Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hey hey more of the trojan.greenscreen, etc etc


  • Please log in to reply

#1
westofthesun

westofthesun

    Member

  • Member
  • PipPip
  • 11 posts
hey guys, i've picked up the following:

Trojan-Spy.Win32.GreenScreen

trojan-spy.win32.tiny.h

trojan-spy.win32.keylogger.aa

trojan-spy.html.bankfraud.dq

trojan-downloader.win32.agent.bq

a little help on how to start as this is my first infestation? i've downloaded hijackthis and a few of the other progs...help pleeeeeeeeeeease :)
  • 0

Advertisements


#2
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
bump :)
  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi do not bump your posts it will be overlooked.
================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
  • 0

#4
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
oops, sorry! new here, won't happen again :)
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you post the log please.
  • 0

#6
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the log! And thanks in advance!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:13, on 8/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\yduzqfab\yrchuvut.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mhuverup.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 60.12.193.37 auto.search.msn.com
O1 - Hosts: 60.12.193.37 auto.search.msn.es
O1 - Hosts: 60.12.193.37 ie.search.msn.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [lphc5g9j0epbb] C:\Windows\system32\lphc5g9j0epbb.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [chkset] C:\Windows\system32\mhuverup.exe
O4 - HKCU\..\Run: [actchken] C:\Windows\system32\lqvyfyte.exe
O4 - HKCU\..\Run: [uistrcmd] C:\Windows\system32\klwzcxkh.exe
O4 - HKLM\..\Policies\Explorer\Run: [Rpcx1OtlKf] C:\ProgramData\yduzqfab\yrchuvut.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8269 bytes
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That's the wrong log please see my previous post and post the OT Scan It log.
Then we can continue.
  • 0

#8
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ah sorry, can you tell me what the difference is? here is the OT scan -- however, it seemed to be getting locked up when it wouldn't be able to find a certain file.

[code=auto:0]OTScanIt logfile created on: 8/23/2008 15:16:18
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\Owner\Desktop\OTScanIt
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.89% Memory free
4.00 Gb Paging File | 3.03 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 55.47 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 270.78 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
agrsmsvc.exe -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 10/5/2006 15:10:12 | Attr = ]
astsrv.exe -> %SystemRoot%\System32\ASTSRV.EXE -> Nalpeiron Ltd. [Ver = 4, 2, 3, 0 | Size = 57344 bytes | Modified Date = 2/16/2007 19:08:14 | Attr = ]
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/2/2008 13:34:28 | Attr = ]
avgfws8.exe -> %ProgramFiles%\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1220888 bytes | Modified Date = 8/2/2008 13:34:30 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 13:42:38 | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 11/14/2006 23:33:10 | Attr = ]
ctsvccda.exe -> %SystemRoot%\System32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 3/6/2007 19:55:42 | Attr = ]
pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> [Ver = | Size = 136816 bytes | Modified Date = 1/25/2007 21:47:50 | Attr = ]
pnkbstra.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 8/4/2008 14:00:10 | Attr = ]
qbcfmonitorservice.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2979.7925 | Size = 20480 bytes | Modified Date = 2/27/2008 07:24:12 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0 | Size = 327680 bytes | Modified Date = 3/6/2007 19:37:04 | Attr = ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 66928 bytes | Modified Date = 10/23/2007 19:27:16 | Attr = ]
tnavisrv.exe -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 77824 bytes | Modified Date = 9/19/2007 14:01:12 | Attr = ]
toddsrv.exe -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 21:30:16 | Attr = ]
toscosrv.exe -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.1 | Size = 427576 bytes | Modified Date = 3/29/2007 13:39:20 | Attr = ]
tosbtsrv.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2/26/2007 00:55:18 | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 8/23/2006 19:39:48 | Attr = ]
avgam.exe -> %ProgramFiles%\AVG\AVG8\avgam.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.147 | Size = 638744 bytes | Modified Date = 8/2/2008 13:34:29 | Attr = ]
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 8/2/2008 13:34:31 | Attr = ]
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.156 | Size = 424216 bytes | Modified Date = 8/2/2008 13:34:31 | Attr = ]
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 8/15/2008 13:22:15 | Attr = ]
rpcagentsrv.exe -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -> SiSoftware [Ver = 14.24.2008.5 | Size = 98488 bytes | Modified Date = 4/22/2008 18:23:02 | Attr = ]
yrchuvut.exe -> %AllUsersProfile%\yduzqfab\yrchuvut.exe -> [Ver = | Size = 65536 bytes | Modified Date = 8/21/2008 10:05:11 | Attr = ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1329 | Size = 154136 bytes | Modified Date = 9/20/2007 14:07:06 | Attr = ]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1329 | Size = 252440 bytes | Modified Date = 9/20/2007 14:07:20 | Attr = ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1329 | Size = 129560 bytes | Modified Date = 9/20/2007 14:07:18 | Attr = ]
syntpstart.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.11.2 29Oct07 | Size = 102400 bytes | Modified Date = 10/29/2007 07:02:38 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 8/6/2007 19:05:46 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1029416 bytes | Modified Date = 12/6/2007 09:12:44 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 224 | Size = 6265376 bytes | Modified Date = 8/6/2008 17:18:52 | Attr = ]
mhuverup.exe -> %SystemRoot%\System32\mhuverup.exe -> [Ver = | Size = 90112 bytes | Modified Date = 8/21/2008 10:05:04 | Attr = ]
hotsync.exe -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 7.0.2 | Size = 1392640 bytes | Modified Date = 1/3/2008 18:28:08 | Attr = R ]
syntphelper.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPHelper.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 95528 bytes | Modified Date = 12/6/2007 09:12:58 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %SystemRoot%\System32\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 10/5/2006 15:10:12 | Attr = ]
(astcc) AST Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\ASTSRV.EXE -> Nalpeiron Ltd. [Ver = 4, 2, 3, 0 | Size = 57344 bytes | Modified Date = 2/16/2007 19:08:14 | Attr = ]
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 875288 bytes | Modified Date = 8/15/2008 13:22:15 | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 231704 bytes | Modified Date = 8/2/2008 13:34:28 | Attr = ]
(avgfws8) AVG8 Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1220888 bytes | Modified Date = 8/2/2008 13:34:30 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 13:42:38 | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 11/14/2006 23:33:10 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\System32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 3/6/2007 19:55:42 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/13/2008 22:11:45 | Attr = ]
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181784 bytes | Modified Date = 9/24/2007 20:38:00 | Attr = ]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 1/13/2008 15:35:13 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 00:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(pinger) pinger [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> [Ver = | Size = 136816 bytes | Modified Date = 1/25/2007 21:47:50 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 8/4/2008 14:00:10 | Attr = ]
(QBCFMonitorService) QBCFMonitorService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2979.7925 | Size = 20480 bytes | Modified Date = 2/27/2008 07:24:12 | Attr = ]
(QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> Intuit Inc. [Ver = 1.2.0.5 | Size = 61440 bytes | Modified Date = 5/24/2007 08:08:44 | Attr = ]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0 | Size = 327680 bytes | Modified Date = 3/6/2007 19:37:04 | Attr = ]
(SandraAgentSrv) SiSoftware Deployment Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -> SiSoftware [Ver = 14.24.2008.5 | Size = 98488 bytes | Modified Date = 4/22/2008 18:23:02 | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 66928 bytes | Modified Date = 10/23/2007 19:27:16 | Attr = ]
(TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 77824 bytes | Modified Date = 9/19/2007 14:01:12 | Attr = ]
(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 21:30:16 | Attr = ]
(TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.1 | Size = 427576 bytes | Modified Date = 3/29/2007 13:39:20 | Attr = ]
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2/26/2007 00:55:18 | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 8/23/2006 19:39:48 | Attr = ]
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 04:51:38 | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 04:51:32 | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 04:50:35 | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 04:51:00 | Attr = ]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.77 11/28/2006 15:10:54 | Size = 1161888 bytes | Modified Date = 11/28/2006 18:11:00 | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 04:50:11 | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 14952 bytes | Modified Date = 11/2/2006 04:49:20 | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 04:50:09 | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 04:50:10 | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 97928 bytes | Modified Date = 8/2/2008 13:34:46 | Attr = ]
(AvgMfx86) AVG Minifilter x86 Resident Driver [File_System | System | Running] -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 8/2/2008 13:34:46 | Attr = ]
(AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\avgrkx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.104 | Size = 12936 bytes | Modified Date = 8/2/2008 13:34:49 | Attr = ]
(AvgWfpX) AVG8 Firewall Driver x86 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\avgwfpx.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.108 | Size = 69128 bytes | Modified Date = 8/2/2008 13:34:48 | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 03:24:45 | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 03:24:46 | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 03:25:24 | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 03:24:44 | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 03:24:44 | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 03:24:47 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_rtm.061101-2205) | Size = 16488 bytes | Modified Date = 11/2/2006 04:49:28 | Attr = ]
(CWMonitor) Symantec Crimeware Protection Driver [Kernel | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -> File not found
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 02:30:54 | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 04:51:34 | Attr = ]
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\FwLnk.sys -> TOSHIBA Corporation [Ver = 1.0.0.3V built by: WinDDK | Size = 7168 bytes | Modified Date = 11/20/2006 01:11:14 | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 04:50:10 | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 04:51:25 | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1329 | Size = 1925632 bytes | Modified Date = 9/13/2007 18:23:50 | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 04:50:17 | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5680 built by: WinDDK | Size = 2164248 bytes | Modified Date = 8/6/2008 17:11:06 | Attr = ]
(IO_Memory) IO_Memory [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\SYSPREP\Drivers\ioport.sys -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 04:50:07 | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 04:50:09 | Attr = ]
(KR10I) KR10I [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\KR10I.sys -> TOSHIBA CORPORATION [Ver = 1.07.0013 | Size = 219264 bytes | Modified Date = 11/9/2006 01:32:00 | Attr = ]
(KR10N) KR10N [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\KR10N.sys -> TOSHIBA CORPORATION [Ver = 1.07.0013 | Size = 211072 bytes | Modified Date = 11/9/2006 01:31:00 | Attr = ]
(KR3NPXP) KR3NPXP [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\kr3npxp.sys -> TOSHIBA CORPORATION [Ver = 3.00.0072 | Size = 479488 bytes | Modified Date = 9/27/2006 07:06:00 | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 04:50:04 | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 04:50:05 | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 04:50:10 | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 04:49:53 | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 04:49:59 | Attr = ]
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.1.0.100 | Size = 2216448 bytes | Modified Date = 4/27/2007 07:09:38 | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 04:50:19 | Attr = ]
(npkcrypt) npkcrypt [Kernel | Auto | Stopped] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> File not found
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 02:36:50 | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 04:50:24 | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 04:50:13 | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 2, 0 | Size = 16640 bytes | Modified Date = 12/4/2007 17:10:30 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 18:51:00 | Attr = ]
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 04:51:45 | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 04:50:35 | Attr = ]
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -> SiSoftware [Ver = 10.11.1.1 built by: WinDDK | Size = 21408 bytes | Modified Date = 3/10/2008 19:30:36 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 8/6/2007 19:15:07 | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/2/2006 01:37:21 | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 04:50:10 | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 04:50:16 | Attr = ]
(SVRPEDRV) SVRPEDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\sysprep\UP_date\PEDrv.sys -> File not found
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 04:50:05 | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 04:49:56 | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 04:50:03 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 196400 bytes | Modified Date = 12/6/2007 09:12:48 | Attr = ]
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tdcmdpst.sys -> TOSHIBA Corporation. [Ver = 2, 0, 0, 0 | Size = 16128 bytes | Modified Date = 10/18/2006 14:50:04 | Attr = ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.7 | Size = 290304 bytes | Modified Date = 1/24/2007 17:44:06 | Attr = ]
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\tos_sps32.sys -> TOSHIBA Corporation [Ver = 4, 0, 2006, 1026 | Size = 285184 bytes | Modified Date = 9/19/2007 13:59:12 | Attr = ]
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TVALZ_O.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 1 | Size = 23640 bytes | Modified Date = 11/9/2007 05:00:52 | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 04:51:25 | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 04:50:35 | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 04:50:45 | Attr = ]
(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\UVCFTR_S.SYS -> Chicony Electronics Co., Ltd. [Ver = 1.1.0.208 | Size = 11776 bytes | Modified Date = 4/16/2007 13:19:10 | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 11/2/2006 04:49:30 | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 04:50:41 | Attr = ]
(WLAN) 802.11b Wireless LAN Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\WLANNDS.sys -> File not found
(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\yk60x86.sys -> Marvell [Ver = 10.0.4.3 built by: WinDDK | Size = 221696 bytes | Modified Date = 1/9/2007 13:00:00 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.145 | Size = 1235736 bytes | Modified Date = 8/2/2008 13:34:30 | Attr = ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> Intel Corporation [Ver = 7.14.10.1329 | Size = 154136 bytes | Modified Date = 9/20/2007 14:07:06 | Attr = ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> Intel Corporation [Ver = 7.14.10.1329 | Size = 141848 bytes | Modified Date = 9/20/2007 14:07:24 | Attr = ]
lphc5g9j0epbb -> %SystemRoot%\system32\lphc5g9j0epbb.exe [C:\Windows\system32\lphc5g9j0epbb.exe] -> File not found
Persistence -> %SystemRoot%\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> Intel Corporation [Ver = 7.14.10.1329 | Size = 129560 bytes | Modified Date = 9/20/2007 14:07:18 | Attr = ]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 8/6/2007 19:05:46 | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 224 | Size = 6265376 bytes | Modified Date = 8/6/2008 17:18:52 | Attr = ]
Skytel -> %SystemRoot%\SkyTel.exe [Skytel.exe] -> Realtek Semiconductor Corp. [Ver = 2.0.2.1 | Size = 1833504 bytes | Modified Date = 8/6/2008 17:19:32 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1029416 bytes | Modified Date = 12/6/2007 09:12:44 | Attr = ]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe [C:\Program Files\Synaptics\SynTP\SynTPStart.exe] -> Synaptics, Inc. [Ver = 10.0.11.2 29Oct07 | Size = 102400 bytes | Modified Date = 10/29/2007 07:02:38 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
actchken -> %SystemRoot%\System32\lqvyfyte.exe [C:\Windows\system32\lqvyfyte.exe] -> [Ver = | Size = 98304 bytes | Modified Date = 8/21/2008 18:17:25 | Attr = ]
chkset -> %SystemRoot%\System32\mhuverup.exe [C:\Windows\system32\mhuverup.exe] -> [Ver = | Size = 90112 bytes | Modified Date = 8/21/2008 10:05:04 | Attr = ]
uistrcmd -> %SystemRoot%\System32\klwzcxkh.exe [C:\Windows\system32\klwzcxkh.exe] -> [Ver = | Size = 81920 bytes | Modified Date = 8/22/2008 09:47:46 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.707.23222 | Size = 145408 bytes | Modified Date = 1/13/2008 15:35:13 | Attr = ]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 8/2/2008 13:34:51 | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 1/12/2008 15:48:02 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 04:45:50 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315712 bytes | Modified Date = 4/23/2008 23:51:39 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 04:44:42 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1329 | Size = 204800 bytes | Modified Date = 9/13/2007 18:10:04 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Rpcx1OtlKf -> %AllUsersProfile%\yduzqfab\yrchuvut.exe [C:\ProgramData\yduzqfab\yrchuvut.exe] -> [Ver = | Size = 65536 bytes | Modified Date = 8/21/2008 10:05:11 | Attr = ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 03:51:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW_DVR-K17LF________________4.53____\5&23935f9d&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 16:43:36 | Attr = ]
< HOSTS File > (862 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
60.12.193.37 auto.search.msn.com -> ->
60.12.193.37 auto.search.msn.es -> ->
60.12.193.37 ie.search.msn.com -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main�
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ot scan it shows a lot more than Hijackthis.
Can you post the part after this line as some was cut off:
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
  • 0

#10
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 23:08:42 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 12/7/2007 16:08:02 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 8/2/2008 13:34:31 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 8/2/2008 13:34:34 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 8/2/2008 13:34:34 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 8/2/2008 13:34:34 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 12/7/2007 16:08:02 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~3\Office12\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{19BC43E3-1985-4D9A-A8D1-1135200463DC} -> (Intel® Wireless WiFi Link 4965AGN) ->
{2C81A083-D9EA-4555-8112-1C259ABD3BEB} -> (802.11b Wireless LAN PC Card) ->
{AC213763-46F3-4009-928F-6E650B3F54FC} -> (Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 13:42:30 | Attr = ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
intu-help-qb1:{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll[Intuit Help System Async Pluggable Protocol (v1) for QuickBooks] -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 70944 bytes | Modified Date = 2/27/2008 08:00:16 | Attr = ]
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 8/2/2008 13:34:34 | Attr = ]
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 12/7/2007 16:08:02 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_07] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.empty) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\InternetSettingsDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AutoUpdateDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0x00000000 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0x00000000 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 176640 bytes | Modified Date = 11/2/2006 04:46:12 | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 493056 bytes | Modified Date = 11/2/2006 04:46:05 | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 11/2/2006 04:46:10 | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6000.16508 (vista_gdr.070618-1500) | Size = 269824 bytes | Modified Date = 11/12/2007 18:20:50 | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 168448 bytes | Modified Date = 11/2/2006 04:46:13 | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 61440 bytes | Modified Date = 11/2/2006 04:46:13 | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 11/2/2006 04:46:10 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 620 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 120832 bytes | Modified Date = 11/2/2006 04:46:12 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> E4 72 3B 3C C3 A4 C0 C8 C0 A1 4D 3E 23 F6 F2 9D [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 89 D4 9E 64 23 0A EC C0 1C [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C5 B1 37 8D C6 08 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 11 A8 56 B6 29 8C D5 54 0F 14 9A DE BB 8E 53 5E [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 22016 bytes | Modified Date = 11/2/2006 04:45:47 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDri
verPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 512 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=
System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App
=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-31277|[email protected],-31280|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|R
A4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-30785|[email protected],-30788|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Fire
wallAPI.dll,-30789|[email protected],-30792|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30793|[email protected],-30796|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004
|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=500
09|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubne
t|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32253|[email protected],-32256|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32257|[email protected],-32260|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32261|[email protected],-32264|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32265|[email protected],-32268|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32269|[email protected],-32272|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32273|[email protected],-32276|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32277|[email protected],-32280|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|[email protected],-32281|[email protected],-32284|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|[email protected],-29753|[email protected],-29756|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29757|[email protected],-29760|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29765|[email protected],-29768|[email protected],-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=S
ystem|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|Name
[email protected],-32765|Desc=@FirewallAPI.
  • 0

Advertisements


#11
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
.dll,-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=3702|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=3702|App
=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|App
=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDPHOST-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=5355|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-LLMNR-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=5355|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|
LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-FDRESPUB-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public
|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NETDIS-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=
LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=Sy
stem|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=S
ystem|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=S
ystem|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=S
ystem|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=
System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=S
ystem|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=
System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Session-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SMB-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Name-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-NB_Datagram-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-SpoolSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|
Profile=Public|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP4-ERQ-Out -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|Profile=Private
|Profile=Public|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-In -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\FPS-ICMP6-ERQ-Out -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|Profile=Privat
e|Profile=Public|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=Sy
stem|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28254|[email protected],-28257|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28258|[email protected],-28261|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-28262|[email protected],-28265|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-28266|[email protected],-28269|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|[email protected],-28270|[email protected],-28273|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-28274|[email protected],-28277|[email protected],-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteTask-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-KTMRM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MSDTC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-RAServer-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|A
pp=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoo
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please attach it as an an e-mail and e-mail it to me here > kahdah at aol.com replacing at with @
  • 0

#13
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-In-TCP-EdgeScope-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-In-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=
LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-SSDPSrv-Out-UDP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4
=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-In-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=L
ocalSubnet|RA6=LocalSubnet|App=System|[email protected],-33027|[email protected],-33030|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnPHost-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=System|[email protected],-33031|[email protected],-33034|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAssistance-UPnP-Out-TCP-Active -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet
|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-33037|[email protected],-33038|[email protected],-33002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=Sys
tem|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WINRM-HTTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-L2TP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-L2TP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-PPTP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RRAS-PPTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30515|[email protected],-30518|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30519|[email protected],-30522|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WPDMTP-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=S
ystem|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=
System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=S
ystem|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=
System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\NetPres-WSDEVNTS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-DU-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PTB-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-TE-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-PP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-NDA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RA-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=133:*|App=System|[email protected],-26106|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-RS-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LQ-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LR2-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|
Profile=Public|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP6-LD-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private
|Profile=Public|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-ICMP4-DUFRAG-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|P
rofile=Public|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IGMP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|Profile=Private|P
rofile=Public|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IGMP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DHCP-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DHCP-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-Teredo-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|
Profile=Public|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-Teredo-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IPv6-In -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|Profile=Private|
Profile=Public|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-IPv6-Out -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Private
|Profile=Public|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-NP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=Sy
stem|[email protected],-25401|[email protected],-25401|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-DNS-Out-UDP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|Edge=FALSE|LSM=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\CoreNet-GP-LSASS-Out-TCP -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 793 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 286208 bytes | Modified Date = 11/12/2007 18:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ScopeAddress -> 192.168.0.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ScopeAddressBackup -> 192.168.0.1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\PolicyVersion -> 512 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [C:\Windows\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogDroppedPackets -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\\LogSuccessfulConnections -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-10000|[email protected],-10001|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-10002|[email protected],-10003|[email protected],-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=
System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App
=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-31277|[email protected],-31280|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Publi
c|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public
|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|R
A4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firew
allAPI.dll,-30785|[email protected],-30788|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Fire
wallAPI.dll,-30789|[email protected],-30792|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@Firewa
llAPI.dll,-30793|[email protected],-30796|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004
|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=500
09|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubne
t|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32253|[email protected],-32256|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|[email protected],-32257|[email protected],-32260|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|
Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32261|[email protected],-32264|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32265|[email protected],-32268|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32269|[email protected],-32272|[email protected],-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|[email protected],-32273|[email protected],-32276|[email protected],-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters�
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Processes - Non-Microsoft Only]
YY -> yrchuvut.exe -> %AllUsersProfile%\yduzqfab\yrchuvut.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> actchken -> %SystemRoot%\System32\lqvyfyte.exe [C:\Windows\system32\lqvyfyte.exe]
YY -> chkset -> %SystemRoot%\System32\mhuverup.exe [C:\Windows\system32\mhuverup.exe]
YY -> uistrcmd -> %SystemRoot%\System32\klwzcxkh.exe [C:\Windows\system32\klwzcxkh.exe]
< HOSTS File > (862 bytes) -> C:\Windows\System32\drivers\etc\Hosts
YN -> 60.12.193.37 auto.search.msn.com -> 
YN -> 60.12.193.37 auto.search.msn.es -> 
YN -> 60.12.193.37 ie.search.msn.com -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> yduzqfab -> %AllUsersProfile%\yduzqfab
[Files/Folders - Modified Within 30 days]
NY -> klwzcxkh.exe -> %SystemRoot%\System32\klwzcxkh.exe
NY -> lqvyfyte.exe -> %SystemRoot%\System32\lqvyfyte.exe
NY -> mhuverup.exe -> %SystemRoot%\System32\mhuverup.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> yduzqfab -> %AllUsersProfile%\yduzqfab
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.
=======================================================
ALso post a new Hijackthis log and let me know how it is running?
  • 0

#15
westofthesun

westofthesun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here's the new log!

[Processes - Non-Microsoft Only]
Process yrchuvut.exe killed successfully.
C:\ProgramData\yduzqfab\yrchuvut.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\actchken deleted successfully.
C:\Windows\System32\lqvyfyte.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\chkset deleted successfully.
C:\Windows\System32\mhuverup.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uistrcmd deleted successfully.
C:\Windows\System32\klwzcxkh.exe moved successfully.
HOSTS entry 60.12.193.37 auto.search.msn.com deleted successfully.
HOSTS entry 60.12.193.37 auto.search.msn.es deleted successfully.
HOSTS entry 60.12.193.37 ie.search.msn.com deleted successfully.
C:\Windows\System32\drivers\etc\Hosts moved successfully.
New HOSTS file updated successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\ProgramData\yduzqfab folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\Windows\System32\klwzcxkh.exe not found!
File C:\Windows\System32\lqvyfyte.exe not found!
File C:\Windows\System32\mhuverup.exe not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\yduzqfab not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08232008_182358


i'll post the hijackthis in a few hours as i've got to run, but thanks in advance, this place is a great resource....i wish i knew what you knew :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP