Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan [CLOSED]


  • This topic is locked This topic is locked

#16
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hello aquevedo831,

Post when you are able to. I hope that your situation isn't too bad where you are.
  • 0

Advertisements


#17
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Hello,
My situation isnt too bad. I got all of my north windows knocked out by hail, and we have no running water. But its ok. All of my computers and equipment survived so its all good :)
Although, because of the storm, my fiber optic internet installation has been delayed so it will take a while to perform the onlinve AV scan. I will try to do everything as soon as possible
  • 0

#18
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 21, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 21, 2008 20:22:03
Records in database: 880049
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
F:\

Scan statistics:
Files scanned: 122435
Threat name: 8
Infected objects: 45
Suspicious objects: 0
Duration of the scan: 01:44:42


File name / Threat name / Threats count
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\bdctsrli.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\efcASMfF.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\efcBqoLB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\hgGxVNgD.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\hvdbnaso.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\iIbAQkHY.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\iiFXOGAp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\iiFYRJby.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\khfEUoOE.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\khrkxuie.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\ljJCsstQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\ljJDSKDt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\opNdBuut.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\opnkHXQJ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\ppdarhqx.dll Infected: Trojan.Win32.Agent.rep 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\qoMfddCs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\rqRKEwuT.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\sspvlwwp.dll Infected: Trojan.Win32.Agent.reo 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00011cb3 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00011d8e Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp000122cb Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00012bc0 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp000141fe Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00015e93 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00015f5e Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00017aab Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp0001ea9c Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp0001f362 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00020ceb Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00023477 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp0002666f Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp0002fdfd Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp000382d5 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp00040b26 Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tmp01fae25c Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tuvSkjJY.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tuvTmMge.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tuvUMcbX.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tuvusssp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\tuvVomLe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\wvUkJyXO.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Deckard\System Scanner\20080610232743\backup\Users\Arturo\AppData\Local\Temp\xxyvwTKC.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqj 1
C:\Program Files\Radmin\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 1
C:\Program Files\Radmin\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 1
C:\Program Files\Radmin\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 1

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:51 p.m., on 21/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Users\Arturo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\tuvWpMcD.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll,c
O4 - HKCU\..\Run: [BM55ccda45] Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\lnvaagmy.dll",s
O4 - HKCU\..\Run: [56ffe9d9] rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\blfmqhpc.dll",b
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7820ABEA-4909-492B-9217-CC59FDBB9EB8}: NameServer = 69.49.208.10 69.7.80.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\Windows\system32\lxbtcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5687 bytes
  • 0

#19
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hello aquevedo831,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\tuvWpMcD.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll,c
O4 - HKCU\..\Run: [BM55ccda45] Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\lnvaagmy.dll",s
O4 - HKCU\..\Run: [56ffe9d9] rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\blfmqhpc.dll",b

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Users\Arturo\AppData\Local\Temp\*.*
    I don't want you to delete the folder itself, so make sure you copy exactly as listed in the code box above.
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the computer did not reboot then please restart the computer.

Re-scan with DSS.exe post the log results along with the OTMoveIt2 results. Also let me know if you are still having any problems.
  • 0

#20
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
Deckard's System Scanner v20071014.68
Run by Arturo on 2008-06-23 21:40:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as Arturo.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:36 p.m., on 23/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Users\Arturo\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\Arturo\Desktop\Arturo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll,c
O4 - HKCU\..\Run: [56ffe9d9] rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ftmrtlpn.dll",b
O4 - HKCU\..\Run: [BM55ccda45] Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\bcemaywl.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7820ABEA-4909-492B-9217-CC59FDBB9EB8}: NameServer = 69.49.208.10 69.7.80.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\Windows\system32\lxbtcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6825 bytes

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2099-05-13 19:31:11 0 d-------- C:\Windows\SoftwareDistribution
2099-05-13 19:29:52 0 d-------- C:\Windows\system32\catroot2
2099-05-13 19:29:38 0 d-------- C:\Windows\Debug
2099-05-13 19:29:38 0 d-------- C:\Windows\CSC
2099-05-13 19:27:45 0 d-------- C:\Windows\Prefetch
2099-05-13 19:27:34 0 d--hs---- C:\System Volume Information
2099-05-13 13:25:52 0 d-------- C:\Windows\Panther
2099-05-13 13:25:36 0 d--hs---- C:\Boot
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Reciente
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Mis documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Impresoras
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Entorno de red
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Configuración local
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Favoritos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Escritorio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Program Files\Archivos comunes
2099-05-12 21:38:03 0 d--hs---- C:\Archivos de programa
2008-06-20 22:13:11 0 d-------- C:\Users\All Users\Macromedia
2008-06-20 22:13:10 0 d-------- C:\Windows\system32\QuickTime
2008-06-20 22:12:36 0 d-------- C:\Program Files\Macromedia
2008-06-20 22:12:36 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-20 22:11:21 0 d-------- C:\Windows\Downloaded Installations
2008-06-15 17:32:56 244970388 --a------ C:\BackupReg.reg
2008-06-10 22:51:21 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-10 22:51:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 23:11:38 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-06-08 21:43:13 0 d-------- C:\Program Files\MediaMonkey
2008-06-06 12:47:48 171136 -rahs---- C:\grldr
2008-06-03 21:31:41 0 d-------- C:\Windows\en-US
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\en
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\0409
2008-06-03 21:31:29 0 d-------- C:\Windows\system32\drivers\en-US
2008-05-31 13:08:09 0 d--hs---- C:\Diskeeper
2008-05-31 12:49:53 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-31 12:13:31 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-29 08:16:44 0 d-------- C:\Users\All Users\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 21:56:32 0 d-------- C:\Users\All Users\TamoSoft
2008-05-28 21:56:20 0 d-------- C:\Program Files\CommViewWiFi
2008-05-28 13:59:40 0 d-------- C:\Program Files\Norton 360
2008-05-28 13:55:40 0 d-------- C:\Program Files\Symantec
2008-05-28 13:52:28 0 d-------- C:\Users\All Users\Symantec
2008-05-28 13:37:27 57344 --a------ C:\Windows\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-05-28 13:37:27 32768 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-05-28 13:37:25 0 d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-05-23 17:01:41 0 d-------- C:\PerfLogs
2008-05-23 13:15:27 0 d-------- C:\Users\All Users\Azureus
2008-05-23 13:13:46 0 d-------- C:\Program Files\Azureus
2008-05-23 07:14:16 32 --a------ C:\Windows\go


-- Find3M Report ---------------------------------------------------------------

2099-05-12 21:38:37 0 d-------- C:\Users\Arturo\AppData\Roaming\Identities
2099-05-12 21:38:03 0 d-------- C:\Program Files\Windows NT
2008-06-20 22:22:52 0 d-------- C:\Users\Arturo\AppData\Roaming\Macromedia
2008-06-20 22:13:57 0 d-------- C:\Program Files\Opera
2008-06-20 22:12:36 0 d-------- C:\Program Files\Common Files
2008-06-20 22:11:46 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-20 20:47:54 0 d-------- C:\Users\Arturo\AppData\Roaming\uTorrent
2008-06-19 18:21:46 664388 --a------ C:\Windows\system32\perfh00A.dat
2008-06-19 18:21:46 128552 --a------ C:\Windows\system32\perfc00A.dat
2008-06-11 23:40:56 0 d-------- C:\Program Files\Windows Mail
2008-06-10 22:51:46 0 d-------- C:\Users\Arturo\AppData\Roaming\Malwarebytes
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Sidebar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Calendar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Movie Maker
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Collaboration
2008-06-03 21:31:48 0 d-------- C:\Program Files\Windows Journal
2008-06-03 21:31:46 0 d-------- C:\Program Files\Windows Defender
2008-06-03 10:55:16 0 d-------- C:\Users\Arturo\AppData\Roaming\Azureus
2008-05-29 08:27:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Adobe
2008-05-28 21:51:24 0 d-------- C:\Users\Arturo\AppData\Roaming\Symantec
2008-05-28 14:48:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-28 13:37:25 0 d-------- C:\Users\Arturo\AppData\Roaming\Acoustica
2008-05-26 10:49:25 0 d-------- C:\Users\Arturo\AppData\Roaming\HideIP
2008-05-23 17:17:27 174 --ahs---- C:\Program Files\desktop.ini
2008-05-23 14:44:14 0 d-------- C:\Users\Arturo\AppData\Roaming\ArtOfPing
2008-05-21 10:19:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-21 07:57:31 0 d-------- C:\Program Files\Windows Live
2008-05-21 07:57:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-19 10:40:34 0 d-------- C:\Program Files\Java
2008-05-19 10:30:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-18 18:08:10 0 d-------- C:\Program Files\hkSFV
2008-05-18 17:13:53 0 d-------- C:\Program Files\Lexmark 5200 series
2008-05-18 17:00:57 0 d-------- C:\Users\Arturo\AppData\Roaming\Corel
2008-05-18 16:54:22 0 d-------- C:\Program Files\Corel
2008-05-17 15:51:41 0 d-------- C:\Program Files\Hide IP NG
2008-05-17 15:51:40 0 d-------- C:\Users\Arturo\AppData\Roaming\Hide IP NG
2008-05-15 10:20:14 0 d-------- C:\Users\Arturo\AppData\Roaming\TuneUp Software
2008-05-15 10:20:00 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-15 10:18:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 21:35:08 0 d-------- C:\Users\Arturo\AppData\Roaming\Ahead
2008-05-14 15:39:11 0 d-------- C:\Program Files\uTorrent
2008-05-14 08:48:52 0 d-------- C:\Users\Arturo\AppData\Roaming\Opera
2008-05-14 08:34:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 08:34:02 0 d-------- C:\Program Files\Atheros
2008-05-14 08:27:12 0 d-------- C:\Program Files\NetWaiting
2008-05-14 08:25:45 0 d-------- C:\Program Files\CONEXANT
2008-05-14 08:20:45 0 d-------- C:\Program Files\Apoint2K
2008-05-13 20:22:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Media Player Classic
2008-05-13 20:22:06 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-13 20:22:02 0 d-------- C:\Users\Arturo\AppData\Roaming\Real
2008-05-13 19:41:49 0 d-------- C:\Users\Arturo\AppData\Roaming\Talkback
2008-05-13 19:41:23 0 --a------ C:\Windows\nsreg.dat
2008-05-13 19:41:19 0 d-------- C:\Users\Arturo\AppData\Roaming\Mozilla
2008-05-13 19:23:26 0 d-------- C:\Users\Arturo\AppData\Roaming\WinRAR
2008-05-13 19:17:10 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 19:16:10 0 d-------- C:\Program Files\Nero
2008-05-13 19:08:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 19:08:30 0 d-------- C:\Program Files\MSBuild
2008-05-13 19:07:38 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 19:05:13 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 18:48:55 0 d-------- C:\Program Files\Realtek
2008-05-13 18:45:43 0 d-------- C:\Program Files\Intel
2008-05-13 18:45:11 0 d-------- C:\Users\Arturo\AppData\Roaming\InstallShield
2008-05-13 18:45:11 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-12 21:55:06 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-05-12 21:54:47 0 d-------- C:\Program Files\Radmin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
23/02/2008 09:08 p.m. 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
28/05/2008 02:01 p.m. 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [23/02/2008 09:08 p.m. 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 02:38 a.m.]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 02:37 p.m.]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 09:50 a.m.]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 a.m.]
"cmds"="C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll,c" []
"56ffe9d9"="C:\Users\Arturo\AppData\Local\Temp\ftmrtlpn.dll,b" []
"BM55ccda45"="C:\Users\Arturo\AppData\Local\Temp\bcemaywl.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23276ff5-2923-11dd-b65f-001b38ee7580}]
AutoRun\command- D:\Autorun.exe /run
Shell00\Command- D:\Autorun.exe /run
Shell01\Command- D:\Autorun.exe /action
Shell02\Command- D:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-23 21:44:44 ------------




< C:\Users\Arturo\AppData\Local\Temp\*.* >
C:\Users\Arturo\AppData\Local\Temp\AbLVCcdd.ini moved successfully.
C:\Users\Arturo\AppData\Local\Temp\AbLVCcdd.ini2 moved successfully.
C:\Users\Arturo\AppData\Local\Temp\Arturo.bmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b120x240.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b120x600.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b120x90.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b125x125.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b160x600.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b180x150.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b234x60.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b240x400.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b250x250.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b300x100.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b300x250.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b336x280.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b468x60.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b720x300.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\b728x90.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\blfmqhpc.dll
C:\Users\Arturo\AppData\Local\Temp\blfmqhpc.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\blfmqhpc.dll moved successfully.
C:\Users\Arturo\AppData\Local\Temp\cphqmflb.ini moved successfully.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll
C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll moved successfully.
File move failed. C:\Users\Arturo\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\jlhloegx.dll
C:\Users\Arturo\AppData\Local\Temp\jlhloegx.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\jlhloegx.dll moved successfully.
C:\Users\Arturo\AppData\Local\Temp\jssuitxv.ini moved successfully.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\lnvaagmy.dll
C:\Users\Arturo\AppData\Local\Temp\lnvaagmy.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\lnvaagmy.dll moved successfully.
C:\Users\Arturo\AppData\Local\Temp\osCheck Vista Migration 2008-06-22 20h04m43s.log moved successfully.
C:\Users\Arturo\AppData\Local\Temp\symlcsv1.exe moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4B26.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4BF2.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4C73.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4CC2.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4D17.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4D4A.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4DAB.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\TFR4E0E.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\vrsmlnfw.dll
C:\Users\Arturo\AppData\Local\Temp\vrsmlnfw.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\vrsmlnfw.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Arturo\AppData\Local\Temp\vxtiussj.dll
C:\Users\Arturo\AppData\Local\Temp\vxtiussj.dll NOT unregistered.
C:\Users\Arturo\AppData\Local\Temp\vxtiussj.dll moved successfully.
C:\Users\Arturo\AppData\Local\Temp\~DF72B1.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\~DF75B1.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\~DFC3A7.tmp moved successfully.
C:\Users\Arturo\AppData\Local\Temp\~DFC42B.tmp moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_203350
  • 0

#21
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
The infection keeps respawning. :) I need to find what keeps triggering it.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Reboot the computer.

Now let's have a deeper look into your computer.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Post the Superantispyware results, OTScanIt results and a fresh HijackThis log for me to review.
  • 0

#22
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2008 at 01:54 PM

Application Version : 4.15.1000

Core Rules Database Version : 3490
Trace Rules Database Version: 1481

Scan type : Complete Scan
Total Scan Time : 02:05:15

Memory items scanned : 582
Memory threats detected : 2
Registry items scanned : 7548
Registry threats detected : 2
File items scanned : 65502
File threats detected : 30

Trojan.Vundo-Variant/Small
C:\USERS\ARTURO\APPDATA\LOCAL\TEMP\BCEMAYWL.DLL
C:\USERS\ARTURO\APPDATA\LOCAL\TEMP\BCEMAYWL.DLL
C:\USERS\ARTURO\APPDATA\LOCAL\TEMP\FTMRTLPN.DLL
C:\USERS\ARTURO\APPDATA\LOCAL\TEMP\FTMRTLPN.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\BDCTSRLI.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\EFCASMFF.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\EFCBQOLB.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\HGGXVNGD.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\HVDBNASO.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\IIBAQKHY.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\IIFXOGAP.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\IIFYRJBY.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\KHFEUOOE.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\KHRKXUIE.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\LJJCSSTQ.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\LJJDSKDT.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\OPNDBUUT.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\OPNKHXQJ.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\PPDARHQX.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\QOMFDDCS.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\RQRKEWUT.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\SSPVLWWP.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\TUVSKJJY.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\TUVTMMGE.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\TUVUMCBX.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\TUVUSSSP.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\TUVVOMLE.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\WVUKJYXO.DLL
C:\DECKARD\SYSTEM SCANNER\20080610232743\BACKUP\USERS\ARTURO\APPDATA\LOCAL\TEMP\XXYVWTKC.DLL

Adware.Tracking Cookie
C:\Users\Arturo\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Arturo\AppData\Roaming\Microsoft\Windows\Cookies\arturo@insightexpressai[1].txt
C:\Users\Arturo\AppData\Roaming\Microsoft\Windows\Cookies\arturo@atdmt[2].txt

Adware.Vundo Variant/Rel
HKU\S-1-5-21-2139058471-4026814485-2488587174-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Arturo\AppData\Local\Temp\ddcCVLbA.dll,c ]
HKU\S-1-5-21-2139058471-4026814485-2488587174-1000\Software\Microsoft\rdfa




















[code=auto:0]OTScanIt logfile created on: 25/06/2008 10:24:27 p.m.
OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Users\Arturo\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080a | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1013.27 Mb Total Physical Memory | 351.00 Mb Available Physical Memory | 34.64% Memory free
2.24 Gb Paging File | 1.07 Gb Available in Paging File | 47.96% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 63.44 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AQUEVEDO831
Current User Name: Arturo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
psiservice.exe -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
opera.exe -> %ProgramFiles%\Opera\Opera.exe -> Opera Software [Ver = 8841 | Size = 79360 bytes | Modified Date = 31/03/2008 01:29:20 p.m. | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 20/06/2008 01:47:40 p.m. | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(CertPropSvc) Propagación de certificados [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 22/08/2007 03:21:30 a.m. | Attr = ]
(DcomLaunch) Iniciador de procesos de servidor DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.234 | Size = 3220856 bytes | Modified Date = 21/02/2008 05:02:44 p.m. | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(lxbt_device) lxbt_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\lxbtcoms.exe -> Lexmark International, Inc. [Ver = 1.27.12.0 | Size = 421888 bytes | Modified Date = 20/02/2004 02:10:08 p.m. | Attr = ]
(MSDTC) Coordinador de transacciones distribuidas [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 15/01/2007 05:14:38 p.m. | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15/01/2007 04:01:56 p.m. | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
(Schedule) Programador de tareas [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Directiva de extracción de tarjetas inteligentes [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
(TrustedInstaller) Instalador de módulos de Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 15/05/2008 10:20:16 a.m. | Attr = ]
(WdiServiceHost) Host del servicio de diagnóstico [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Host de sistema de diagnóstico [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 02/11/2006 04:51:38 a.m. | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 02/11/2006 04:51:32 a.m. | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 02/11/2006 04:51:00 a.m. | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 02/11/2006 04:50:11 a.m. | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 14952 bytes | Modified Date = 02/11/2006 04:49:20 a.m. | Attr = ]
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.94 built by: WinDDK | Size = 165424 bytes | Modified Date = 08/01/2008 07:58:46 p.m. | Attr = ]
(AR5211) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ar5211.sys -> TamoSoft [Ver = 5.3.0.65 | Size = 558624 bytes | Modified Date = 21/01/2008 01:58:46 p.m. | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 02/11/2006 04:50:09 a.m. | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\athr.sys -> Atheros Communications, Inc. [Ver = 7.3.1.25 built by: WinDDK | Size = 735232 bytes | Modified Date = 30/05/2007 03:40:42 p.m. | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 02/11/2006 03:24:45 a.m. | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 02/11/2006 03:24:46 a.m. | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 02/11/2006 03:25:24 a.m. | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 02/11/2006 03:24:44 a.m. | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 02/11/2006 03:24:44 a.m. | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 02/11/2006 03:24:47 a.m. | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_rtm.061101-2205) | Size = 16488 bytes | Modified Date = 02/11/2006 04:49:28 a.m. | Attr = ]
(CnxtHdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\CHDART.sys -> Conexant Systems Inc. [Ver = 4.38.0.0 built by: WinDDK | Size = 187904 bytes | Modified Date = 22/01/2008 12:11:34 p.m. | Attr = ]
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CHDRT32.sys -> Conexant Systems Inc. [Ver = 4.42.0.0 built by: WinDDK | Size = 201728 bytes | Modified Date = 27/02/2008 06:26:04 a.m. | Attr = ]
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 06/03/2008 09:32:09 p.m. | Attr = ]
(CO_Mon) CO_Mon [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\CO_Mon.sys -> Symantec Corporation [Ver = 2007.1.1.99 | Size = 36056 bytes | Modified Date = 08/08/2007 07:39:56 p.m. | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 02/11/2006 02:30:54 a.m. | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 13/02/2008 04:00:00 a.m. | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 02/11/2006 04:51:34 a.m. | Attr = ]
(EraserUtilDrv10710) EraserUtilDrv10710 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilDrv10710.sys -> File not found
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 13/02/2008 04:00:00 a.m. | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 p.m. | Attr = ]
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CPQBttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.03 | Size = 9472 bytes | Modified Date = 28/06/2006 10:54:00 a.m. | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 984064 bytes | Modified Date = 20/06/2007 07:29:56 p.m. | Attr = ]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 208896 bytes | Modified Date = 20/06/2007 07:28:34 p.m. | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 02/11/2006 04:51:25 a.m. | Attr = ]
(IDSvix86) Symantec Intrusion Prevention Driver [Kernel | System | Running] -> %AllUsersProfile%\Symantec\Definitions\SymcData\ipsdefs\20080623.001\IDSvix86.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 261680 bytes | Modified Date = 12/05/2008 11:55:10 p.m. | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1437 | Size = 2302976 bytes | Modified Date = 11/02/2008 07:36:10 p.m. | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 02/11/2006 04:50:17 a.m. | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:07 a.m. | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:09 a.m. | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:04 a.m. | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:05 a.m. | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 19/06/2006 07:26:58 a.m. | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 02/11/2006 04:49:53 a.m. | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 02/11/2006 04:49:59 a.m. | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080625.003\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 10/06/2008 03:00:00 a.m. | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080625.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 10/06/2008 03:00:00 a.m. | Attr = ]
(NetHook_ControlCenter) ArtOfPing ControlCenter [Kernel | On_Demand | Stopped] -> %ProgramFiles%\PingFu Iris\ControlCenter.sys -> File not found
(NetHook_Interceptor) ArtOfPing TDI Interceptor [Kernel | On_Demand | Stopped] -> %ProgramFiles%\PingFu Iris\Interceptor.sys -> File not found
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 02/11/2006 04:50:19 a.m. | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 02/11/2006 02:36:50 a.m. | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 02/11/2006 04:50:24 a.m. | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 02/11/2006 04:50:13 a.m. | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 02/11/2006 04:51:45 a.m. | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(RTL8023xp) Realtek 10/100 NIC Family NDIS x86 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 6,103,0123,2007 built by: WinDDK | Size = 50176 bytes | Modified Date = 24/04/2007 05:51:08 a.m. | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 28/05/2008 10:33:38 a.m. | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 02/11/2006 01:37:21 a.m. | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 02/11/2006 04:50:16 a.m. | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 16/01/2008 11:05:42 p.m. | Attr = ]
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:05 a.m. | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 13616 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Modified Date = 28/05/2008 02:02:13 p.m. | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 96432 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\SymIMV.sys -> Symantec Corporation [Ver = 8.0.1.19 | Size = 24112 bytes | Modified Date = 19/02/2008 08:06:11 p.m. | Attr = ]
(SYMNDISV) SYMNDISV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 41008 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 22320 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 188464 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 02/11/2006 04:49:56 a.m. | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 02/11/2006 04:50:03 a.m. | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 02/11/2006 04:51:25 a.m. | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 02/11/2006 04:50:45 a.m. | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 02/11/2006 04:49:30 a.m. | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 02/11/2006 04:50:41 a.m. | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 660480 bytes | Modified Date = 20/06/2007 07:28:22 p.m. | Attr = ]
(XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.00.12.00 built by: WinDDK | Size = 8704 bytes | Modified Date = 10/07/2007 10:27:56 p.m. | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.5.5 | Size = 51048 bytes | Modified Date = 18/02/2008 02:37:38 p.m. | Attr = ]
osCheck -> %ProgramFiles%\Norton 360\osCheck.exe ["C:\Program Files\Norton 360\osCheck.exe"] -> Symantec Corporation [Ver = 2.0.0.242 | Size = 988512 bytes | Modified Date = 26/02/2008 09:50:44 a.m. | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
56ffe9d9 -> %UserProfile%\AppData\Local\Temp\ftmrtlpn.DLL [rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ftmrtlpn.dll",b] -> File not found
BM55ccda45 -> %UserProfile%\AppData\Local\Temp\bcemaywl.DLL [Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\bcemaywl.dll",s] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 a.m. | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 01:41:36 p.m. | Attr = ]
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1437 | Size = 204800 bytes | Modified Date = 11/02/2008 06:46:44 p.m. | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 12:49:51 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________HS02____\5&1e8aa5eb&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 04:43:36 p.m. | Attr = ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aplicación auxiliar de vínculos de Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 p.m. | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 28/05/2008 02:01:11 p.m. | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{466D9CFB-0589-4D35-9C3C-C1CFC4B1CA04} -> ([CommView] Atheros AR5006X Wireless Network Adapter) ->
{49CA7757-6E8A-42BE-BBE3-B4E038D3EF49} -> (Microsoft Windows Mobile Remote Adapter) ->
{E77EF834-534E-4446-A324-FD2071D89673} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab[UnoCtrl Class] ->
{
  • 0

#23
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
The OTScanIt results has been cut off. Could you please re-post the entire results.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Just be sure to start each post where the previous one finishes.

You can locate the file (OTScanIt.txt) in the OTScanIt folder on the desktop or wherever you extracted that folder to.
  • 0

#24
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
[code=auto:0]OTScanIt logfile created on: 25/06/2008 10:24:27 p.m.
OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Users\Arturo\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080a | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1013.27 Mb Total Physical Memory | 351.00 Mb Available Physical Memory | 34.64% Memory free
2.24 Gb Paging File | 1.07 Gb Available in Paging File | 47.96% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 63.44 Gb Free Space | 56.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AQUEVEDO831
Current User Name: Arturo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
psiservice.exe -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
opera.exe -> %ProgramFiles%\Opera\Opera.exe -> Opera Software [Ver = 8841 | Size = 79360 bytes | Modified Date = 31/03/2008 01:29:20 p.m. | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 20/06/2008 01:47:40 p.m. | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.234 | Size = 238968 bytes | Modified Date = 21/02/2008 05:02:53 p.m. | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(CertPropSvc) Propagación de certificados [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 22/08/2007 03:21:30 a.m. | Attr = ]
(DcomLaunch) Iniciador de procesos de servidor DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.781.0 | Size = 1123608 bytes | Modified Date = 04/04/2008 02:56:18 p.m. | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.234 | Size = 3220856 bytes | Modified Date = 21/02/2008 05:02:44 p.m. | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.5.5 | Size = 149352 bytes | Modified Date = 18/02/2008 02:37:20 p.m. | Attr = ]
(lxbt_device) lxbt_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\lxbtcoms.exe -> Lexmark International, Inc. [Ver = 1.27.12.0 | Size = 421888 bytes | Modified Date = 20/02/2004 02:10:08 p.m. | Attr = ]
(MSDTC) Coordinador de transacciones distribuidas [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 15/01/2007 05:14:38 p.m. | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 15/01/2007 04:01:56 p.m. | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 174656 bytes | Modified Date = 02/11/2006 08:40:12 p.m. | Attr = ]
(Schedule) Programador de tareas [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Directiva de extracción de tarjetas inteligentes [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 28/05/2008 01:59:29 p.m. | Attr = ]
(TrustedInstaller) Instalador de módulos de Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 15/05/2008 10:20:16 a.m. | Attr = ]
(WdiServiceHost) Host del servicio de diagnóstico [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Host de sistema de diagnóstico [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 10:28:08 p.m. | Attr = ]

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 02/11/2006 04:51:38 a.m. | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 02/11/2006 04:51:32 a.m. | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 02/11/2006 04:51:00 a.m. | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 02/11/2006 04:50:11 a.m. | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 14952 bytes | Modified Date = 02/11/2006 04:49:20 a.m. | Attr = ]
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.7.0.94 built by: WinDDK | Size = 165424 bytes | Modified Date = 08/01/2008 07:58:46 p.m. | Attr = ]
(AR5211) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ar5211.sys -> TamoSoft [Ver = 5.3.0.65 | Size = 558624 bytes | Modified Date = 21/01/2008 01:58:46 p.m. | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 02/11/2006 04:50:09 a.m. | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\athr.sys -> Atheros Communications, Inc. [Ver = 7.3.1.25 built by: WinDDK | Size = 735232 bytes | Modified Date = 30/05/2007 03:40:42 p.m. | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 02/11/2006 03:24:45 a.m. | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 02/11/2006 03:24:46 a.m. | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 02/11/2006 03:25:24 a.m. | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 02/11/2006 03:24:44 a.m. | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 02/11/2006 03:24:44 a.m. | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 02/11/2006 03:24:47 a.m. | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_rtm.061101-2205) | Size = 16488 bytes | Modified Date = 02/11/2006 04:49:28 a.m. | Attr = ]
(CnxtHdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\CHDART.sys -> Conexant Systems Inc. [Ver = 4.38.0.0 built by: WinDDK | Size = 187904 bytes | Modified Date = 22/01/2008 12:11:34 p.m. | Attr = ]
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CHDRT32.sys -> Conexant Systems Inc. [Ver = 4.42.0.0 built by: WinDDK | Size = 201728 bytes | Modified Date = 27/02/2008 06:26:04 a.m. | Attr = ]
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 06/03/2008 09:32:09 p.m. | Attr = ]
(CO_Mon) CO_Mon [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\CO_Mon.sys -> Symantec Corporation [Ver = 2007.1.1.99 | Size = 36056 bytes | Modified Date = 08/08/2007 07:39:56 p.m. | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 02/11/2006 02:30:54 a.m. | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 13/02/2008 04:00:00 a.m. | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 02/11/2006 04:51:34 a.m. | Attr = ]
(EraserUtilDrv10710) EraserUtilDrv10710 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilDrv10710.sys -> File not found
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 13/02/2008 04:00:00 a.m. | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 p.m. | Attr = ]
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CPQBttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.03 | Size = 9472 bytes | Modified Date = 28/06/2006 10:54:00 a.m. | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 984064 bytes | Modified Date = 20/06/2007 07:29:56 p.m. | Attr = ]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 208896 bytes | Modified Date = 20/06/2007 07:28:34 p.m. | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 02/11/2006 04:51:25 a.m. | Attr = ]
(IDSvix86) Symantec Intrusion Prevention Driver [Kernel | System | Running] -> %AllUsersProfile%\Symantec\Definitions\SymcData\ipsdefs\20080623.001\IDSvix86.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 261680 bytes | Modified Date = 12/05/2008 11:55:10 p.m. | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1437 | Size = 2302976 bytes | Modified Date = 11/02/2008 07:36:10 p.m. | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 02/11/2006 04:50:17 a.m. | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:07 a.m. | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:09 a.m. | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:04 a.m. | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:05 a.m. | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 19/06/2006 07:26:58 a.m. | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 02/11/2006 04:49:53 a.m. | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 02/11/2006 04:49:59 a.m. | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080625.003\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 10/06/2008 03:00:00 a.m. | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Symantec\Definitions\VirusDefs\20080625.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 10/06/2008 03:00:00 a.m. | Attr = ]
(NetHook_ControlCenter) ArtOfPing ControlCenter [Kernel | On_Demand | Stopped] -> %ProgramFiles%\PingFu Iris\ControlCenter.sys -> File not found
(NetHook_Interceptor) ArtOfPing TDI Interceptor [Kernel | On_Demand | Stopped] -> %ProgramFiles%\PingFu Iris\Interceptor.sys -> File not found
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 02/11/2006 04:50:19 a.m. | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 02/11/2006 02:36:50 a.m. | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 02/11/2006 04:50:24 a.m. | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 02/11/2006 04:50:13 a.m. | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 02/11/2006 04:51:45 a.m. | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(RTL8023xp) Realtek 10/100 NIC Family NDIS x86 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 6,103,0123,2007 built by: WinDDK | Size = 50176 bytes | Modified Date = 24/04/2007 05:51:08 a.m. | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 28/05/2008 10:33:38 a.m. | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 28/05/2008 10:33:36 a.m. | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 02/11/2006 01:37:21 a.m. | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 02/11/2006 04:50:10 a.m. | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 02/11/2006 04:50:16 a.m. | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 16/01/2008 11:05:42 p.m. | Attr = ]
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 31/01/2008 08:51:16 p.m. | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 02/11/2006 04:50:05 a.m. | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 13616 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Modified Date = 28/05/2008 02:02:13 p.m. | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 96432 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\SymIMV.sys -> Symantec Corporation [Ver = 8.0.1.19 | Size = 24112 bytes | Modified Date = 19/02/2008 08:06:11 p.m. | Attr = ]
(SYMNDISV) SYMNDISV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 41008 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 22320 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 188464 bytes | Modified Date = 05/02/2008 02:34:43 p.m. | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 02/11/2006 04:49:56 a.m. | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 02/11/2006 04:50:03 a.m. | Attr = ]
(TimerStop) TimerStop [Kernel | Auto | Stopped] -> %SystemRoot%\System32\timerstop.sys -> [Ver = | Size = 3584 bytes | Modified Date = 02/01/2007 12:06:14 p.m. | Attr = R ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 02/11/2006 04:51:25 a.m. | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 02/11/2006 04:50:35 a.m. | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 02/11/2006 04:50:45 a.m. | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 02/11/2006 04:49:30 a.m. | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 02/11/2006 04:50:41 a.m. | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.67.00 built by: WinDDK | Size = 660480 bytes | Modified Date = 20/06/2007 07:28:22 p.m. | Attr = ]
(XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.00.12.00 built by: WinDDK | Size = 8704 bytes | Modified Date = 10/07/2007 10:27:56 p.m. | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.5.5 | Size = 51048 bytes | Modified Date = 18/02/2008 02:37:38 p.m. | Attr = ]
osCheck -> %ProgramFiles%\Norton 360\osCheck.exe ["C:\Program Files\Norton 360\osCheck.exe"] -> Symantec Corporation [Ver = 2.0.0.242 | Size = 988512 bytes | Modified Date = 26/02/2008 09:50:44 a.m. | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
56ffe9d9 -> %UserProfile%\AppData\Local\Temp\ftmrtlpn.DLL [rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ftmrtlpn.dll",b] -> File not found
BM55ccda45 -> %UserProfile%\AppData\Local\Temp\bcemaywl.DLL [Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\bcemaywl.dll",s] -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 a.m. | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 a.m. | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 01:41:36 p.m. | Attr = ]
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1437 | Size = 204800 bytes | Modified Date = 11/02/2008 06:46:44 p.m. | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 12:49:51 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________HS02____\5&1e8aa5eb&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 04:43:36 p.m. | Attr = ]
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aplicación auxiliar de vínculos de Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 p.m. | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 28/05/2008 02:01:11 p.m. | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.6.3 | Size = 349552 bytes | Modified Date = 23/02/2008 09:08:26 p.m. | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Consola de Sun Java] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 25/03/2008 04:28:01 a.m. | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{466D9CFB-0589-4D35-9C3C-C1CFC4B1CA04} -> ([CommView] Atheros AR5006X Wireless Network Adapter) ->
{49CA7757-6E8A-42BE-BBE3-B4E038D3EF49} -> (Microsoft Windows Mobile Remote Adapter) ->
{E77EF834-534E-4446-A324-FD2071D89673} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab[UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\\.Owner -> {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/game_uno1.dll\\{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu
  • 0

#25
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.empty) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 177152 bytes | Modified Date = 19/01/2008 02:36:19 a.m. | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 497664 bytes | Modified Date = 19/01/2008 02:34:36 a.m. | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 19/01/2008 02:35:14 a.m. | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 268288 bytes | Modified Date = 19/01/2008 02:36:19 a.m. | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 168448 bytes | Modified Date = 19/01/2008 02:36:50 a.m. | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 62464 bytes | Modified Date = 19/01/2008 02:36:42 a.m. | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 19/01/2008 02:35:14 a.m. | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 592 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 121344 bytes | Modified Date = 19/01/2008 02:35:58 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 88 4B 5C 07 F0 BE EF 69 56 D5 8D 3F A8 29 3C CB [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 4D C8 B6 E0 0E D9 1F 0C DD [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 51 A7 3C D1 E5 73 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 1B B1 75 22 27 0F 94 F6 66 42 7D D2 49 51 9B 49 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 02:33:32 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDri
verPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 513 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=
System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App
=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-31277|[email protected],-31280|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|R
A4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-30785|[email protected],-30788|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Fire
wallAPI.dll,-30789|[email protected],-30792|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30793|[email protected],-30796|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004
|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=500
09|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubne
t|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|
  • 0

Advertisements


#26
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30515|[email protected],-30518|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30519|[email protected],-30522|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteDesktop-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|A
pp=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32253|[email protected],-32256|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32257|[email protected],-32260|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32261|[email protected],-32264|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32265|[email protected],-32268|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32269|[email protected],-32272|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32273|[email protected],-32276|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32277|[email protected],-32280|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32281|[email protected],-32284|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28254|[email protected],-28257|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28258|[email protected],-28261|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-28262|[email protected],-28265|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-28266|[email protected],-28269|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28270|[email protected],-28273|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-28274|[email protected],-28277|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=Sys
tem|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-L2TP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-L2TP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-PPTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-PPTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-DU-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=133:*|App=System|[email protected],-26106|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP4-DUFRAG-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|P
rofile=Public|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IGMP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|Profile=Private|P
rofile=Public|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IGMP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DHCP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DHCP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-Teredo-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-Teredo-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IPv6-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IPv6-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Private
|Profile=Public|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-NP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=Sy
stem|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DNS-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-LSASS-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Netlogon-NamedPipe-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netl
ogon.dll,-1003|[email protected],-1006|[email protected],-1010|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SSTP-IN-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@sstp
svc.dll,-35002|[email protected],-35003|[email protected],-35001|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=Sy
stem|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=S
ystem|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=S
ystem|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@
FirewallAPI.dll,-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=
@FirewallAPI.dll,-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Nam
[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Na
[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|EmbedCtxt=@FirewallAP
  • 0

#27
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|
ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public
|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public
|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Publi
c|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=S
ystem|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|Name
[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 627 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 288256 bytes | Modified Date = 19/01/2008 02:34:34 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ScopeAddress -> 192.168.0.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ScopeAddressBackup -> 192.168.0.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\PolicyVersion -> 513 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=
System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App
=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-31277|[email protected],-31280|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|R
A4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=Sy
  • 0

#28
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-30785|[email protected],-30788|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Fire
wallAPI.dll,-30789|[email protected],-30792|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30793|[email protected],-30796|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004
|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=500
09|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubne
t|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30515|[email protected],-30518|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30519|[email protected],-30522|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WPDMTP-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteDesktop-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|A
pp=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32253|[email protected],-32256|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32257|[email protected],-32260|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32261|[email protected],-32264|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32265|[email protected],-32268|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32269|[email protected],-32272|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32273|[email protected],-32276|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-P2P-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32277|[email protected],-32280|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-P2P-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32281|[email protected],-32284|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28254|[email protected],-28257|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28258|[email protected],-28261|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-28262|[email protected],-28265|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-28266|[email protected],-28269|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-RPC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28270|[email protected],-28273|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\BITSSVC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-28274|[email protected],-28277|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=Sys
tem|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-L2TP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-L2TP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-PPTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RRAS-PPTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C25DBFDF-BB76-4CB6-B27E-7728DB50C4F2} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=6004|App=C
:\Program Files\Microsoft Office\Office12\outlook.exe|Name=Microsoft Office Outlook|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A094E434-A703-4C69-95FA-C4C983C17BA1} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Microsoft Office\Office12\GROOVE.EXE|Name=Microsoft Office Groove|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FBF5E89-27B3-481C-8A1E-AA1DE12635A5} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Microsoft Office\Office12\GROOVE.EXE|Name=Microsoft Office Groove|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5665438B-285C-4BCC-9DE0-918B0A38B14C} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE|Name=Microsoft Office OneNote|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{658E7F09-478A-4467-9D16-593E44294670} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE|Name=Microsoft Office OneNote|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-DU-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=133:*|App=System|[email protected],-26106|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-ICMP4-DUFRAG-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|P
rofile=Public|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IGMP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|Profile=Private|P
rofile=Public|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IGMP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DHCP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DHCP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-Teredo-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-Teredo-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IPv6-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-IPv6-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Private
|Profile=Public|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-NP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=Sy
stem|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-DNS-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CoreNet-GP-LSASS-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B697007-0100-4BA7-8A08-EB43CDB704BE} -> v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Windows Live\Messenger\msnmsgr.exe|Name=Windows Live Messenger|EmbedCtxt=@C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll,-61143|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41A2A2ED-6D21-448A-8701-591411999D96} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=L
ocalSubnet|App=System|Name=Windows Live Messenger (UPnP-In)|EmbedCtxt=@C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll,-61143|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C364D04-2BB0-4428-B2A6-20105B5CC12E} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=
LocalSubnet|App=svchost.exe|Svc=ssdpsrv|Name=Windows Live Messenger (SSDP-In)|EmbedCtxt=@C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll,-61143|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E8CDD7A-00D7-4E27-895E-8717C81E15AF} -> v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Windows Live\Messenger\livecall.exe|Name=Windows Live Messenger (Phone)|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Netlogon-NamedPipe-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netl
ogon.dll,-1003|[email protected],-1006|[email protected],-1010|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM&#
  • 0

#29
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SSTP-IN-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@sstp
svc.dll,-35002|[email protected],-35003|[email protected],-35001|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=Sy
stem|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=S
ystem|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=S
ystem|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@
FirewallAPI.dll,-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=
@FirewallAPI.dll,-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Nam
[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Na
[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=139|RA4=Loc
alSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=139|RA4=Lo
calSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=445|RA4=Loc
alSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=445|RA4=Lo
calSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=Lo
calSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=Lo
calSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4
=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC|RA4=Loc
alSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=L
ocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Public|ICMP4=8:*|RA4=Loc
alSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|RA4=L
ocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Public|ICMP4=8:*|RA4=Lo
calSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|RA4=
LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Public|ICMP6=128:*|RA6=
LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In_1 -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|RA
6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Public|ICMP6=128:*|RA6
=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out_1 -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|R
A6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=S
ystem|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|Name
[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D64A37DF-8884-42D3-927F-03329CE65243} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5679|RA4=LocalSubnet|RA6
=LocalSubnet|IF={49CA7757-6E8A-42BE-BBE3-B4E038D3EF49}|App=%SystemRoot%\system32\svchost.exe|Svc=rapimgr|Name=@%systemroot%\WindowsMobile\wmdSync.exe,-4001|Desc=@%systemroot%\WindowsMobile\wmdSync.exe,-4001|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8392827F-3D84-42F6-A80C-B0EBC0D3A446} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=990|RA4=LocalSubnet|RA6=Lo
calSubnet|IF={49CA7757-6E8A-42BE-BBE3-B4E038D3EF49}|App=%SystemRoot%\system32\svchost.exe|Svc=rapimgr|Name=@%systemroot%\WindowsMobile\wmdSync.exe,-4001|Desc=@%systemroot%\WindowsMobile\wmdSync.exe,-4001|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-1 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1 -> V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1-1 -> V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-2 -> V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-3 -> V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-160| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|[email protected],-161| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-1 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23300|[email protected],-23301| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-2 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23302|[email protected],-23303| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-3 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-5010|[email protected],-5011| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23304| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|[email protected],-23305| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\AVEndpointBuilder-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-1 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-2 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|[email protected],-23306| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-1 -> V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-2 -> V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-1 -> V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-5| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-2 -> V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-1 -> V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-Out -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block Out -> v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-3|[email protected],-5| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|[email protected],-4|[email protected],-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Share
  • 0

#30
aquevedo831

aquevedo831

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 215 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any outbound traffic from ehstart| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-In -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any inbound traffic to ehstart| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\PreshutdownTimeout -> 57600000 ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName ->
@%systemroot%\system32\wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> Microsoft Corporation [Ver = 7.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 1695232 bytes | Modified Date = 19/01/2008 02:37:11 a.m. | Attr = ]
-105 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\System32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 02:33:32 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> @%systemroot%\system32\wuaueng.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DelayedAutoStart -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DependOnService ->
rpcss -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 547328 bytes | Modified Date = 19/01/2008 02:36:17 a.m. | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\RequiredPrivileges ->
SeAuditPrivilege -> -> File not found
SeCreateGlobalPrivilege -> -> File not found
SeCreatePageFilePrivilege -> -> File not found
SeTcbPrivilege -> -> File not found
SeAssignPrimaryTokenPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
SeIncreaseQuotaPrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\FailureActions -> 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\System32\wuaueng.dll [%systemroot%\system32\wuaueng.dll] -> Microsoft Corporation [Ver = 7.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 1695232 bytes | Modified Date = 19/01/2008 02:37:11 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceMain -> WUServiceMain ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName ->
@regsvc.dll -> %SystemRoot%\System32\regsvc.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 106496 bytes | Modified Date = 19/01/2008 02:36:16 a.m. | Attr = ]
-1 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\system32\svchost.exe -k regsvc] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 02:33:32 a.m. | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> @regsvc.dll,-2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 547328 bytes | Modified Date = 19/01/2008 02:36:17 a.m. | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\RequiredPrivileges ->
SeCreateGlobalPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\System32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 106496 bytes | Modified Date = 19/01/2008 02:36:16 a.m. | Attr = ]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
Archivos de programa -> %SystemDrive%\Archivos de programa -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
BackupReg.reg -> %SystemDrive%\BackupReg.reg -> [Ver = | Size = 244970388 bytes | Created Date = 15/06/2008 05:32:56 p.m. | Attr = ]
Boot -> %SystemDrive%\Boot -> [Folder | Created Date = 13/05/2099 01:25:36 p.m. | Attr = HS]
bootmgr -> %SystemDrive%\bootmgr -> [Ver = | Size = 333203 bytes | Created Date = 13/05/2099 01:25:37 p.m. | Attr = RHS]
BOOTSECT.BAK -> %SystemDrive%\BOOTSECT.BAK -> [Ver = | Size = 8192 bytes | Created Date = 13/05/2099 01:25:38 p.m. | Attr = R S]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 08/06/2008 11:04:55 a.m. | Attr = ]
Diskeeper -> %SystemDrive%\Diskeeper -> [Folder | Created Date = 31/05/2008 01:08:09 p.m. | Attr = HS]
grldr -> %SystemDrive%\grldr -> [Ver = | Size = 171136 bytes | Created Date = 06/06/2008 12:47:48 p.m. | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063272448 bytes | Created Date = 28/05/2008 02:31:13 p.m. | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 13/05/2099 07:27:34 p.m. | Attr = HS]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 12/06/2008 10:30:52 p.m. | Attr = ]
ar5211.sys -> %SystemRoot%\System32\drivers\ar5211.sys -> TamoSoft [Ver = 5.3.0.65 | Size = 558624 bytes | Created Date = 28/05/2008 09:56:21 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Created Date = 03/06/2008 09:31:29 p.m. | Attr = ]
ati2mpad.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mpad.sys.mui -> ATI Technologies Inc. [Ver = 5.10.3663.6013 | Size = 3072 bytes | Created Date = 03/06/2008 03:17:28 p.m. | Attr = ]
ati2mtag.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mtag.sys.mui -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 3584 bytes | Created Date = 03/06/2008 03:19:16 p.m. | Attr = ]
atikmdag.sys.mui -> %SystemRoot%\System32\drivers\en-US\atikmdag.sys.mui -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 3072 bytes | Created Date = 03/06/2008 03:15:45 p.m. | Attr = ]
b57nd60x.sys.mui -> %SystemRoot%\System32\drivers\en-US\b57nd60x.sys.mui -> Broadcom Corporation [Ver = 10.10.0.0 (mbuild.02262007-1449,b57nd60_main.CL-967) | Size = 5120 bytes | Created Date = 03/06/2008 03:23:39 p.m. | Attr = ]
bcm4sbxp.sys.mui -> %SystemRoot%\System32\drivers\en-US\bcm4sbxp.sys.mui -> Broadcom Corporation [Ver = 4.49.0.0 built by: WinDDK | Size = 5120 bytes | Created Date = 03/06/2008 03:15:52 p.m. | Attr = ]
BrParwdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrParwdm.sys.mui -> Brother Industries Ltd. [Ver = 1.03 | Size = 2560 bytes | Created Date = 03/06/2008 03:16:06 p.m. | Attr = ]
BrSerId.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrSerId.sys.mui -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 10240 bytes | Created Date = 03/06/2008 03:18:12 p.m. | Attr = ]
cmbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cmbp0wdm.sys.mui -> OMNIKEY AG [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
cxbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cxbp0wdm.sys.mui -> OMNIKEY [Ver = 1.1.1.0 | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
e100b325.sys.mui -> %SystemRoot%\System32\drivers\en-US\e100b325.sys.mui -> Intel Corporation [Ver = 8.0.22.0 built by: WinDDK | Size = 5120 bytes | Created Date = 03/06/2008 03:23:57 p.m. | Attr = ]
e1e6032.sys.mui -> %SystemRoot%\System32\drivers\en-US\e1e6032.sys.mui -> Intel Corporation [Ver = 9.11.5.7 built by: WinDDK | Size = 19968 bytes | Created Date = 03/06/2008 03:23:54 p.m. | Attr = ]
E1G60I32.sys.mui -> %SystemRoot%\System32\drivers\en-US\E1G60I32.sys.mui -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 16896 bytes | Created Date = 03/06/2008 03:23:45 p.m. | Attr = ]
gpr400.sys.mui -> %SystemRoot%\System32\drivers\en-US\gpr400.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3584 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
grserial.sys.mui -> %SystemRoot%\System32\drivers\en-US\grserial.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
ltmdmnt.sys.mui -> %SystemRoot%\System32\drivers\en-US\ltmdmnt.sys.mui -> Agere Systems [Ver = 8.36 | Size = 9728 bytes | Created Date = 03/06/2008 03:17:44 p.m. | Attr = ]
ntrigdigi.sys.mui -> %SystemRoot%\System32\drivers\en-US\ntrigdigi.sys.mui -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 4096 bytes | Created Date = 03/06/2008 03:16:48 p.m. | Attr = ]
nv4_mini.sys.mui -> %SystemRoot%\System32\drivers\en-US\nv4_mini.sys.mui -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 5120 bytes | Created Date = 03/06/2008 03:19:28 p.m. | Attr = ]
pscr.sys.mui -> %SystemRoot%\System32\drivers\en-US\pscr.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
SCR111.sys.mui -> %SystemRoot%\System32\drivers\en-US\SCR111.sys.mui -> SCM Microsystems [Ver = 1.01.006 (vista_rtm.061101-2205) | Size = 4096 bytes | Created Date = 03/06/2008 03:19:09 p.m. | Attr = ]
stcusb.sys.mui -> %SystemRoot%\System32\drivers\en-US\stcusb.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Created Date = 03/06/2008 03:19:08 p.m. | Attr = ]
yk60x86.sys.mui -> %SystemRoot%\System32\drivers\en-US\yk60x86.sys.mui -> Marvell [Ver = 9.0.32.3 built by: WinDDK | Size = 5632 bytes | Created Date = 03/06/2008 03:17:53 p.m. | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 10/06/2008 10:51:19 p.m. | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 10/06/2008 10:51:19 p.m. | Attr = ]
Msft_User_WpdRapi_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 04/06/2008 07:09:01 p.m. | Attr = H ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10563 bytes | Created Date = 28/05/2008 08:33:44 a.m. | Attr = ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 28/05/2008 08:33:44 a.m. | Attr = ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Created Date = 28/05/2008 01:55:57 p.m. | Attr = ]
0409 -> %SystemRoot%\System32\0409 -> [Folder | Created Date = 03/06/2008 09:31:34 p.m. | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Created Date = 13/05/2099 07:29:52 p.m. | Attr = ]
coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 28/05/2008 08:44:08 a.m. | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 03/06/2008 09:31:34 p.m. | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4240384 bytes | Created Date = 27/05/2008 02:06:33 p.m. | Attr = ]
lxbtprod.ver -> %SystemRoot%\System32\lxbtprod.ver -> [Ver = | Size = 27 bytes | Created Date = 19/06/2008 06:06:03 p.m. | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 294 bytes | Created Date = 10/06/2008 10:05:11 p.m. | Attr = ]
QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Created Date = 20/06/2008 10:13:10 p.m. | Attr = ]
Wnaspi32.dll -> %SystemRoot%\System32\Wnaspi32.dll -> Frog ASPI / Millenod [Ver = 0.29.4.10 | Size = 32768 bytes | Created Date = 28/05/2008 01:37:27 p.m. | Attr = ]
Wnaspint.dll -> %SystemRoot%\System32\Wnaspint.dll -> NexiTech, Inc. [Ver = V1.18 | Size = 57344 bytes | Created Date = 28/05/2008 01:37:27 p.m. | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 13/05/2099 07:29:38 p.m. | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 13/05/2099 07:29:38 p.m. | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 20/06/2008 10:11:21 p.m. | Attr = ]
en-US -> %SystemRoot%\en-US -> [Folder | Created Date = 03/06/2008 09:31:41 p.m. | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 08/06/2008 11:05:15 a.m. | Attr = ]
Panther -> %SystemRoot%\Panther -> [Folder | Created Date = 13/05/2099 01:25:52 p.m. | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 13/05/2099 07:27:45 p.m. | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 13/05/2099 07:31:11 p.m. | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Adobe -> [Folder | Created Date = 29/05/2008 08:16:44 a.m. | Attr = ]
BM55ccda45.xml -> %AllUsersProfile%\BM55ccda45.xml -> [Ver = | Size = 110386 bytes | Created Date = 30/05/2008 01:37:41 p.m. | Attr = ]
Datos de programa -> %AllUsersProfile%\Datos de programa -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Diskeeper Corporation -> %AllUsersProfile%\Diskeeper Corporation -> [Folder | Created Date = 31/05/2008 12:49:53 p.m. | Attr = ]
Documentos -> %AllUsersProfile%\Documentos -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Escritorio -> %AllUsersProfile%\Escritorio -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Favoritos -> %AllUsersProfile%\Favoritos -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Macromedia -> %AllUsersProfile%\Macromedia -> [Folder | Created Date = 20/06/2008 10:13:11 p.m. | Attr = ]
Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 10/06/2008 10:51:21 p.m. | Attr = ]
Menú Inicio -> %AllUsersProfile%\Menú Inicio -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Office Genuine Advantage -> %AllUsersProfile%\Office Genuine Advantage -> [Folder | Created Date = 08/06/2008 11:11:38 p.m. | Attr = ]
Plantillas -> %AllUsersProfile%\Plantillas -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 21 bytes | Created Date = 30/05/2008 01:37:42 p.m. | Attr = ]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 25/06/2008 12:14:19 a.m. | Attr = ]
Symantec -> %AllUsersProfile%\Symantec -> [Folder | Created Date = 28/05/2008 01:52:28 p.m. | Attr = ]
TamoSoft -> %AllUsersProfile%\TamoSoft -> [Folder | Created Date = 28/05/2008 09:56:32 p.m. | Attr = ]
Acoustica -> %AppData%\Acoustica -> [Folder | Created Date = 28/05/2008 01:37:25 p.m. | Attr = ]
Identities -> %AppData%\Identities -> [Folder | Created Date = 12/05/2099 09:38:37 p.m. | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 10/06/2008 10:51:46 p.m. | Attr = ]
Media Center Programs -> %AppData%\Media Center Programs -> [Folder | Created Date = 12/05/2099 09:38:19 p.m. | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 12/05/2099 09:38:19 p.m. | Attr = S]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 25/06/2008 12:13:00 a.m. | Attr = ]
Symantec -> %AppData%\Symantec -> [Folder | Created Date = 28/05/2008 02:04:16 p.m. | Attr = ]
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Created Date = 25/06/2008 02:54:44 p.m. | Attr = ]
Datos de programa -> %UserProfile%\AppData\Local\Datos de programa -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 108768 bytes | Created Date = 12/05/2099 09:38:57 p.m. | Attr = ]
Historial -> %UserProfile%\AppData\Local\Historial -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2026479 bytes | Created Date = 28/05/2008 03:19:31 p.m. | Attr = H ]
Macromedia -> %UserProfile%\AppData\Local\Macromedia -> [Folder | Created Date = 20/06/2008 10:22:11 p.m. | Attr = ]
Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Created Date = 12/05/2099 09:38:19 p.m. | Attr = ]
Symantec -> %UserProfile%\AppData\Local\Symantec -> [Folder | Created Date = 28/05/2008 02:41:13 p.m. | Attr = ]
Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Created Date = 12/05/2099 09:38:19 p.m. | Attr = ]
Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Created Date = 12/05/2099 09:38:28 p.m. | Attr = ]
Mi música -> %SystemDrive%\Users\Public\Documents\Mi música -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Mis imágenes -> %SystemDrive%\Users\Public\Documents\Mis imágenes -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Mis vídeos -> %SystemDrive%\Users\Public\Documents\Mis vídeos -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
CommView for WiFi -> %UserProfile%\Documents\CommView for WiFi -> [Folder | Created Date = 28/05/2008 09:56:32 p.m. | Attr = ]
Default.rdp -> %UserProfile%\Documents\Default.rdp -> [Ver = | Size = 0 bytes | Created Date = 05/06/2008 10:51:09 p.m. | Attr = H ]
desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Created Date = 12/05/2099 09:38:48 p.m. | Attr = HS]
Fax -> %UserProfile%\Documents\Fax -> [Folder | Created Date = 24/06/2008 05:41:09 p.m. | Attr = ]
melody animation.avi -> %UserProfile%\Documents\melody animation.avi -> [Ver = | Size = 159232 bytes | Created Date = 20/06/2008 10:59:08 p.m. | Attr = ]
Mi música -> %UserProfile%\Documents\Mi música -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
Mis imágenes -> %UserProfile%\Documents\Mis imágenes -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
Mis vídeos -> %UserProfile%\Documents\Mis vídeos -> [Folder | Created Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
My Music -> %UserProfile%\Documents\My Music -> [Folder | Created Date = 28/05/2008 01:37:29 p.m. | Attr = ]
Norton 360 -> %UserProfile%\Documents\Norton 360 -> [Folder | Created Date = 27/05/2008 01:43:43 p.m. | Attr = ]
P90x -> %UserProfile%\Documents\P90x -> [Folder | Created Date = 28/05/2008 08:23:30 p.m. | Attr = ]
PC.Magazine.June.2008 -> %UserProfile%\Documents\PC.Magazine.June.2008 -> [Folder | Created Date = 27/05/2008 01:43:34 p.m. | Attr = ]
Scanned Documents -> %UserProfile%\Documents\Scanned Documents -> [Folder | Created Date = 24/06/2008 05:41:10 p.m. | Attr = R ]
Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1887 bytes | Created Date = 29/05/2008 08:17:33 a.m. | Attr = ]
CommView for WiFi.lnk -> %SystemDrive%\Users\Public\Desktop\CommView for WiFi.lnk -> [Ver = | Size = 844 bytes | Created Date = 28/05/2008 09:56:31 p.m. | Attr = ]
Diskeeper 2008.lnk -> %SystemDrive%\Users\Public\Desktop\Diskeeper 2008.lnk -> [Ver = | Size = 1920 bytes | Created Date = 31/05/2008 12:50:21 p.m. | Attr = ]
Macromedia Dreamweaver 8.lnk -> %SystemDrive%\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk -> [Ver = | Size = 1947 bytes | Created Date = 20/06/2008 10:31:40 p.m. | Attr = ]
Macromedia Flash 8.lnk -> %SystemDrive%\Users\Public\Desktop\Macromedia Flash 8.lnk -> [Ver = | Size = 1799 bytes | Created Date = 20/06/2008 10:19:00 p.m. | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 818 bytes | Created Date = 10/06/2008 10:51:22 p.m. | Attr = ]
Norton 360.lnk -> %SystemDrive%\Users\Public\Desktop\Norton 360.lnk -> [Ver = | Size = 1754 bytes | Created Date = 28/05/2008 02:03:42 p.m. | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 902 bytes | Created Date = 25/06/2008 12:13:04 a.m. | Attr = ]
Acoustica MP3 CD Burner.lnk -> %UserProfile%\Desktop\Acoustica MP3 CD Burner.lnk -> [Ver = | Size = 1725 bytes | Created Date = 28/05/2008 01:37:28 p.m. | Attr = ]
Arturo.exe -> %UserProfile%\Desktop\Arturo.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 23/06/2008 09:40:52 p.m. | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 12/06/2008 10:33:04 p.m. | Attr = ]
backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 22/06/2008 08:33:10 p.m. | Attr = ]
desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Created Date = 12/05/2099 09:38:48 p.m. | Attr = HS]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 08/06/2008 10:14:33 a.m. | Attr = ]
FixReg.reg -> %UserProfile%\Desktop\FixReg.reg -> [Ver = | Size = 87 bytes | Created Date = 15/06/2008 05:38:26 p.m. | Attr = ]
frostwire-4.13.5.windows.exe -> %UserProfile%\Desktop\frostwire-4.13.5.windows.exe -> [Ver = | Size = 860924 bytes | Created Date = 25/06/2008 10:15:55 p.m. | Attr = ]
Hanson Underneath 2005 Rock Www Pctorrent Com.SEEDPEER.torrent -> %UserProfile%\Desktop\Hanson Underneath 2005 Rock Www Pctorrent Com.SEEDPEER.torrent -> [Ver = | Size = 29939 bytes | Created Date = 18/06/2008 10:30:03 p.m. | Attr = ]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 07/06/2008 07:32:44 p.m. | Attr = ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 12/06/2008 10:07:57 p.m. | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 25/06/2008 10:20:02 p.m. | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 25/06/2008 11:47:33 a.m. | Attr = ]
P90X Videos -> %UserProfile%\Desktop\P90X Videos -> [Folder | Created Date = 04/06/2008 05:43:49 p.m. | Attr = ]
setup.exe -> %UserProfile%\Desktop\setup.exe -> [Ver = | Size = 8025400 bytes | Created Date = 28/05/2008 09:55:20 p.m. | Attr = ]
TELON.jpg -> %UserProfile%\Desktop\TELON.jpg -> [Ver = | Size = 18368 bytes | Created Date = 30/05/2008 04:18:30 p.m. | Attr = ]
desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Created Date = 12/05/2099 09:38:48 p.m. | Attr = HS]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 29/05/2008 08:15:20 a.m. | Attr = ]
Macromedia -> %CommonProgramFiles%\Macromedia -> [Folder | Created Date = 20/06/2008 10:12:36 p.m. | Attr = ]
Acoustica MP3 CD Burner -> %ProgramFiles%\Acoustica MP3 CD Burner -> [Folder | Created Date = 28/05/2008 01:37:25 p.m. | Attr = ]
Adobe -> %ProgramFiles%\Adobe -> [Folder | Created Date = 29/05/2008 08:15:18 a.m. | Attr = ]
Archivos comunes -> %ProgramFiles%\Archivos comunes -> [Folder | Created Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
CommViewWiFi -> %ProgramFiles%\CommViewWiFi -> [Folder | Created Date = 28/05/2008 09:56:20 p.m. | Attr = ]
Diskeeper Corporation -> %ProgramFiles%\Diskeeper Corporation -> [Folder | Created Date = 31/05/2008 12:13:31 p.m. | Attr = ]
Macromedia -> %ProgramFiles%\Macromedia -> [Folder | Created Date = 20/06/2008 10:12:36 p.m. | Attr = ]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 10/06/2008 10:51:18 p.m. | Attr = ]
MediaMonkey -> %ProgramFiles%\MediaMonkey -> [Folder | Created Date = 08/06/2008 09:43:13 p.m. | Attr = ]
Norton 360 -> %ProgramFiles%\Norton 360 -> [Folder | Created Date = 28/05/2008 01:59:40 p.m. | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 25/06/2008 12:13:00 a.m. | Attr = ]
Symantec -> %ProgramFiles%\Symantec -> [Folder | Created Date = 28/05/2008 01:55:40 p.m. | Attr = ]

[Files/Folders - Modified Within 30 days]
$Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 28/05/2008 02:36:07 p.m. | Attr = HS]
Archivos de programa -> %SystemDrive%\Archivos de programa -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
BackupReg.reg -> %SystemDrive%\BackupReg.reg -> [Ver = | Size = 244970388 bytes | Modified Date = 15/06/2008 05:33:17 p.m. | Attr = ]
BOOTSECT.BAK -> %SystemDrive%\BOOTSECT.BAK -> [Ver = | Size = 8192 bytes | Modified Date = 13/05/2099 01:25:38 p.m. | Attr = R S]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 08/06/2008 11:04:55 a.m. | Attr = ]
Diskeeper -> %SystemDrive%\Diskeeper -> [Folder | Modified Date = 31/05/2008 01:08:12 p.m. | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063272448 bytes | Modified Date = 25/06/2008 02:56:23 p.m. | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25/06/2008 12:13:00 a.m. | Attr = R ]
ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 25/06/2008 12:14:19 a.m. | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 25/06/2008 01:11:14 a.m. | Attr = HS]
Users -> %SystemDrive%\Users -> [Folder | Modified Date = 28/05/2008 02:34:05 p.m. | Attr = R ]
Windows -> %SystemRoot% -> [Folder | Modified Date = 20/06/2008 10:11:21 p.m. | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 12/06/2008 10:30:52 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
ati2mpad.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mpad.sys.mui -> ATI Technologies Inc. [Ver = 5.10.3663.6013 | Size = 3072 bytes | Modified Date = 03/06/2008 03:17:28 p.m. | Attr = ]
ati2mtag.sys.mui -> %SystemRoot%\System32\drivers\en-US\ati2mtag.sys.mui -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 3584 bytes | Modified Date = 03/06/2008 03:19:16 p.m. | Attr = ]
atikmdag.sys.mui -> %SystemRoot%\System32\drivers\en-US\atikmdag.sys.mui -> ATI Technologies Inc. [Ver = 7.01.01.523 | Size = 3072 bytes | Modified Date = 03/06/2008 03:15:45 p.m. | Attr = ]
b57nd60x.sys.mui -> %SystemRoot%\System32\drivers\en-US\b57nd60x.sys.mui -> Broadcom Corporation [Ver = 10.10.0.0 (mbuild.02262007-1449,b57nd60_main.CL-967) | Size = 5120 bytes | Modified Date = 03/06/2008 03:23:39 p.m. | Attr = ]
bcm4sbxp.sys.mui -> %SystemRoot%\System32\drivers\en-US\bcm4sbxp.sys.mui -> Broadcom Corporation [Ver = 4.49.0.0 built by: WinDDK | Size = 5120 bytes | Modified Date = 03/06/2008 03:15:52 p.m. | Attr = ]
BrParwdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrParwdm.sys.mui -> Brother Industries Ltd. [Ver = 1.03 | Size = 2560 bytes | Modified Date = 03/06/2008 03:16:06 p.m. | Attr = ]
BrSerId.sys.mui -> %SystemRoot%\System32\drivers\en-US\BrSerId.sys.mui -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 10240 bytes | Modified Date = 03/06/2008 03:18:12 p.m. | Attr = ]
cmbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cmbp0wdm.sys.mui -> OMNIKEY AG [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
cxbp0wdm.sys.mui -> %SystemRoot%\System32\drivers\en-US\cxbp0wdm.sys.mui -> OMNIKEY [Ver = 1.1.1.0 | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
e100b325.sys.mui -> %SystemRoot%\System32\drivers\en-US\e100b325.sys.mui -> Intel Corporation [Ver = 8.0.22.0 built by: WinDDK | Size = 5120 bytes | Modified Date = 03/06/2008 03:23:57 p.m. | Attr = ]
e1e6032.sys.mui -> %SystemRoot%\System32\drivers\en-US\e1e6032.sys.mui -> Intel Corporation [Ver = 9.11.5.7 built by: WinDDK | Size = 19968 bytes | Modified Date = 03/06/2008 03:23:54 p.m. | Attr = ]
E1G60I32.sys.mui -> %SystemRoot%\System32\drivers\en-US\E1G60I32.sys.mui -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 16896 bytes | Modified Date = 03/06/2008 03:23:45 p.m. | Attr = ]
gpr400.sys.mui -> %SystemRoot%\System32\drivers\en-US\gpr400.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3584 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
grserial.sys.mui -> %SystemRoot%\System32\drivers\en-US\grserial.sys.mui -> Gemplus [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
ltmdmnt.sys.mui -> %SystemRoot%\System32\drivers\en-US\ltmdmnt.sys.mui -> Agere Systems [Ver = 8.36 | Size = 9728 bytes | Modified Date = 03/06/2008 03:17:44 p.m. | Attr = ]
ntrigdigi.sys.mui -> %SystemRoot%\System32\drivers\en-US\ntrigdigi.sys.mui -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 4096 bytes | Modified Date = 03/06/2008 03:16:48 p.m. | Attr = ]
nv4_mini.sys.mui -> %SystemRoot%\System32\drivers\en-US\nv4_mini.sys.mui -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 5120 bytes | Modified Date = 03/06/2008 03:19:28 p.m. | Attr = ]
pscr.sys.mui -> %SystemRoot%\System32\drivers\en-US\pscr.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
SCR111.sys.mui -> %SystemRoot%\System32\drivers\en-US\SCR111.sys.mui -> SCM Microsystems [Ver = 1.01.006 (vista_rtm.061101-2205) | Size = 4096 bytes | Modified Date = 03/06/2008 03:19:09 p.m. | Attr = ]
stcusb.sys.mui -> %SystemRoot%\System32\drivers\en-US\stcusb.sys.mui -> SCM Microsystems, Inc. [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 3072 bytes | Modified Date = 03/06/2008 03:19:08 p.m. | Attr = ]
yk60x86.sys.mui -> %SystemRoot%\System32\drivers\en-US\yk60x86.sys.mui -> Marvell [Ver = 9.0.32.3 built by: WinDDK | Size = 5632 bytes | Modified Date = 03/06/2008 03:17:53 p.m. | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 10/06/2008 07:02:40 p.m. | Attr = ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 10/06/2008 07:02:44 p.m. | Attr = ]
Msft_User_WpdRapi_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 04/06/2008 07:09:01 p.m. | Attr = H ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10563 bytes | Modified Date = 28/05/2008 02:02:13 p.m. | Attr = ]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 28/05/2008 02:02:13 p.m. | Attr = ]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.3.2 | Size = 123952 bytes | Modified Date = 28/05/2008 02:02:13 p.m. | Attr = ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 04/06/2008 07:08:54 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\drivers\UMDF\en-US -> [Folder | Modified Date = 03/06/2008 09:31:29 p.m. | Attr = ]
0409 -> %SystemRoot%\System32\0409 -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4608 bytes | Modified Date = 25/06/2008 10:20:03 p.m. | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4608 bytes | Modified Date = 25/06/2008 10:20:03 p.m. | Attr = H ]
appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 01/06/2008 10:33:46 a.m. | Attr = ]
Boot -> %SystemRoot%\System32\Boot -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
Branding -> %SystemRoot%\System32\Branding -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 24/06/2008 10:01:35 p.m. | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 19/06/2008 06:08:25 p.m. | Attr = ]
coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 28/05/2008 08:44:09 a.m. | Attr = ]
com -> %SystemRoot%\System32\com -> [Folder | Modified Date = 03/06/2008 09:28:26 p.m. | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 10/06/2008 10:51:19 p.m. | Attr = ]
DriverStore -> %SystemRoot%\System32\DriverStore -> [Folder | Modified Date = 03/06/2008 09:29:52 p.m. | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 03/06/2008 09:31:28 p.m. | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 392184 bytes | Modified Date = 24/06/2008 11:54:27 p.m. | Attr = ]
FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 24/06/2008 05:49:55 p.m. | Attr = ]
license.rtf -> %SystemRoot%\System32\license.rtf -> [Ver = | Size = 54512 bytes | Modified Date = 13/05/2099 07:32:09 p.m. | Attr = ]
migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 11/06/2008 11:40:55 p.m. | Attr = ]
migwiz -> %SystemRoot%\System32\migwiz -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 294 bytes | Modified Date = 10/06/2008 10:05:11 p.m. | Attr = ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 101250 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfc00A.dat -> %SystemRoot%\System32\perfc00A.dat -> [Ver = | Size = 128552 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 587178 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
perfh00A.dat -> %SystemRoot%\System32\perfh00A.dat -> [Ver = | Size = 664388 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1470402 bytes | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
Printing_Admin_Scripts -> %SystemRoot%\System32\Printing_Admin_Scripts -> [Folder | Modified Date = 03/06/2008 09:29:51 p.m. | Attr = ]
QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Modified Date = 20/06/2008 10:13:12 p.m. | Attr = ]
setup -> %SystemRoot%\System32\setup -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
slmgr -> %SystemRoot%\System32\slmgr -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
sysprep -> %SystemRoot%\System32\sysprep -> [Folder | Modified Date = 03/06/2008 09:31:34 p.m. | Attr = ]
Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 08/06/2008 09:49:40 p.m. | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 03/06/2008 09:29:47 p.m. | Attr = ]
WCN -> %SystemRoot%\System32\WCN -> [Folder | Modified Date = 03/06/2008 09:30:10 p.m. | Attr = ]
winrm -> %SystemRoot%\System32\winrm -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 03/06/2008 09:28:06 p.m. | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/06/2008 10:04:36 p.m. | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 25/06/2008 09:03:28 p.m. | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 13/05/2099 07:29:38 p.m. | Attr = ]
DigitalLocker -> %SystemRoot%\DigitalLocker -> [Folder | Modified Date = 03/06/2008 09:31:43 p.m. | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 20/06/2008 10:22:22 p.m. | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 25/06/2008 02:40:26 p.m. | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 14/06/2008 10:01:33 p.m. | Attr = ]
en-US -> %SystemRoot%\en-US -> [Folder | Modified Date = 03/06/2008 09:31:42 p.m. | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 08/06/2008 11:05:15 a.m. | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 24/06/2008 04:03:20 p.m. | Attr = R S]
go -> %SystemRoot%\go -> [Ver = | Size = 32 bytes | Modified Date = 28/05/2008 02:51:29 p.m. | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 31/05/2008 12:49:54 p.m. | Attr = ]
IME -> %SystemRoot%\IME -> [Folder | Modified Date = 03/06/2008 09:31:43 p.m. | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 25/06/2008 09:07:33 p.m. | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 25/06/2008 12:13:15 a.m. | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 150283812 bytes | Modified Date = 13/06/2008 06:57:02 p.m. | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/06/2008 10:05:06 p.m. | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 13/06/2008 06:57:35 p.m. | Attr = ]
MSAgent -> %SystemRoot%\MSAgent -> [Folder | Modified Date = 03/06/2008 09:31:44 p.m. | Attr = ]
Panther -> %SystemRoot%\Panther -> [Folder | Modified Date = 13/05/2099 07:32:10 p.m. | Attr = ]
PolicyDefinitions -> %SystemRoot%\PolicyDefinitions -> [Folder | Modified Date = 03/06/2008 09:31:35 p.m. | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/06/2008 10:20:28 p.m. | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 03/06/2008 09:54:53 p.m. | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 03/06/2008 09:31:45 p.m. | Attr = ]
System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 24/06/2008 03:55:22 p.m. | Attr = ]
@Alternate Data Stream - 12 bytes -> %SystemRoot%\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/06/2008 10:20:18 p.m. | Attr = ]
WindowsMobile -> %SystemRoot%\WindowsMobile -> [Folder | Modified Date = 04/06/2008 07:06:20 p.m. | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 24/06/2008 10:01:41 p.m. | Attr = ]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 488 bytes | Modified Date = 25/06/2008 10:00:00 p.m. | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/06/2008 02:56:36 p.m. | Attr = H ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 02/11/2006 08:02:36 a.m. | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 25/06/2008 10:09:47 p.m. | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 25/06/2008 10:09:54 p.m. | Attr = ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 14/05/2008 02:39:24 p.m. | Attr = ]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 14/05/2008 02:39:24 p.m. | Attr = ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 28/05/2008 02:34:09 p.m. | Attr = ]
Administrator.dat -> C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat -> [Ver = | Size = 0 bytes | Modified Date = 02/11/2006 08:02:02 a.m. | Attr = ]
Arturo.dat -> C:\ProgramData\Microsoft\User Account Pictures\Arturo.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/05/2099 09:38:21 p.m. | Attr = ]
Invitado.dat -> C:\ProgramData\Microsoft\User Account Pictures\Invitado.dat -> [Ver = | Size = 0 bytes | Modified Date = 28/05/2008 02:34:09 p.m. | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 29/05/2008 08:19:14 a.m. | Attr = ]
BM55ccda45.xml -> %AllUsersProfile%\BM55ccda45.xml -> [Ver = | Size = 110386 bytes | Modified Date = 24/06/2008 08:56:19 p.m. | Attr = ]
Datos de programa -> %AllUsersProfile%\Datos de programa -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Diskeeper Corporation -> %AllUsersProfile%\Diskeeper Corporation -> [Folder | Modified Date = 31/05/2008 12:49:53 p.m. | Attr = ]
Documentos -> %AllUsersProfile%\Documentos -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Escritorio -> %AllUsersProfile%\Escritorio -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Favoritos -> %AllUsersProfile%\Favoritos -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Macromedia -> %AllUsersProfile%\Macromedia -> [Folder | Modified Date = 20/06/2008 10:15:45 p.m. | Attr = ]
Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 10/06/2008 10:51:21 p.m. | Attr = ]
Menú Inicio -> %AllUsersProfile%\Menú Inicio -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Office Genuine Advantage -> %AllUsersProfile%\Office Genuine Advantage -> [Folder | Modified Date = 08/06/2008 11:11:38 p.m. | Attr = ]
Plantillas -> %AllUsersProfile%\Plantillas -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
pskt.ini -> %AllUsersProfile%\pskt.ini -> [Ver = | Size = 21 bytes | Modified Date = 25/06/2008 12:25:45 p.m. | Attr = ]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 25/06/2008 12:14:19 a.m. | Attr = ]
Symantec -> %AllUsersProfile%\Symantec -> [Folder | Modified Date = 11/06/2008 09:45:04 p.m. | Attr = ]
TamoSoft -> %AllUsersProfile%\TamoSoft -> [Folder | Modified Date = 28/05/2008 09:56:32 p.m. | Attr = ]
Acoustica -> %AppData%\Acoustica -> [Folder | Modified Date = 28/05/2008 01:37:25 p.m. | Attr = ]
Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 29/05/2008 08:27:27 a.m. | Attr = ]
Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 03/06/2008 10:55:16 a.m. | Attr = ]
Identities -> %AppData%\Identities -> [Folder | Modified Date = 12/05/2099 09:38:37 p.m. | Attr = ]
Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 24/06/2008 03:21:13 p.m. | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 10/06/2008 10:51:46 p.m. | Attr = ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 25/06/2008 12:13:00 a.m. | Attr = ]
Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 28/05/2008 09:51:24 p.m. | Attr = ]
uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 20/06/2008 08:47:54 p.m. | Attr = ]
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Modified Date = 25/06/2008 02:54:44 p.m. | Attr = ]
Datos de programa -> %UserProfile%\AppData\Local\Datos de programa -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 23552 bytes | Modified Date = 25/06/2008 12:41:31 a.m. | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 108768 bytes | Modified Date = 24/06/2008 04:04:37 p.m. | Attr = ]
Historial -> %UserProfile%\AppData\Local\Historial -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2026479 bytes | Modified Date = 25/06/2008 02:54:04 p.m. | Attr = H ]
Macromedia -> %UserProfile%\AppData\Local\Macromedia -> [Folder | Modified Date = 20/06/2008 10:22:12 p.m. | Attr = ]
Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 24/06/2008 05:45:59 p.m. | Attr = ]
Symantec -> %UserProfile%\AppData\Local\Symantec -> [Folder | Modified Date = 28/05/2008 02:41:13 p.m. | Attr = ]
Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 25/06/2008 10:15:55 p.m. | Attr = ]
Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
Mi música -> %SystemDrive%\Users\Public\Documents\Mi música -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Mis imágenes -> %SystemDrive%\Users\Public\Documents\Mis imágenes -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Mis vídeos -> %SystemDrive%\Users\Public\Documents\Mis vídeos -> [Folder | Modified Date = 12/05/2099 09:38:03 p.m. | Attr = HS]
Azureus Downloads -> %UserProfile%\Documents\Azureus Downloads -> [Folder | Modified Date = 02/06/2008 10:42:01 a.m. | Attr = ]
CommView for WiFi -> %UserProfile%\Documents\CommView for WiFi -> [Folder | Modified Date = 28/05/2008 09:56:33 p.m. | Attr = ]
Default.rdp -> %UserProfile%\Documents\Default.rdp -> [Ver = | Size = 0 bytes | Modified Date = 05/06/2008 10:51:09 p.m. | Attr = H ]
Downloads -> %UserProfile%\Documents\Downloads -> [Folder | Modified Date = 20/06/2008 08:46:19 p.m. | Attr = ]
Fax -> %UserProfile%\Documents\Fax -> [Folder | Modified Date = 24/06/2008 05:41:42 p.m. | Attr = ]
melody animation.avi -> %UserProfile%\Documents\melody animation.avi -> [Ver = | Size = 159232 bytes | Modified Date = 20/06/2008 10:59:18 p.m. | Attr = ]
Mi música -> %UserProfile%\Documents\Mi música -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
Mis imágenes -> %UserProfile%\Documents\Mis imágenes -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
Mis vídeos -> %UserProfile%\Documents\Mis vídeos -> [Folder | Modified Date = 12/05/2099 09:38:20 p.m. | Attr = HS]
My Music -> %UserProfile%\Documents\My Music -> [Folder | Modified Date = 28/05/2008 01:37:29 p.m. | Attr = ]
My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Modified Date = 25/06/2008 01:13:19 a.m. | Attr = ]
My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 510 bytes | Modified Date = 25/06/2008 12:29:33 p.m. | Attr = ]
Norton 360 -> %UserProfile%\Documents\Norton 360 -> [Folder | Modified Date = 27/05/2008 01:44:35 p.m. | Attr = ]
P90x -> %UserProfile%\Documents\P90x -> [Folder | Modified Date = 28/05/2008 08:23:31 p.m. | Attr = ]
PC.Magazine.June.2008 -> %UserProfile%\Documents\PC.Magazine.June.2008 -> [Folder | Modified Date = 27/05/2008 01:43:34 p.m. | Attr = ]
Scanned Documents -> %UserProfile%\Documents\Scanned Documents -> [Folder | Modified Date = 24/06/2008 05:46:40 p.m. | Attr = R ]
Adobe Reader 8.lnk -> %SystemDrive%\Users\Public\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 29/05/2008 08:17:33 a.m. | Attr = ]
CommView for WiFi.lnk -> %SystemDrive%\Users\Public\Desktop\CommView for WiFi.lnk
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP