REG_SZ V2.0|Action=Block|Dir=In|app=%windir%\SysWow64\PerfHost.exe|Svc=PerfHost|Name=PerfHost_In_Block|Desc=Network rules for inbound traffic to PerfHost|
PerfHost-2 REG_SZ V2.0|Action=Block|Dir=Out|app=%windir%\SysWow64\PerfHost.exe|Svc=PerfHost|Name=PerfHost_Out_Block|Desc=Network rules for outbound traffic from PerfHost|
HidServ-1 REG_SZ V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|
HidServ-2 REG_SZ V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|
Eventlog-1 REG_SZ V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|
Eventlog-2 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|
Eventlog-3 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|
PolicyAgent-1 REG_SZ V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23300|[email protected],-23301|
PolicyAgent-2 REG_SZ V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23302|[email protected],-23303|
PolicyAgent-3 REG_SZ V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23312|[email protected],-23313|
PolicyAgent-4 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23304|
PolicyAgent-5 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23305|
DPS-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|
DPS-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|
WdiSystemHost-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|
WdiSystemHost-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|
Netman-1 REG_SZ V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|
Netman-2 REG_SZ V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|
BFE-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|
BFE-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|
DHCP-1 REG_SZ V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
DHCP-1-1 REG_SZ V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
DHCP-2 REG_SZ V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
DHCP-3 REG_SZ V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
DHCP-4 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
DHCP-5 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|[email protected]%SystemRoot%\system32\dhcpcore.dll,-102|
Trkwks-1 REG_SZ V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|
Trkwks-2 REG_SZ V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|
AVEndpointBuilder-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|
AVEndpointBuilder-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any outbound traffic from AudioEndpointBuilder|
Audiosrv-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=Audiosrv|Name=Block any inbound traffic to Audiosrv|
Audiosrv-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=Audiosrv|Name=Block any outbound traffic from Audiosrv|
LMHosts-1 REG_SZ V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|[email protected]%SystemRoot%\system32\lmhsvc.dll,-103|
LMHosts-2 REG_SZ V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|[email protected]%SystemRoot%\system32\lmhsvc.dll,-103|
LMHosts-3 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|[email protected]%SystemRoot%\system32\lmhsvc.dll,-103|
LMHosts-4 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|[email protected]%SystemRoot%\system32\lmhsvc.dll,-103|
MPSSVC-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|[email protected],-23306|
MPSSVC-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|[email protected],-23307|
WerSvc-1 REG_SZ V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|
WerSvc-2 REG_SZ V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|
WudfSvc-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|
WudfSvc-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|
SNMPTRAP-1 REG_SZ V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected]%SystemRoot%\system32\snmptrap.exe,-5|
SNMPTRAP-2 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected]%SystemRoot%\system32\snmptrap.exe,-6|
SNMPTRAP-3 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected]%SystemRoot%\system32\snmptrap.exe,-6|
clr_optimization_v2.0.50727_32-2 REG_SZ V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|
clr_optimization_v2.0.50727_32-1 REG_SZ V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|
clr_optimization_v2.0.50727_64-1 REG_SZ V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_64|Name=Block traffic for clr_optimization_v2.0.50727_64|
clr_optimization_v2.0.50727_64-2 REG_SZ V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_64|Name=Block traffic for clr_optimization_v2.0.50727_64|
UI0Detect-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|
UI0Detect-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|
uxsms-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|
uxsms-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|
dot3svc-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|
dot3svc-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|
IPBusEnum-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|
IPBusEnum-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|
PNRP Block In REG_SZ v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|
PnrpAuto Block In REG_SZ v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|
Sysmain-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|
PnrpAuto Block Out REG_SZ v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|
HomeGroup Allow Out (PRNP) REG_SZ v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|RPort=3540|Protocol=17|Name=Allow PNRP to send from port 3540|
PcaSvc-1 REG_SZ V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-3|[email protected],-5|
PcaSvc-2 REG_SZ V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-4|[email protected],-6|
HomeGroup Block In REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup incoming|
SearchFilterHost-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|
Wlansvc-2 REG_SZ V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|
P2P Grouping Block In REG_SZ v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|
Sysmain-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|
HomeGroup Allow In REG_SZ v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|
WSC Deny All Inbound REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|
SearchFilterHost-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|
Wlansvc-1 REG_SZ V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|
P2P Grouping Allow Out REG_SZ v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|
SearchIndexer-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|
HomeGroup Allow In (PRNP) REG_SZ v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|LPort=3540|Protocol=17|Name=Allow PNRP to receive from port 3540|
SearchIndexer-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|
PNRP Allow Out REG_SZ v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|
WindowsDefender-Out REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|
P2P Ident Block In REG_SZ v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|
P2P Grouping Block Out REG_SZ v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|
P2P Ident Block Out REG_SZ v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|
HomeGroup Block Out REG_NONE 560032002E0030007C0041006300740069006F006E003D0042006C006F0063006B007C004400690072003D004F00750074007C004100700070003D002500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C0073007600630068006F00730074002E006500780065007C005300760063003D0048006F006D006500470072006F0075007000500072006F00760069006400650072007C004E0061006D0065003D0042006C006F0063006B00200068006F006D006500670072006F007500700020006F007500740067006F0069006E0067007C000000
WcsPlugInService-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-160|
TabletInputService-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|
PNRP Block Out REG_SZ v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|
TabletInputService-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|
WwanSvc-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WwanSvc|Name=Block any network traffic to WwanSvc|
HomeGroup Allow Out REG_SZ v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|
HomeGroup Listener Block Out REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|
HomeGroup Listener Block In REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|
PNRP Allow In REG_SZ v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|
WcsPlugInService-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-161|
WindowsDefender-In REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|
WwanSvc-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WwanSvc|Name=Block any network traffic from WwanSvc|
WPDBUSENUM-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|
WSC Deny All Outbound REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|
WPDBUSENUM-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|
P2P Grouping Allow In REG_SZ v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|
PeerDist Allow WSD In REG_SZ V2.0|Action=Allow|Dir=In|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|
UmRdpService-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=UmRdpService|Name=Block any traffic to UmRdpService|
UmRdpService-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=UmRdpService|Name=Block any traffic from UmRdpService|
PeerDist Allow WSD In 2 REG_SZ V2.0|Action=Allow|Dir=In|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|
 PeerDist Block Out REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|
CscService-1 REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|
PeerDist Allow TCP Out REG_SZ V2.0|Action=Allow|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing TCP from PeerDistSvc|
PeerDist Allow WSD Out 2 REG_SZ V2.0|Action=Allow|Dir=Out|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|
CscService-2 REG_SZ V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|
PeerDist Allow TCP In REG_SZ V2.0|Action=Allow|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming TCP to PeerDistSvc|
PeerDist Allow WSD Out REG_SZ V2.0|Action=Allow|Dir=Out|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|
PeerDist Block In REG_SZ V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|
clr_optimization_v4.0.30319_32-1 REG_SZ V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
clr_optimization_v4.0.30319_32-2 REG_SZ V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|
clr_optimization_v4.0.30319_64-1 REG_SZ V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_64|Name=Block traffic for clr_optimization_v4.0.30319_64|
clr_optimization_v4.0.30319_64-2 REG_SZ V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_64|Name=Block traffic for clr_optimization_v4.0.30319_64|
P2P IdentBlock Out REG_SZ v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe REG_SZ C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging
LogDroppedPackets REG_DWORD 0x0
LogFilePath REG_SZ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogFileSize REG_DWORD 0x1000
LogSuccessfulConnections REG_DWORD 0x0


----------



## AndrewRLP (Aug 3, 2014)

Sorry forgot to mention that i tried to start the firewall but it still would not turn on.


----------



## AndrewRLP (Aug 3, 2014)

sorry about the logfile. It was too big for two posts. I think I got it all in there. I have kept the logfile just in case.


----------



## Mark1956 (May 7, 2011)

No problem and sorry for the delay. I have got something to try, but need some time to create the instructions, been very tied up with work, should get around to posting again tomorrow.


----------



## Mark1956 (May 7, 2011)

Sorry for the delay, had a busy weekend. Please follow the instructions below.

Please follow these instructions to see if it will repair the Firewall.

First create a new Restore Point:
Follow the instruction in Option 2 in this link: Create a System Restore Point in Windows 7

Next, click on Start and type *cmd* into the Search box.
A list will pop up, right click on *cmd* at the top and select *Run as Administrator*.
A Command Prompt will open, type *net stop MpsSvc* and hit the Enter key.
Close the Command Prompt window.

Then double click on the attachment at the bottom of this post and save it to the Desktop.
Extract the contents of the .zip file, It will show a file called Firewall.reg, double click on it and allow it to merge with the registry.

Then open the Command Prompt again, exactly as you did before.
At the prompt type *net start MpsSvc* and hit the Enter key.

Check to see if the Firewall will now start.

You must then open the Command Prompt again and type *netsh firewall reset* and hit the Enter key, wait to see confirmation, then reboot the system.

Check to see how well everything is running, if your use of registry cleaners has done no further damage you should be good to go.


----------



## AndrewRLP (Aug 3, 2014)

When i typed in net stop MpsSvc I got the following message:
The Windows Firewall Service is not started.
More help is available by typing NET HELPMSG 3521.

So i typed that in and in the cmd window another message came up saying:
The *** service is not started.

Then a popup error message said:
net1.exe - Bad Image
C:\Windows\system32\NETH.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

When I double clicked on the firewall.reg file I got the following error message:

Registry Editor
Cannot import C:\Users\Suzie\Desktop\firewall\firewall.reg: The specified file is not a registry script.
You can only import binary registry files from within the registry editor.


----------



## AndrewRLP (Aug 3, 2014)

When i went to cmd and typed in netsh firewall reset I got the following messages:

The following helper DLL cannot be loaded: NETIOHLP.DLL.
The following helper DLL cannot be loaded: NETTRACE.DLL.
The following command was not found: firewall reset.


----------



## Mark1956 (May 7, 2011)

In the first part, what you could see just confirmed that the Firewall service was already stopped.

Not sure why you got an error when trying to use the reg file but the rest of the procedure gave errors because the reg file did not merge with the registry.

We will try another approach, but if this fails we may have to give in and try a repair install. In preparation, make sure you have all your personal files backed up to an external hard drive, flash drive or CD/DVD's to protect against any possible data loss.

We are now going to run FRST in a different way.


*IMPORTANT---> *First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
Launch *FRST* by double clicking on it. *DO NOT* click on the *Scan* button or check any of the boxes.
You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on *FRST* to open it again.
When the *FRST* window opens click on the *Fix* button *just once* and wait.
You will see a message confirming the fix has been run and the log saved, click on *OK* and the Fixlog will open. *Copy & Paste* the full log it into your next reply.

*NOTE:* This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.


----------



## Mark1956 (May 7, 2011)

Please see my post above, if it works, the following should get the Firewall working again.

Open the Command Prompt again, exactly as you did before.
At the prompt type *net start MpsSvc* and hit the Enter key.

Check to see if the Firewall will now start.

You must then open the Command Prompt again and type *netsh firewall reset* and hit the Enter key, wait to see confirmation, then reboot the system.


----------



## AndrewRLP (Aug 3, 2014)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Suzie at 2014-08-12 06:09:16 Run:1
Running from C:\Users\Suzie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Reg: reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
Reg: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
*****************


========= reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====


----------



## AndrewRLP (Aug 3, 2014)

In cmd window
I typed in net start MpsSvc and got the following messages

The Windows Firewall service is starting.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.


----------



## AndrewRLP (Aug 3, 2014)

I did a bit of looking around and found this http://support.microsoft.com/kb/943996

I ran it and it got the firewall turned back on!

The Fix itcame up with errors:
Cannot Access Shared Files and Printers - Not fixed
Remote Assistance is not working - Not fixed
Windows could not start Windows Firewall - Fixed
Windows Firewall service is not started - Fixed


----------



## AndrewRLP (Aug 3, 2014)

Now I've gotta fix all the other issues, I'm having. Everytime I turn the laptop on I get a Microsoft Visual C++ Runtime Library Error.

Program: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

This application has requested the Runtime to terminate it in an unusual way.

I'm also unable to pin programs to the start menu or the task bar. The only way a program gets into the start menu is if its just been downloaded, but it disappears after restarting.

Also, the trash can isn't working correctly. It always looks empty even when I know I've put stuff in there. 

I Still have the VAIOSHell has stopped working error.


----------



## AndrewRLP (Aug 3, 2014)

I also can't perform a backup.

Got the following message:
The backup application could not start due to an internal error:
Server execution failed (0x80080005).


----------



## AndrewRLP (Aug 3, 2014)

I tried to Uninstall Vaio Care and reinstall it, but with no luck.

I uninstalled the VAIO add on that kept creating the runtime error

It appears you are correct that there are major permissions issues, but i've no idea how to resolve them.

But the firewall remains on which is good.


----------



## Mark1956 (May 7, 2011)

Sorry for the delay, been very busy with work.

Sounds like things are getting a bit better, but still not there.

Give this a go, if there are still issues after running this we should then go for a Repair install.

Download this and save it to the desktop: Windows Repair Use the coloured button next to *Direct Download* just below *Installer (9.08MB)* to start the download. NOTE: DO NOT use the green buttons at the top of the page as this is dubious software that could infect your system with Adware.

Close your browser and any running programs, double click on the Tweaking icon on your desktop to run the tool. When the program opens click on the *Step 5* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* put a check mark next to every item in the list apart from the Windows 8 repairs.
When done click on the *Start* button and leave it undisturbed until complete.

Let me know how things are when this is complete.


----------



## AndrewRLP (Aug 3, 2014)

I think it may have done some good, hard to know, but there seems to be some issues since running that program as well. The Laptop seems a lot slower, I still can't pin items to the taskbar or start menu and when i try to run cmd as administrator an error box pops up saying

C:\Windows\System32\cmd.exe
This operation returned because the timeout period expired.

There's also a program called DWM Notification Window as an open program in the task bar, but it appears to be not doing anything. When I click on it to maximise it, nothing happens.


----------



## Mark1956 (May 7, 2011)

Ok, I think it is now time to run a Repair install and if this fails to fix everything there will be no choice but to do a full re-installation.

Please go here: Windows 7 ISO downloads and download the version of Windows 7 that matches what you have on your PC.

You will need this version: Windows 7 Home Premium x64 SP1 U (media refresh) X17-58997.iso

If you have downloaded the ISO on a Windows 7 PC right click the ISO file, select *Open With*, then select* Windows Disc Image Burning Tool* then follow the prompts.

For PC's using other versions of Windows you must burn the ISO image to a DVD using an ISO image burner, copying the ISO to a DVD will not work, if you do not have an ISO burner download this free software and follow the instructions below to burn the disc.ImgBurn When you install ImgBurn make sure you uncheck any boxes offering bundled software.

Install the program and start the application. Select the top left hand option to burn image file to disk and then on the next window click on the small yellow folder icon and browse to the ISO file you wish to burn. Then click on the two grey discs with the arrow in between (bottom left) and leave it to complete the operation.

Once done, please go here Windows 7 Repair Install and follow the instructions from 5.

When complete, test the system to see if the original problems have been resolved.


----------



## AndrewRLP (Aug 3, 2014)

One quick question, will this delete any of my programs?

I bought Microsoft Office online via my workplace (downloaded it from a link, didn't get a disc) and I cannot find the registration code anywhere, or have any idea how I could reinstall it.


----------



## Mark1956 (May 7, 2011)

The Repair Install should not remove any of your software, but obviously if you have to do a full clean install everything will be wiped out.

I would suggest to be on the safe side you find the Product Key for Office using this program: Magical Jelly Bean Keyfinder the free version should do it.

Once you have the Product key for Office you can download it again from here: Office 2010 download


----------



## AndrewRLP (Aug 3, 2014)

The Key finder only found the product key for Windows (which is different to that on the sticker on the bottom of the laptop - although I cannot see the last 10 digits of the code on the sticker)

It doesn't show any product key for Office. It is a legitimate and official purchase I made through work and it functions fully and correctly with no issue, so there's no reason why a product key couldn't be found.

I'm willing to risk that though. Just one final question, will i need to enter in my Windows product key during the repair install?


----------



## Mark1956 (May 7, 2011)

As the key found by Magic Jelly Bean dose not match the key on the COA sticker then it will be the generic key used by the PC manufacturer which will not work if you have to do a clean install. The logs show that you most probably have a Recovery Partition, if you use that to re-install Windows you should not need the Product key.

As for Office, try this product http://www.belarc.com/free_download.html it will give a mountain of information about your system but may show the Product Key for Office. If not, you will need to find the original key you would have been given when you purchased it or contact Microsoft to see if they can help.

Lets hope the Repair Install does the job, but to be prepared for any future problems, like a hard drive failure (and they do all fail) you should get your product keys. You should also follow the guide which should be found in your PC's manual to create your own set of Recovery discs.


----------



## AndrewRLP (Aug 3, 2014)

Sadly the Office Product Key wasn't there.

The program did say though that the administrator account hasn't been used since April and was current deactivated.

There's only one account on this PC and it was initially set up as the administrator account.


----------



## Mark1956 (May 7, 2011)

I think that would be referring to the hidden Admin account, the FRST logs clearly show you are logged in as the Administrator so I would not worry about that.

Not sure what to suggest with the Office Product key, I don't know of any other way to find it, you should have kept a record of it from when you paid for it as you never know when things might go wrong and a reinstall could be required, you could try contacting Microsoft to see if they can help, but it is ultimately your responsibility to keep a record of the Product Key.

I would suggest you now go ahead with the Repair Install and see if that fixes the problems.


----------

