Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vundo problem... [RESOLVED]

Started by gooroo , Feb 15 2008 03:31 PM

This topic is locked

#1
gooroo

Posted 15 February 2008 - 03:31 PM

Member

Member
10 posts

Hiya,

I got a nasty Vundo problem (I think). I've tried VundoFix and VirtomundoBeGone, but they don't find anything, still when I start up my computer I get a message saying it can't find vtutr.dll or something.

Here is a HighJackThis and VirtomundoBeGone log.

Thanks beforehand,
Niklas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:10, on 2008-02-15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig?hl=sv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtutr.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7556 bytes

[02/15/2008, 17:59:33] - VirtumundoBeGone v1.5 ( "C:\Users\Annelie o Niklas\Desktop\VirtumundoBeGone.exe" )
[02/15/2008, 17:59:37] - Detected System Information:
[02/15/2008, 17:59:37] - Windows Version: 6.0.6000,
[02/15/2008, 17:59:37] - Current Username: Annelie o Niklas (Admin)
[02/15/2008, 17:59:37] - Windows is in NORMAL mode.
[02/15/2008, 17:59:37] - Searching for Browser Helper Objects:
[02/15/2008, 17:59:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Länkhjälp till Adobe PDF Reader)
[02/15/2008, 17:59:37] - Finished Searching Browser Helper Objects
[02/15/2008, 17:59:37] - Finishing up...
[02/15/2008, 17:59:37] - Nothing found! Exiting...

#2
Essexboy

Posted 15 February 2008 - 03:40 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there and welcome you appear to have the latest variant

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtutr.dll,#1

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Combofix may take up to 2 minutes to initialise in Vista

#3
gooroo

Posted 16 February 2008 - 11:41 AM

Member

Topic Starter
Member
10 posts

Hi, and thanks for helping.

Here's the combofix and highjackthis logs:

ComboFix 08-02-16.2 - Annelie o Niklas 2008-02-16 18:04:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1053.18.297 [GMT 1:00]
Running from: C:\Users\Annelie o Niklas\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Annelie o Niklas\Documents\FSC_Touchpad_Driver_for_Windows_VISTA_7_0_1404_4__1009078[1]\Touch Pad\_desktop.ini
C:\Users\Annelie o Niklas\Documents\FSC_Touchpad_Driver_for_Windows_VISTA_7_0_1404_4__1009078[1]\Touch Pad\Eula\_desktop.ini
C:\Windows\System32\ilkkj.ini
C:\Windows\System32\ilkkj.ini2
C:\Windows\System32\svvwa.ini
C:\Windows\System32\svvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 17:52 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 03:08 . 2008-02-14 03:08 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:08 . 2008-02-14 03:08 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:05 . 2008-02-14 03:05 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:04 . 2008-02-14 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:04 . 2008-02-14 03:04 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 03:01 . 2008-02-14 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-14 03:01 . 2008-02-14 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-14 03:01 . 2008-02-14 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-09 18:11 . 2008-02-09 18:11 <KAT> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-09 18:11 . 2008-02-09 18:11 <KAT> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-09 18:10 . 2008-02-09 18:10 <KAT> d-------- C:\Users\Annelie o Niklas\AppData\Roaming\SUPERAntiSpyware.com
2008-02-09 18:10 . 2008-02-15 19:11 <KAT> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-09 18:09 . 2008-02-09 18:09 <KAT> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 16:47 . 2008-02-09 16:48 <KAT> d-------- C:\Users\All Users\SecTaskMan
2008-02-09 16:47 . 2008-02-09 16:48 <KAT> d-------- C:\ProgramData\SecTaskMan
2008-02-09 16:47 . 2008-02-09 16:47 <KAT> d-------- C:\Program Files\Security Task Manager
2008-01-27 20:26 . 2008-01-27 22:17 <KAT> d-------- C:\VundoFix Backups
2008-01-27 20:23 . 2008-01-27 20:23 <KAT> d-------- C:\Program Files\Trend Micro
2008-01-27 16:55 . 2008-01-27 16:56 <KAT> d-------- C:\Users\Annelie o Niklas\AppData\Roaming\PrevxCSI
2008-01-27 16:55 . 2008-01-27 16:55 <KAT> d-------- C:\Users\All Users\Prevx
2008-01-27 16:55 . 2008-01-27 16:55 <KAT> d-------- C:\ProgramData\Prevx
2008-01-20 13:05 . 2008-01-20 13:05 524,288 --ahs---- C:\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms
2008-01-20 13:05 . 2008-01-20 13:05 524,288 --ahs---- C:\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms
2008-01-20 13:05 . 2008-01-20 13:05 524,288 --ahs---- C:\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms
2008-01-20 13:05 . 2008-01-20 13:05 524,288 --ahs---- C:\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms
2008-01-20 13:05 . 2008-02-07 21:46 262,144 --a------ C:\ntuser.dat
2008-01-20 13:05 . 2008-01-20 13:05 65,536 --ahs---- C:\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TM.blf
2008-01-20 13:05 . 2008-01-20 13:05 65,536 --ahs---- C:\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TM.blf
2008-01-20 13:05 . 2008-02-07 21:46 5,120 --ah----- C:\ntuser.dat.LOG1
2008-01-20 13:05 . 2008-01-20 13:05 0 --ah----- C:\ntuser.dat.LOG2
2008-01-20 11:37 . 2008-01-24 18:28 7,046 --ahs---- C:\Windows\System32\oqtss.ini
2008-01-19 12:53 . 2008-01-19 12:53 <KAT> d-------- C:\Program Files\Free DVD Ripper
2008-01-19 12:53 . 2002-07-17 15:20 84,832 --a------ C:\Windows\System32\drivers\ASPI32.SYS
2008-01-19 12:53 . 2002-07-17 15:23 45,056 --a------ C:\Windows\System32\WNASPI32.DLL
2008-01-19 10:24 . 2008-01-19 13:16 <KAT> d-------- C:\Program Files\Plato DVD Ripper Professional
2008-01-19 10:24 . 2005-12-30 19:10 761,856 --a------ C:\Windows\System32\xvidcore.dll
2008-01-19 10:24 . 2006-02-28 20:17 159,744 --a------ C:\Windows\System32\xvidvfw.dll
2008-01-19 10:24 . 2005-12-30 19:16 77,824 --a------ C:\Windows\System32\xvid.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 17:15 --------- d-----w C:\Program Files\Norman
2008-02-16 16:43 13,542 ----a-w C:\Users\Annelie o Niklas\AppData\Roaming\nvModes.dat
2008-02-14 02:14 --------- d-----w C:\Program Files\Apoint2K
2008-02-14 02:05 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:05 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:05 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:05 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:05 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:05 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:05 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-27 20:45 --------- d-----w C:\Program Files\Azureus
2008-01-24 19:06 --------- d-----w C:\Program Files\Opera
2008-01-24 19:03 --------- d-----w C:\Program Files\Flock
2008-01-24 19:02 --------- d-----w C:\Users\Annelie o Niklas\AppData\Roaming\Flock
2008-01-20 13:43 --------- d-----w C:\Users\Annelie o Niklas\AppData\Roaming\Azureus
2008-01-19 09:30 --------- d-----w C:\Program Files\QuickTime
2008-01-19 09:30 --------- d-----w C:\Program Files\Power Manager
2008-01-19 09:30 --------- d-----w C:\Program Files\Hotkey Management
2008-01-19 09:23 --------- d-----w C:\Program Files\Totalcmd
2008-01-15 19:27 --------- d-----w C:\Program Files\Google
2008-01-13 10:25 --------- d-----w C:\Program Files\Picasa2
2008-01-12 14:19 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:00 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 22:00 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 17:57 --------- d-----w C:\Users\Annelie o Niklas\AppData\Roaming\Canon
2008-01-08 16:37 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-08 16:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-06 16:10 --------- d-----w C:\Program Files\Canon
2008-01-06 16:05 --------- d-----w C:\Users\Annelie o Niklas\AppData\Roaming\ScanSoft
2008-01-06 16:05 --------- d-----w C:\ProgramData\InstallShield
2008-01-06 16:04 --------- d-----w C:\ProgramData\ScanSoft
2008-01-06 16:04 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-06 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-06 16:03 --------- d-----w C:\Program Files\ScanSoft
2008-01-06 16:01 --------- d-----w C:\Program Files\Common Files\CANON
2008-01-06 15:52 --------- d--h--w C:\ProgramData\CanonBJ
2008-01-06 15:48 --------- d--h--w C:\Program Files\CanonBJ
2007-12-11 21:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-11 21:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 21:31 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-17 10:11 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-17 10:11 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-17 10:11 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-17 10:11 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-17 10:11 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-17 10:11 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-17 10:11 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-17 10:11 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-17 10:11 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-17 10:11 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-17 10:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-17 10:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-08-30 19:09 174 --sha-w C:\Program Files\desktop.ini
2007-08-19 09:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-19 09:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-19 09:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:00 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-17 12:00 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 14:47 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 14:47 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 14:47 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 20:57 159744]
"FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [ ]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [ ]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-17 16:19:27 110592]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-07 20:45:22 2134016]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 08:55]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-15 00:07]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 21:40]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 11:23]
R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 08:44]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-01-25 13:16]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 15:20]
S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 14:25]
S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 14:25]
S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 14:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5df85ec-25b2-11dc-8ae9-001060d0eefa}]
\shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 02:17:31 C:\Windows\Tasks\At1.job"
- C:\Users\ANNELI~1\Desktop\Look2Me-Destroyer.exe
"2008-02-14 02:17:31 C:\Windows\Tasks\At2.job"
- C:\Users\ANNELI~1\Desktop\Look2Me-Destroyer.exe
"2008-02-15 16:50:15 C:\Windows\Tasks\User_Feed_Synchronization-{7E099716-FDBA-4D19-99AF-3CDF178B5FBD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 18:16:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
.
**************************************************************************
.
Completion time: 2008-02-16 18:22:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 17:22:13
.
2008-02-16 17:09:16 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:20, on 2008-02-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\Explorer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig?hl=sv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7243 bytes

#4
Essexboy

Posted 16 February 2008 - 12:01 PM

GeekU Moderator

Retired Staff
69,964 posts

Looking better a few more bits and bobs to go

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans click the checkboxes in front of the following items to select them:
- Reg - BotCheck
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#5
gooroo

Posted 17 February 2008 - 04:39 AM

Member

Topic Starter
Member
10 posts

OK, heres the log:

[code=auto:0]WinPFind35 logfile created on: 2008-02-17 11:26:21
WinPFind35U Version Beta52 Folder = C:\Users\Annelie o Niklas\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1022,38 Mb Total Physical Memory | 482,33 Mb Available Physical Memory | 47,18% Memory free
2,24 Gb Paging File | 1,48 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,76 Gb Total Space | 28,49 Gb Free Space | 36,18% Space Free | Partition Type: NTFS
Drive D: | 19,36 Gb Total Space | 9,69 Gb Free Space | 50,06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DATAN
Current User Name: Annelie o Niklas
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
elogsvc.exe -> %SystemDrive%\Program\Norman\Npm\Bin\elogsvc.exe -> File not found
zanda.exe -> %SystemDrive%\Program\Norman\Npm\Bin\Zanda.exe -> File not found
applemobiledeviceservice.exe -> %SystemDrive%\Program\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> File not found
mdnsresponder.exe -> %SystemDrive%\Program\Bonjour\mDNSResponder.exe -> File not found
msascui.exe -> %SystemDrive%\Program\Windows Defender\MSASCui.exe -> File not found
testhandler.exe -> %SystemDrive%\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -> Fujitsu Siemens Computers [Ver = 1.03 | Size = 204800 bytes | Modified Date = 2006-11-15 00:07:08 | Attr = ]
tosbtsrv.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.04.00 | Size = 386560 bytes | Modified Date = 2007-01-30 11:23:52 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.7 | Size = 3784704 bytes | Modified Date = 2006-11-09 10:57:52 | Attr = ]
apoint.exe -> %SystemDrive%\Program\Apoint2K\Apoint.exe -> File not found
apmsgfwd.exe -> %SystemDrive%\Program\Apoint2K\ApMsgFwd.exe -> File not found
apntex.exe -> %SystemDrive%\Program\Apoint2K\ApntEx.exe -> File not found
sidebar.exe -> %SystemDrive%\Program\Windows Sidebar\sidebar.exe -> File not found
njeeves.exe -> %SystemDrive%\Program\Norman\Npm\Bin\Njeeves.exe -> File not found
nvcsched.exe -> %SystemDrive%\Program\Norman\NVC\bin\Nvcsched.exe -> File not found
nvcoas.exe -> %SystemDrive%\Program\Norman\NVC\bin\Nvcoas.exe -> File not found
wmpnscfg.exe -> %SystemDrive%\Program\Windows Media Player\wmpnscfg.exe -> File not found
superantispyware.exe -> %SystemDrive%\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
tosbtmng.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> File not found
wmpnetwk.exe -> %SystemDrive%\Program\Windows Media Player\wmpnetwk.exe -> File not found
tosa2dp.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> File not found
tosbthid.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> File not found
tosbthsp.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> File not found
tosavrc.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe -> File not found
tosobex.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe -> File not found
tosbtproc.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe -> File not found
winpfind35u.exe -> %SystemDrive%\Användare\Annelie o Niklas\Skrivbord\WinPFind35u\WinPFind35U.exe -> File not found

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> File not found
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Bonjour\mDNSResponder.exe -> File not found
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(eLoggerSvc6) Norman eLogger service 6 [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\elogsvc.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(Norman NJeeves) Norman NJeeves [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\Njeeves.exe -> File not found
(Norman ZANDA) Norman ZANDA [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\Zanda.exe -> File not found
(nvcoas) Norman Virus Control on-access component [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\NVC\bin\Nvcoas.exe -> File not found
(NVCScheduler) Norman Virus Control Scheduler [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\NVC\bin\Nvcsched.exe -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TestHandler) Fujitsu Siemens Computers Diagnostic Testhandler [Win32_Own | Auto | Running] -> %SystemDrive%\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -> Fujitsu Siemens Computers [Ver = 1.03 | Size = 204800 bytes | Modified Date = 2006-11-15 00:07:08 | Attr = ]
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found
(usnjsvc) Läsartjänsten USN Journal för mappdelning i Messenger [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\MSN Messenger\usnsvc.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Windows Media Player\wmpnetwk.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.04.00 | Size = 386560 bytes | Modified Date = 2007-01-30 11:23:52 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> File not found
Apoint -> %SystemDrive%\Program\Apoint2K\Apoint.exe -> File not found
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMyPrt.exe -> File not found
CanonSolutionMenu -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.exe -> File not found
FuncKey -> %ProgramFiles%\Hotkey Management\FuncKey.exe -> File not found
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> File not found
Norman ZANDA -> %ProgramFiles%\Norman\Npm\bin\ZLH.EXE -> File not found
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 7766016 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 81920 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
NvSvc -> %SystemRoot%\System32\nvsvc.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 90191 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpwareSE4.exe -> File not found
PowerManager -> %ProgramFiles%\Power Manager\PM.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> File not found
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.7 | Size = 3784704 bytes | Modified Date = 2006-11-09 10:57:52 | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -> File not found
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> %SystemDrive%\Program\Windows Sidebar\sidebar.exe -> File not found
SUPERAntiSpyware -> %SystemDrive%\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
WMPNSCFG -> %SystemDrive%\Program\Windows Media Player\wmpnscfg.exe -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\SUPERAntiSpyware\SASSEH.DLL [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %SystemDrive%\Program\SUPERAntiSpyware\SASWINLO.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.se/ig?hl=sv ->
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Länkhjälp till Adobe PDF Reader] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Java\jre1.5.0_03\bin\NPJPI150_03.dll [Sun Java-konsol] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xportera till Microsoft Excel -> %SystemDrive%\Program\Microsoft Office\Office10\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34603D73-CE7B-4FFE-96B7-68B9EA8B1F80} -> (Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)) ->
{471C67F9-D7DB-4450-84AA-BE7C4E608F36} -> (NVIDIA nForce Networking Controller) ->
{7F5DA6E3-0B96-448C-99CD-627818DCF16E} -> (Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)) ->
{EB8DB5F1-431E-49F3-8D6B-5CDABE6B2379} -> () ->
{FFE68317-9B02-4562-A4BB-D4E373934455} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> %SystemDrive%\Program\Bonjour\mdnsNSP.dll -> File not found
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\microsoft shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> File not found
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> File not found
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> File not found
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> File not found
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.se/s/v/19.11/uploader2.cab[UploadListView Class] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.emp [($build.empty)] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\\EnableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\\EnableNotificationsRef -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 176640 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 493056 bytes | Modified Date = 2006-11-02 10:46:05 | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 2006-11-02 10:46:10 | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6000.16508 (vista_gdr.070618-1500) | Size = 269824 bytes | Modified Date = 2007-08-30 18:26:31 | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 168448 bytes | Modified Date = 2006-11-02 10:46:13 | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 61440 bytes | Modified Date = 2006-11-02 10:46:13 | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 2006-11-02 10:46:10 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 804 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\Windows\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 120832 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\Windows\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 22016 bytes | Modified Date = 2006-11-02 10:45:47 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDri
verPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 512 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> C:\Windows\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Pub
lic|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Pub
lic|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|Ap
p=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Pri
vate|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|A
pp=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Pri
vate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Pr
ivate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Pri
vate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|
App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177
|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|A
pp=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|
App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|
App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243
|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-3131

#6
gooroo

Posted 17 February 2008 - 04:43 AM

Member

Topic Starter
Member
10 posts

#7
gooroo

Posted 17 February 2008 - 04:45 AM

Member

Topic Starter
Member
10 posts

34002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=S
ystem|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=
System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=S
ystem|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=
System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=
System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App
=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=
System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App
=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=139|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=139|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=445|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=445|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=RPC|RA4=Lo
calSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=RPC|RA4=L
ocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|Profile=Public|
ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|Profile=Public
|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|Profile=Public
|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|Profile=Publi
c|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=S
ystem|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=S
ystem|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28254|[email protected],-28257|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Priva
te|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28258|[email protected],-28261|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-28262|[email protected],-28265|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Fire
wallAPI.dll,-28266|[email protected],-28269|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-RPC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28270|[email protected],-28273|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-28274|[email protected],-28277|[email protected],-28252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|A
pp=%SystemRoot%\system32\msra.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|
App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
App=%SystemRoot%\system32\msra.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public
|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA
4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubne
t|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA
4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP-Active -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP-Active -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubne
t|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubne
t|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=Sy
stem|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-L2TP-In-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-L2TP-Out-UDP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Priva
te|Profile=Public|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-PPTP-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-PPTP-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Priva
te|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-30515|[email protected],-30518|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected]
,-30519|[email protected],-30522|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=
System|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App
=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=
System|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App
=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Priva
te|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Publi
c|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public
|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Publi
c|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F8184DC1-B858-4930-B15A-C856A5FD0D3E}C:\program files\windows sidebar\sidebar.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\windows sidebar\sidebar.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\windows sidebar\sidebar.exe|Name=Windows Sidpanelen|Desc=Windows Sidpanelen|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4EE1B2A7-1E6B-4CC9-91BD-A6B861479BF4}C:\program files\windows sidebar\sidebar.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\windows sidebar\sidebar.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\windows sidebar\sidebar.exe|Name=Windows Sidpanelen|Desc=Windows Sidpanelen|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0235C4F4-D3D4-4981-9FB7-0CCB7770F3DA}C:\program files\bittornado\btdownloadgui.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\bittornado\btdownloadgui.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\bittornado\btdownloadgui.exe|Name=btdownloadgui|Desc=btdownloadgui|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{42ED6664-E9DC-43EB-B1E8-C68D270A322C}C:\program files\bittornado\btdownloadgui.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\bittornado\btdownloadgui.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\bittornado\btdownloadgui.exe|Name=btdownloadgui|Desc=btdownloadgui|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97D56EA8-5B23-4D96-8DA8-1AF2308F383F} -> v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\MSN Messenger\msnmsgr.exe|Name=Windows Live Messenger 8.1|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1 [v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\MSN Messenger\msnmsgr.exe|Name=Windows Live Messenger 8.1|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll,-61143|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22B7C3D4-552D-4276-ADBC-056DE9AAD5FA} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=L
ocalSubnet|App=System|Name=Windows Live Messenger 8.1 (UPnP-In)|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1 [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=
LocalSubnet|App=System|Name=Windows Live Messenger 8.1 (UPnP-In)|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll,-61143|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BFCD3B6-6C0D-4F45-8FFB-FE28E0D1A854} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=
LocalSubnet|App=svchost.exe|Svc=ssdpsrv|Name=Windows Live Messenger 8.1 (SSDP-In)|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1 [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6
=LocalSubnet|App=svchost.exe|Svc=ssdpsrv|Name=Windows Live Messenger 8.1 (SSDP-In)|EmbedCtxt=@C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll,-61143|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C52C4491-2CE7-443C-9EE4-92D82982DF71} -> v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\MSN Messenger\livecall.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\MSN Messenger\livecall.exe|Name=Windows Live Messenger 8.1 (Phone)|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C563E03-D968-456A-926A-2C9B8913763D} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe|Name=Sid Meier's Civilization 4|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D40EB3B3-E2CF-4110-8BE3-B40EAADA1369} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe|Name=Sid Meier's Civilization 4|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E5F4457-C128-4186-999E-DBAEABAFB9F0} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe|Name=Sid Meier's Civilization 4 Warlords|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5F110E7-7BCE-4F1B-92E8-BC375B991B5F} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe|Name=Sid Meier's Civilization 4 Warlords|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{478C16F8-EC73-435D-AD4A-C6EF9ABC5250} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe|Name=Sid Meier's Civilization 4 Pitboss|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A909A65D-DF21-4012-884C-36A9B1EA4D74} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Annelie o Niklas\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe|Name=Sid Meier's Civilization 4 Pitboss|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4D0E1AED-E6E3-4B00-9F75-8012366D8D6D}C:\program files\internet explorer\iexplore.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\internet explorer\iexplore.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8E71108-C1F9-4F77-A0AD-71AF1C9CD195}C:\program files\internet explorer\iexplore.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\internet explorer\iexplore.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|] -> File not f

#8
gooroo

Posted 17 February 2008 - 04:46 AM

Member

Topic Starter
Member
10 posts

{E8E71108-C1F9-4F77-A0AD-71AF1C9CD195}C:\program files\internet explorer\iexplore.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\internet explorer\iexplore.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF3BA6A8-6949-4FE1-9637-7B8143FC1E4F} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E189B32-B693-4C8F-8763-F220C3E7CD5F} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=L
ocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3312CF13-F5A4-4879-B27E-106EC8A5444A} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|
RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D62112EE-39D3-4BEB-9F30-37C57F25C110} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25AC1368-06AE-4147-8168-230EED39EF6B} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=1900|RA4=L
ocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-DU-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=133:*|App=System|[email protected],-26106|[email protected],-25011|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP4-DUFRAG-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|
Profile=Public|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IGMP-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IGMP-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|Profile=Private
|Profile=Public|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DHCP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DHCP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-Teredo-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-Teredo-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IPv6-In -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|Profile=Private
|Profile=Public|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IPv6-Out -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Privat
e|Profile=Public|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-NP-Out-TCP -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=S
ystem|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DNS-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|RPort=53|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-LSASS-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95DC2F7F-50A5-4A03-9D05-52F21C969E06} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|N
[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B02BCB2-86F1-4FB0-8A75-0ACE27AA1452} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|Na
[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CA9DC6B-3E1D-47AA-BAA8-5C3DE725D7E0} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|Name
[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FB5D024-2435-4EFC-BAA1-FB50A60015BE} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|Name=
@FirewallAPI.dll,-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{376833C2-1824-4742-BD4D-79A3B21AC0E9} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77A5D7A4-8B32-4A6F-95B9-66EACFE5E5C7} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=Lo
calSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=L
ocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BE93C35-BFB3-4A2E-BCA7-CF57576D9720} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DB390F4-CE81-48CE-99BC-33678FAFEABF} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8583E27-F870-4E2F-9F38-07705F2B1908} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E38E6E9-8D60-4EDD-B399-6BD44433B412} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E478636-23B7-41BA-A52E-15E32E61901A} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{763F5A9C-3821-4FDC-ACF2-966878EA16E3} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59ED1B6D-0D92-4D5A-AA14-2E5DC77ACD7E} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC952DCB-89C6-4FFA-9C13-81C191B60A3B} -> v2.0|A [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{102CC2C4-71AD-4095-BCB4-25018AC4ED7E}C:\program files\dc++\dcplusplus.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\dc++\dcplusplus.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\dc++\dcplusplus.exe|Name=DC++|Desc=DC++|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{37CB7C44-87D5-4238-8542-7EFB4E5160AB}C:\program files\dc++\dcplusplus.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\dc++\dcplusplus.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\dc++\dcplusplus.exe|Name=DC++|Desc=DC++|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0E10E0E8-5AAC-4F6A-AC12-230E7FE4CAD4}C:\program files\bittornado\btdownloadgui.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\bittornado\btdownloadgui.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\bittornado\btdownloadgui.exe|Name=btdownloadgui|Desc=btdownloadgui|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FE602C11-7A13-45BB-B340-542102F6A703}C:\program files\bittornado\btdownloadgui.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\bittornado\btdownloadgui.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\bittornado\btdownloadgui.exe|Name=btdownloadgui|Desc=btdownloadgui|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1E03DA6E-5D86-44F4-ADC8-A3952A15EA4D}C:\program files\azureus\azureus.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\azureus\azureus.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\azureus\azureus.exe|Name=Azureus|Desc=Azureus|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0CD641F9-DFDF-4D42-980F-E3ED0E998A32}C:\program files\azureus\azureus.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\azureus\azureus.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\azureus\azureus.exe|Name=Azureus|Desc=Azureus|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9261DFC8-F103-4455-A041-A8993DDF4014}C:\program files\internet explorer\iexplore.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\internet explorer\iexplore.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0347E6E9-2AF7-4E5B-9C93-EA4619D4F468}C:\program files\internet explorer\iexplore.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\internet explorer\iexplore.exe [v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFilePath -> C:\Windows\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-1 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1 -> V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1-1 -> V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-2 -> V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-3 -> V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe [V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe [V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-160|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-161|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-1 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23300|[email protected],-23301|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-2 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23302|[email protected],-23303|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-3 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-5010|[email protected],-5011|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23304|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23305|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\AVEndpointBuilder-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-1 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll [V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-2 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll [V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|[email protected],-23306|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-1 -> V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-2 -> V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-1 -> V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe [V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-5|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-2 -> V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-1 -> V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe [V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-Out -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block Out -> v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-3|[email protected],-5|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe [V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-4|[email protected],-6|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all ot

#9
gooroo

Posted 17 February 2008 - 04:49 AM

Member

Topic Starter
Member
10 posts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe [V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any outbound traffic from ehstart|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-In -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DFSR-1 -> V2.0|Action=Allow|Dir=In|RPort=5722|Protocol=6|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=In|RPort=5722|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=DFSR|Name=Allow inbound TCP traffic|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DFSR-2 -> V2.0|Action=Allow|Dir=Out|RPort=5722|Protocol=6|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Allow|Dir=Out|RPort=5722|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=DFSR|Name=Allow outbound TCP traffic|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DFSR-3 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=DFSR|Name=Block any traffic to DFSR|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DFSR-4 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe [V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=DFSR|Name=Block any traffic from DFSR|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe [V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any inbound traffic to ehstart|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFilePath -> C:\Windows\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\PreshutdownTimeout -> 57600000 ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName ->
@%systemroot%\system32\wuaueng.dll -> @%systemroot%\system32\wuaueng.dll -> File not found
-105 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\Windows\System32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 22016 bytes | Modified Date = 2006-11-02 10:45:47 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> @%systemroot%\system32\wuaueng.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DelayedAutoStart -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DependOnService ->
rpcss -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 545792 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\RequiredPrivileges ->
SeAuditPrivilege -> -> File not found
SeCreateGlobalPrivilege -> -> File not found
SeCreatePageFilePrivilege -> -> File not found
SeTcbPrivilege -> -> File not found
SeAssignPrimaryTokenPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
SeIncreaseQuotaPrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\Windows\System32\wuaueng.dll [%systemroot%\system32\wuaueng.dll] -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 1712984 bytes | Modified Date = 2007-08-24 15:14:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceMain -> WUServiceMain ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName ->
@regsvc.dll -> @regsvc.dll -> File not found
-1 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\Windows\System32\svchost.exe [%SystemRoot%\system32\svchost.exe -k regsvc] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 22016 bytes | Modified Date = 2006-11-02 10:45:47 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> @regsvc.dll,-2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 545792 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\RequiredPrivileges ->
SeCreateGlobalPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\Windows\System32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 105984 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-02-16 18:02:58 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072676864 bytes | Modified Date = 2008-02-17 11:01:50 | Attr = HS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Modified Date = 2008-02-07 21:46:34 | Attr = ]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TM.blf -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TM.blf -> [Ver = | Size = 65536 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TM.blf -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TM.blf -> [Ver = | Size = 65536 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-02-16 18:03:08 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2008-01-27 20:26:23 | Attr = ]
ASPI32.SYS -> %SystemRoot%\System32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.70 (0008) built by: WinDDK | Size = 84832 bytes | Modified Date = 2002-07-17 15:20:32 | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2008-02-14 03:04:42 | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
oqtss.ini -> %SystemRoot%\System32\oqtss.ini -> [Ver = | Size = 7046 bytes | Modified Date = 2008-01-24 18:28:15 | Attr = HS]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
WNASPI32.DLL -> %SystemRoot%\System32\WNASPI32.DLL -> Adaptec [Ver = 4.70 (0008) | Size = 45056 bytes | Modified Date = 2002-07-17 15:23:20 | Attr = ]
xvid.ax -> %SystemRoot%\System32\xvid.ax -> [Ver = | Size = 77824 bytes | Modified Date = 2005-12-30 19:16:02 | Attr = ]
xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 761856 bytes | Modified Date = 2005-12-30 19:10:30 | Attr = ]
xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 159744 bytes | Modified Date = 2006-02-28 20:17:30 | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-02-16 18:03:57 | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 390 bytes | Modified Date = 2008-02-14 03:17:31 | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 390 bytes | Modified Date = 2008-02-14 03:17:31 | Attr = ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-02-16 18:23:26 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072676864 bytes | Modified Date = 2008-02-17 11:01:50 | Attr = HS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Modified Date = 2008-02-07 21:46:34 | Attr = ]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TM.blf -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TM.blf -> [Ver = | Size = 65536 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85ee1-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TM.blf -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TM.blf -> [Ver = | Size = 65536 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{bda85eed-c742-11dc-83d4-001060d0eefa}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-01-20 13:05:56 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-02-09 18:10:05 | Attr = R ]
ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 2008-02-09 18:11:17 | Attr = H ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-02-16 18:22:13 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-02-16 18:08:25 | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2008-01-27 22:17:48 | Attr = ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 2008-02-16 18:15:38 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-02-16 18:15:31 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-02-16 18:15:31 | Attr = ]
sv-SE -> %SystemRoot%\System32\drivers\sv-SE -> [Folder | Modified Date = 2008-02-14 03:15:05 | Attr = ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 2008-02-17 11:02:05 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 2008-02-17 11:02:06 | Attr = H ]
catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 2008-02-15 17:51:12 | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 2008-02-14 03:12:18 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-02-16 18:13:10 | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-02-16 18:23:20 | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2008-02-14 03:04:42 | Attr = ]
migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 2008-02-14 03:15:05 | Attr = ]
oqtss.ini -> %SystemRoot%\System32\oqtss.ini -> [Ver = | Size = 7046 bytes | Modified Date = 2008-01-24 18:28:15 | Attr = HS]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 103924 bytes | Modified Date = 2008-02-15 17:53:30 | Attr = ]
perfc01D.dat -> %SystemRoot%\System32\perfc01D.dat -> [Ver = | Size = 81514 bytes | Modified Date = 2008-02-15 17:53:30 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 610142 bytes | Modified Date = 2008-02-15 17:53:30 | Attr = ]
perfh01D.dat -> %SystemRoot%\System32\perfh01D.dat -> [Ver = | Size = 472414 bytes | Modified Date = 2008-02-15 17:53:30 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1258162 bytes | Modified Date = 2008-02-15 17:53:30 | Attr = ]
sv-SE -> %SystemRoot%\System32\sv-SE -> [Folder | Modified Date = 2008-02-16 18:02:57 | Attr = ]
Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 2008-02-13 21:38:12 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008-02-14 03:15:03 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 2008-02-17 11:01:55 | Attr = S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 2008-02-17 00:22:29 | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2008-02-15 22:38:23 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-02-16 18:12:16 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-02-15 17:53:30 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-02-15 19:11:48 | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2008-02-15 22:38:42 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-02-15 22:09:57 | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 2008-02-14 03:18:48 | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 2008-02-14 08:33:40 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 2008-02-16 18:15:38 | Attr = ]
System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 2008-02-16 18:23:25 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-02-13 21:38:12 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-02-17 11:25:47 | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 2008-02-15 22:38:25 | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 390 bytes | Modified Date = 2008-02-14 03:17:31 | Attr = ]
At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 390 bytes | Modified Date = 2008-02-14 03:17:31 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-02-17 11:02:02 | Attr = H ]
User_Feed_Synchronization-{7E099716-FDBA-4D19-99AF-3CDF178B5FBD}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{7E099716-FDBA-4D19-99AF-3CDF178B5FBD}.job -> [Ver = | Size = 444 bytes | Modified Date = 2008-02-16 18:31:10 | Attr = H ]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 2007-03-26 14:01:10 | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2008-02-16 18:03:40 | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6577 bytes | Modified Date = 2008-02-16 18:03:40 | Attr = ]
data.dat -> C:\ProgramData\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 2007-05-17 16:12:22 | Attr = ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 10764 bytes | Modified Date = 2008-02-17 11:17:10 | Attr = ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-17 11:17:10 | Attr = ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-17 11:17:10 | Attr = ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 6624 bytes | Modified Date = 2008-02-17 11:17:09 | Attr = ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 828 bytes | Modified Date = 2008-02-17 11:17:10 | Attr = ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 132060 bytes | Modified Date = 2008-02-17 11:17:09 | Attr = ]
Administrator.dat -> C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat -> [Ver = | Size = 0 bytes | Modified Date = 2006-11-02 14:03:35 | Attr = ]
Annelie o Niklas.dat -> C:\ProgramData\Microsoft\User Account Pictures\Annelie o Niklas.dat -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-16 16:50:16 | Attr = ]
Gäst.dat -> C:\ProgramData\Microsoft\User Account Pictures\Gäst.dat -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-21 16:39:14 | Attr = ]

< End of report >
[/code]

#10
Essexboy

Posted 17 February 2008 - 06:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks good

Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> @FirewallAPI.dll,-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE|] -> File not found
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName
YN -> @%systemroot%\system32\wuaueng.dll -> @%systemroot%\system32\wuaueng.dll
< BotCheck > -> 
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName
YN -> @regsvc.dll -> @regsvc.dll
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
YY -> oqtss.ini -> %SystemRoot%\System32\oqtss.ini
YY -> sed.exe -> %SystemRoot%\System32\sed.exe
YY -> At1.job -> %SystemRoot%\tasks\At1.job
YY -> At2.job -> %SystemRoot%\tasks\At2.job
[Files/Folders - Modified Within 30 days]
YY -> oqtss.ini -> %SystemRoot%\System32\oqtss.ini
YY -> At1.job -> %SystemRoot%\tasks\At1.job
YY -> At2.job -> %SystemRoot%\tasks\At2.job
YY -> qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
YY -> qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

#11
gooroo

Posted 17 February 2008 - 08:09 AM

Member

Topic Starter
Member
10 posts

Hmm, the fix doesnt seem to work. The lines above [Files/Folders - Created Within 30 days] disappear and a few more [Empty Temp Folders] are added at the bottom, otherwise nothing happens, and the program doesnt respond.

Otherwise everything seems to be working fine. Im not getting any more pop-ups of missing dlls anyore.

#12
Essexboy

Posted 17 February 2008 - 08:14 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you post a new Hijackthis log please

#13
gooroo

Posted 17 February 2008 - 08:25 AM

Member

Topic Starter
Member
10 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:13, on 2008-02-17
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig?hl=sv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7122 bytes

#14
Essexboy

Posted 17 February 2008 - 08:30 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm maybe winpfind did the work and then threw a hissy fit

Now the best part of the day ----- Your log now appears clean

Double click Winpfind35 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

SpywareBlaster to help prevent spyware from installing in the first place.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe