Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ATTN: godawgs - Ex-gaming laptop won't play any games [Solved]

Started by Jules4me , Sep 02 2012 10:19 PM

  • This topic is locked This topic is locked

#16
godawgs
Posted 04 September 2012 - 10:34 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Jules,

You are correct. You shouldn't have both MalwareBytes and SpyBot running at the same time. After this run let me know if the issues are gone.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2260173
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\URLSearchHook: {be0517a8-e339-3d94-f961-6a7af79275bf} - C:\Program Files\MemoLink\Helper.dll ()
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes,DefaultScope = {1C888E30-FF69-441B-B061-13C1B0F0E1BD}
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes\{1C888E30-FF69-441B-B061-13C1B0F0E1BD}: "URL" = http://search.condui...&ctid=CT2260173
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2260173
O2 - BHO: (Memolink Toolbar BHO) - {0C6FE940-7788-4F1C-B735-B7657C04A763} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O2 - BHO: (MemoLink BHO) - {A9C85A36-FE15-7344-7578-A7E8EAF18473} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236C68D3-8D81-4FC8-A221-20B19C0F6607}: DhcpNameServer = 147.226.3.30 147.226.3.130

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-3.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. The FSS.txt log
  • 0

Advertisements

#17
Jules4me
Posted 05 September 2012 - 07:38 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Good morning, godawgs.

Malwarebytes is the free version and so does not run at startup. I bet it showed it was running at startup, because they offered, and I tried, a free trial of the paid version and it does run at startup. However, I discontinued the free trial and stayed with the free version.

After all is said and done, I will re-enable Spybot to run at startup, providing the whole system runs well enough to have that many processes running in the background.



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{be0517a8-e339-3d94-f961-6a7af79275bf} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be0517a8-e339-3d94-f961-6a7af79275bf}\ not found.
File C:\Program Files\MemoLink\Helper.dll not found.
HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1C888E30-FF69-441B-B061-13C1B0F0E1BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C888E30-FF69-441B-B061-13C1B0F0E1BD}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "www.aol.com" removed from browser.startup.homepage
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C6FE940-7788-4F1C-B735-B7657C04A763}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C6FE940-7788-4F1C-B735-B7657C04A763}\ not found.
File C:\Program Files\Memolink Toolbar\Toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9C85A36-FE15-7344-7578-A7E8EAF18473}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9C85A36-FE15-7344-7578-A7E8EAF18473}\ not found.
File C:\Program Files\MemoLink\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37E984C0-D9FA-439C-8279-D5EFB625B898} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37E984C0-D9FA-439C-8279-D5EFB625B898}\ not found.
File C:\Program Files\Memolink Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}\ not found.
File C:\Program Files\MemoLink\Toolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37E984C0-D9FA-439C-8279-D5EFB625B898} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37E984C0-D9FA-439C-8279-D5EFB625B898}\ not found.
File C:\Program Files\Memolink Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}\ not found.
File C:\Program Files\MemoLink\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37E984C0-D9FA-439C-8279-D5EFB625B898} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37E984C0-D9FA-439C-8279-D5EFB625B898}\ not found.
File C:\Program Files\Memolink Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}\ not found.
File C:\Program Files\MemoLink\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37E984C0-D9FA-439C-8279-D5EFB625B898} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37E984C0-D9FA-439C-8279-D5EFB625B898}\ not found.
File C:\Program Files\Memolink Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}\ not found.
File C:\Program Files\MemoLink\Toolbar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{236C68D3-8D81-4FC8-A221-20B19C0F6607}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dell 1525\Desktop\cmd.bat deleted successfully.
C:\Users\Dell 1525\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dell 1525
->Temp folder emptied: 53300379 bytes
->Temporary Internet Files folder emptied: 33729766 bytes
->Java cache emptied: 196530 bytes
->FireFox cache emptied: 74748468 bytes
->Google Chrome cache emptied: 101831496 bytes
->Apple Safari cache emptied: 9013248 bytes
->Flash cache emptied: 58669 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4810 bytes
RecycleBin emptied: 119541219 bytes

Total Files Cleaned = 374.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09052012_081603

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL logfile created on: 9/5/2012 8:26:47 AM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.85% Memory free
6.98 Gb Paging File | 6.15 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.83 Gb Free Space | 25.19% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dell 1525\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Rovi Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (RoxioNow Service) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Rovi Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 62 C9 88 74 83 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{1266438C-0AD6-4514-9483-5668E03A0461}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 17:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/02 14:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]

[2011/10/05 10:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Extensions
[2012/09/02 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions
[2011/11/29 19:59:08 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/07/14 09:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 17:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/09/02 14:55:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/02 17:52:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/14 09:06:56 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DELL 1525\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PLI5VIUT.DEFAULT\EXTENSIONS\[email protected]
[2012/07/24 17:35:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/24 17:34:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/24 17:34:52 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Swag Bucks Customized Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2260173
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: conduit.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([player] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 08:16:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/04 12:39:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/03 19:30:43 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/12 15:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/12 15:09:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/12 15:09:45 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/12 15:09:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/12 15:09:36 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/12 15:09:34 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/12 15:09:31 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/12 15:08:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/12 15:08:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files - Modified Within 30 Days ==========

[2012/09/05 08:27:36 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 08:27:36 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 08:27:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 08:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 08:18:56 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 08:16:05 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/05 08:16:05 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/05 08:06:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/05 08:06:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/04 12:48:12 | 000,000,512 | ---- | M] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/09/04 12:38:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/09/02 14:55:48 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/02 14:55:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/01 14:48:37 | 000,002,480 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/08/20 22:44:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/15 09:38:17 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 18:19:51 | 000,001,337 | ---- | M] () -- C:\Users\Dell 1525\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 15:02:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/12 15:02:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/12 15:02:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job

========== Files Created - No Company Name ==========

[2012/09/04 12:48:12 | 000,000,512 | ---- | C] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/08/12 15:09:48 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/08 16:09:03 | 000,007,605 | ---- | C] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/03 23:36:32 | 000,033,134 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/04/04 13:32:08 | 000,001,848 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2011/12/02 20:10:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/02 20:10:18 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/05 12:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/05 12:27:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/04 20:40:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\CMS Application Updater.job
[2012/09/05 08:16:05 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/05 08:06:05 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/05/11 16:30:33 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:32A82570

< End of report >
  • 0

#18
Jules4me
Posted 05 September 2012 - 07:41 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Dell 1525 (administrator) on 05-09-2012 at 08:41:01
Running from "C:\Users\Dell 1525\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#19
Jules4me
Posted 05 September 2012 - 07:59 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Well, I have been playing around online a bit to see how this computer is running and it is still having problems loading html correctly. I am going to go check to see if any programs need updating (Java, adobe, etc). From there, I don't know. After all you've done, I suppose it isn't a malware issue at all. I'll get back with you here in a bit after I do some checking.
  • 0

#20
godawgs
Posted 05 September 2012 - 11:11 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Well, I have been playing around online a bit to see how this computer is running and it is still having problems loading html correctly.

Does this happen in all browsers?

Malwarebytes is the free version and so does not run at startup. I bet it showed it was running at startup, because they offered, and I tried, a free trial of the paid version and it does run at startup. However, I discontinued the free trial and stayed with the free version.

Understood....but MalwareBytes is still running at start up.....even though you discontinued the free trial. I've run across this before. If you are gonna make Spybot TeaTimer active again (after we have finished I will do that in the cleanup), we will need to uninstall MalwareBytes and run the clean up tool. First we're gonna run a scan with MBAM. We can uninstall it after that but I would recommend that you reinstall just the free version of MalwareBytes and keep it as an on demand scanner.

I am going to go check to see if any programs need updating (Java, adobe, etc). From there, I don't know. After all you've done, I suppose it isn't a malware issue at all. I'll get back with you here in a bit after I do some checking.

We're not done yet. I just wanted to know if the problem was still there. Don't go gettin rouge on me now. :lol:

The OTL fix did not remove the Conduit search engine from Chrome....so I guess we're gonna have to do it manually. We may end up running AdwCleaner on this system to see what other bad things it can find hiding. If we do it will remove SwagBucks. You'll need to reinstall it.


Step-1.

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
    • Remove a search engine: Select the Conduit search engine and click the x that appears at the end of the row.
  • Close the browser


Step-2.

Clear the Java Cache and Update Java
  • Click the Start Orb, click Control Panel. Using the Classic View (if you are in the Category View look in the column on the left and click Use Classic View), double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on the Delete Temporary Files Window
    [Note:] This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Next, click the Update tab.
  • Click Update Now
    NOTE: It may take a minute or two for the Java Download window to appear, and after the download finishes the window will go away and it may take another minute or two for the Java Setup window to appear.
  • On the Java Setup window click the box beside Install Ask Toolbar to remove the check mark.
  • Click Install.
  • When you get the Java Installed successfully screen, click OK or Close
    Once the installation window closes, if the Control Panel is still open, switch the Classic View back to the Category View if you wish and close the Control Panel
  • Click OK to leave the Java Control Panel.
See if clearing the Java cache helped the problem.


Step-4.

Things For Your Next Post:
1. Answer my question above.
2. Let me know if you found the Condiut search engine and deleted it
3. Let me know what happened after clearing the Java cache and updating Java
  • 0

#21
Jules4me
Posted 05 September 2012 - 12:15 PM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I didn't download anything, I only checked on Adobe flash and it does need updated.

Ok, in Java. I could not get Java to open double clicking in the control panel. So I went to Start> search Java and clicked from there. It came up an error that said "Error occurred during initializaiton of VM Java.nio.charset.UnsupportedCharsetException" and an a box popped up that said "Java™Platform SE binary has stopped working." This popup automatically searched for a solution, but I finally gave this response, "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
  • 0

#22
godawgs
Posted 05 September 2012 - 09:08 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:D OK....another conundrum.

1.
Look in the installed programs list in Control Panel for Java™ Platform SE 6 U33. If it is there right click it and click Uninstall

Do number 2 even if the program wasn't in the Installed Programs list.

2.
Look in the C:\Program Files\Java folder and and see if there is a folder named jre6. If it is there delete it.

3.
After deleting the folder, reboot the computer and see if you can get into the Java Control Panel.


Also, you didn't tell me if this is happening in all browsers.
  • 0

#23
Jules4me
Posted 06 September 2012 - 11:45 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Yes, it is happening in all browsers. Here is my theory. This computer loads a webpage so slowly that is some how messes up the loading. I did an experiment on the Dell 1525 running Vista (with Intel Pentium processor) that you helped me with previously and the Dell 1525 running Windows 7 (with Intel Celeron processor) that you are now helping me with. Using Chrome, I opened a random page (neither computer had ever been on this site before) in Windows 7 and then approximately 5 seconds later opened the same page in Vista. The Vista window fully opened and started the embedded video quickly. The Windows 7 window eventually came up, but lagged a good 20 seconds behind. I tried IE, Safari, Chrome and FF. All have some issues. I went in and deleted browsing history in each one individually and that seems to help. This computer has had this issue for some time and it always gets better when history is deleted within the individual browser. But to keep the pages loading somewhat good, the history has to be deleted multiple times a day. <<< Past experience talking here.

Java: No Jre6 under programs, but both Jre6 and Jre7 under Program Files. I deleted Jre6 and restarted the computer. I still cannot get into Java through the control panel. It does the same as before. I click on it, the blue circle spins and then nothing. This time I did not try going through Start> search> Java.

In Programs, here is what is listed Java™7, update 5 (which I know needs updated to update 7) and JavaFX 2.1.1
  • 0

#24
Jules4me
Posted 06 September 2012 - 11:49 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Something else that may be interesting:

I went to empty the recycle bin and the JRE6 did not delete. I had to right click and choose delete for it to be gone.
  • 0

#25
godawgs
Posted 06 September 2012 - 12:09 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
See if you can uninstall Java 7 from the programs list. If you can, let me know and I'll give you directions to the Java site for downloading/installing the new Java. Your earlier post indicated that part of Java has become corrupted.
  • 0

Advertisements

#26
Jules4me
Posted 06 September 2012 - 01:02 PM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
It appears to have uninstalled fine. Since you did not say to, I did not delete Java FX 2.1.1.
  • 0

#27
godawgs
Posted 06 September 2012 - 01:52 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Uninstall the Java FX2.1.1 program then reboot the program.

Then, go to the C:\Program Files\Java folder and delete the jre7 folder.

Posted Image UPDATE JAVA

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u7
  • Click the "Download JRE" button to the right.
  • On the JSE Downloads page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u7 heading:
  • For Windows 32 bit systems, look for Windows x86 Offline, click the jre-7u7-windows-i586.exe file and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop right-click on the jre-7u7-windows-i586.exe file and click Run as Administrator to install the newest version. You may be asked to supply the Administrator password.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
Can you get into the control panel now? If you can, go ahead and clear the Java cache.
If you can open the Control Panel that problem is solved.
Next, open some web sites and see if the issue is any better.
  • 0

#28
Jules4me
Posted 06 September 2012 - 02:48 PM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
So far so good. Deleted all Java related. Installed new Java. It never asked about installing a toolbar.

In clearing the cache, you said:

"There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files"

I actually have 3 options: Trace and Log Files, Cached Applications and Applets and Installed Applications and Applets. The first two were already check marked. I did not check the last one as I'm not sure what that will do. Of course, I can always go back and check it later, if you want me to.

Checked for update and there was none. Installed is the most current.

Well, sites are still not loading well or quickly. In fact, in FF, the page starts to load and then I get this error: The connection was reset. The connection to the server was reset while the page was loading.

This is a common theme on this laptop in Chrome and FF. (These are the two browsers I use most often). In fact, it became so tiring after so many months of not getting pages to load, that that is when I passed this laptop on to become the gaming computer.

Edited by Jules4me, 06 September 2012 - 02:53 PM.

  • 0

#29
godawgs
Posted 07 September 2012 - 12:37 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Thanks for the update. I know you said that clearing the browsing history helps. When you clear the browsing history are you clearing the cache as well?

According to the FF site, the error you got The connection was reset can be caused by a problem with the FF cache.


Step-1

Open Firefox

1. At the top of the Firefox window, click on the Firefox button, go over to the History menu and select Clear Recent History....
If you are using the Menu Bar, at the top of the Firefox window, click on the Tools menu and select Clear Recent History....
2. In the Time Range to clear: drop-down, select Everything.
3. Click the arrow next to Details to display the list of items that can be cleared.
4. Select both Cookies and Cache.
5. Click Clear Now

Next, click the Firefox button at the top of the Firefox window, or click the Tool menu andclick Options
1. On the Options window click the Advanced icon.
2. Click the Network tab.
3. In the Cached Web Content section click the Clear Now button
4. Click OK to close the Options window.
5. Close Firefox and reopen it and see if the web pages load faster.


Step-2

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
/md5start
symnrt.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console<---Very Important
  • Make sure the Output box at the top is set to Minimal Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.


Step-3.

AdwCleaner by Xplode

Close all open windows and browsers.

Download AdwCleaner from here to your desktop.
  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt


Step-4.

Things For Your Next Post:
1. Let me know if clearing the FF cache made any difference
2. The OTL.txt log
3. The AdwCleaner[R1].txt log
  • 0

#30
Jules4me
Posted 07 September 2012 - 10:15 AM

Jules4me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
In Firefox, I always choose to clear history from the beginning of time and include cache. However, I never knew about the Cached Web Content. It was maxed out at 1024 mb and clearing it did wonders for loading pages quickly. There are still some issues with pages loading correctly. I spent about an hour in FF and even though I had cleared both the history and cache, I still got the same error. I immediately went to check the Cached Web Content and it was about 32 mb.

Chrome is still not loading correctly and several times over many months, I have used the information on this page https://support.goog...n&answer=113910 to try to fix it. And when I did every step and the problem persists, the final step is malware, which is what brought me to you. Almost everything works in incognito. I still need to update Flash and that "should" solve the only issue that doesn't work in incognito. Would you allow me to update Flash now?

Could you help me get rid of that stupid Babylon add-on/extension/search? I have tried and tried and I can never get it to stay away.

Would you be so kind as to educate me on a few things? I have never saved/downloaded programs to the desktop and run from there. I always choose run instead of save. What is the difference? Also, I have never run as administrator. Could you explain why that is important? Sometimes when you have me use OTL, you have me run as administrator and other times not. How would I know, if was running any type of program, if I should run as administrator or not (like when we downloaded the new Java)?



OTL logfile created on: 9/7/2012 10:08:29 AM - Run 5
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.74% Memory free
6.98 Gb Paging File | 6.18 Gb Available in Paging File | 88.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.13 Gb Free Space | 24.45% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules >
"SSTP-IN-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|
"Netlogon-NamedPipe-In" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|
"SNMPTRAP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|
"SNMPTRAP-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|
"WMP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|
"WMP-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|
"WMP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|
"WMPNSS-QWave-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
"WMPNSS-QWave-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
"WMPNSS-QWave-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
"WMPNSS-QWave-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
"WMPNSS-HTTPSTR-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
"WMPNSS-HTTPSTR-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
"WMPNSS-WMP-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
"WMPNSS-WMP-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
"WMPNSS-WMP-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
"WMPNSS-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
"WMPNSS-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
"WMPNSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
"WMPNSS-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
"WMPNSS-QWave-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
"WMPNSS-QWave-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
"WMPNSS-QWave-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
"WMPNSS-QWave-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
"WMPNSS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|
"WMPNSS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|
"WMPNSS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|
"WMPNSS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|
"WMPNSS-HTTPSTR-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
"WMPNSS-HTTPSTR-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
"WMPNSS-WMP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
"WMPNSS-WMP-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
"WMPNSS-WMP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
"WMPNSS-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
"WMPNSS-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
"WMPNSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
"WMPNSS-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
"WMPNSS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|
"WMPNSS-RME-HTTP-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
"Collab-P2PHost-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|
"Collab-P2PHost-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|
"Collab-P2PHost-WSD-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|
"Collab-P2PHost-WSD-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|
"Collab-PNRP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|
"Collab-PNRP-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|
"Collab-PNRP-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|
"Collab-PNRP-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|
"RemoteAssistance-In-TCP-EdgeScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-PnrpSvc-UDP-OUT" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"RemoteAssistance-RAServer-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|
"RemoteAssistance-DCOM-In-TCP-NoScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|
"RemoteAssistance-SSDPSrv-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|
"RemoteAssistance-SSDPSrv-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-33031|[email protected],-33034|[email protected],-33002|
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|
"RemoteAssistance-PnrpSvc-UDP-OUT-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-NB_Session-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-SMB-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-NB_Name-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP6-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
"CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|
"CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|
"CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|
"CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|
"CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|
"CoreNet-ICMP6-NDA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|
"CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-RA-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|
"CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-RS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|
"CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-LQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|
"CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LR-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|
"CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LR2-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|
"CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP6-LD-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|
"CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|
"CoreNet-IGMP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|
"CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|
"CoreNet-DHCP-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|
"CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|
"CoreNet-DHCPV6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|
"CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|
"CoreNet-Teredo-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|
"CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|
"CoreNet-IPHTTPS-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|
"CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|
"CoreNet-IPv6-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|
"CoreNet-GP-NP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|
"CoreNet-GP-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|
"CoreNet-DNS-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|
"CoreNet-GP-LSASS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|
"NETDIS-UPnPHost-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
"NETDIS-UPnPHost-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
"NETDIS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
"NETDIS-NB_Name-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
"NETDIS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
"NETDIS-NB_Datagram-Out-UDP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
"NETDIS-WSDEVNTS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
"NETDIS-WSDEVNTS-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
"NETDIS-WSDEVNT-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
"NETDIS-WSDEVNT-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
"NETDIS-SSDPSrv-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
"NETDIS-SSDPSrv-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
"NETDIS-UPnPHost-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
"NETDIS-UPnPHost-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
"NETDIS-UPnP-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
"NETDIS-NB_Name-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
"NETDIS-NB_Name-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
"NETDIS-NB_Datagram-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
"NETDIS-NB_Datagram-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
"NETDIS-FDPHOST-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
"NETDIS-FDPHOST-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
"NETDIS-LLMNR-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
"NETDIS-LLMNR-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
"NETDIS-FDRESPUB-WSD-In-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
"NETDIS-FDRESPUB-WSD-Out-UDP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
"NETDIS-WSDEVNTS-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
"NETDIS-WSDEVNTS-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
"NETDIS-WSDEVNT-In-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
"NETDIS-WSDEVNT-Out-TCP-Active" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
"NETDIS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
"NETDIS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
"NETDIS-UPnP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
"NETDIS-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|
"NETDIS-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|
"NETDIS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|
"NETDIS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|
"NETDIS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|
"NETDIS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|
"NETDIS-FDPHOST-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
"NETDIS-FDPHOST-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
"NETDIS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
"NETDIS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
"NETDIS-FDRESPUB-WSD-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
"NETDIS-FDRESPUB-WSD-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
"NETDIS-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|
"NETDIS-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|
"NETDIS-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|
"NETDIS-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|
"MsiScsi-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|
"MsiScsi-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|
"MsiScsi-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|
"MsiScsi-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|
"MSDTC-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|
"MSDTC-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|
"MSDTC-KTMRM-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|
"MSDTC-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|
"MSDTC-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|
"MSDTC-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|
"MSDTC-KTMRM-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|
"MSDTC-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|
"RemoteSvcAdmin-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|
"RemoteSvcAdmin-NP-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|
"RemoteSvcAdmin-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|
"RemoteSvcAdmin-NP-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|
"RemoteSvcAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|
"PerfLogsAlerts-PLASrv-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|
"PerfLogsAlerts-DCOM-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|
"PerfLogsAlerts-PLASrv-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|
"PerfLogsAlerts-DCOM-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-WINMGMT-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-WINMGMT-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"PNRPMNRS-PNRP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|
"PNRPMNRS-PNRP-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|
"PNRPMNRS-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|
"PNRPMNRS-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|
"RemoteEventLogSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteEventLogSvc-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|
"RemoteEventLogSvc-NP-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|
"RemoteEventLogSvc-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|
"RemoteTask-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|
"RemoteTask-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|
"RemoteTask-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|
"RemoteTask-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|
"WINRM-HTTP-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|
"WINRM-HTTP-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|
"WINRM-HTTP-Compat-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
"WINRM-HTTP-Compat-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|
"RemoteFwAdmin-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|
"RemoteFwAdmin-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|
"RemoteFwAdmin-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|
"RemoteFwAdmin-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|
"RRAS-GRE-In" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|
"RRAS-GRE-Out" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|
"RRAS-L2TP-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|
"RRAS-L2TP-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|
"RRAS-PPTP-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|
"RRAS-PPTP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|
"RVM-VDS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|
"RVM-VDSLDR-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|
"RVM-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|
"RVM-VDS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|
"RVM-VDSLDR-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|
"RVM-RPCSS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|
"Microsoft-Windows-PeerDist-HttpTrans-In" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|
"Microsoft-Windows-PeerDist-HttpTrans-Out" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|
"Microsoft-Windows-PeerDist-WSD-In" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|
"Microsoft-Windows-PeerDist-WSD-Out" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|
"Microsoft-Windows-PeerDist-HostedServer-In" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|
"Microsoft-Windows-PeerDist-HostedServer-Out" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|
"Microsoft-Windows-PeerDist-HostedClient-Out" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|
"SPPSVC-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=1688|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\sppsvc.exe|Svc=sppsvc|[email protected],-28003|[email protected],-28006|[email protected],-28002|
"SPPSVC-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=1688|App=%SystemRoot%\system32\sppsvc.exe|Svc=sppsvc|[email protected],-28003|[email protected],-28006|[email protected],-28002|
"MCX-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|
"MCX-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|
"MCX-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|
"MCX-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|
"MCX-QWave-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|
"MCX-QWave-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|
"MCX-QWave-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|
"MCX-QWave-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|
"MCX-HTTPSTR-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|
"MCX-TERMSRV-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|
"MCX-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|
"MCX-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|
"MCX-MCX2SVC-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|
"MCX-Prov-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|
"MCX-PlayTo-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|
"MCX-PlayTo-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|
"MCX-McrMgr-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|
"MCX-PlayTo-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|
"MCX-FDPHost-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|
"NetPres-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|
"NetPres-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|
"NetPres-WSDEVNT-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|
"NetPres-WSDEVNT-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|
"NetPres-WSDEVNTS-In-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|
"NetPres-WSDEVNTS-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|
"NetPres-WSD-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|
"NetPres-WSD-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|
"NetPres-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|
"NetPres-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|
"NetPres-WSDEVNT-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|
"NetPres-WSDEVNT-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|
"NetPres-WSDEVNTS-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|
"NetPres-WSDEVNTS-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|
"WPDMTP-Out-TCP-NoScope" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|
"WPDMTP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|
"WPDMTP-SSDPSrv-In-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|
"WPDMTP-SSDPSrv-Out-UDP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|
"WPDMTP-UPnPHost-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|
"WPDMTP-UPnPHost-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|
"WPDMTP-UPnP-Out-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|
"{57CDBD03-E879-49CA-BDDF-46AD3BA9C594}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|
"{187581F5-655A-4C94-8282-1B397B3E6469}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|
"{34A79960-270A-4817-A04D-1975DAE56C05}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|
"{00AFCB06-C084-4D83-9B84-E64CA0FFDB4C}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|
"{E13491C8-62E1-4115-ACE7-6DB3AF8CD9F1}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|
"{384BCAE1-E890-48B6-A9B4-5629648EB9B6}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|
"{3264A41E-19C3-405B-B136-AA87B63D44A4}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|
"{EE88FEEB-658A-4729-8E98-50892F4354CC}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|
"{DA34CDEF-E8BF-4799-81DF-81E8D273D4DE}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|
"{6E62AB39-D8D1-4328-BD22-DAC9AA1C17FD}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|
"{11372010-2BA9-4253-8DF6-475966520B5A}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|
"{EFE873C0-7CA9-485B-8836-5543502453E9}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|
"{6AFCDB6A-E8BD-4D64-8932-83BD36F27D72}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|
"{D9147F31-F03A-443C-92CC-B266C0D7FC72}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|
"{0C0890EC-34B7-4293-9366-61F2A32FACE2}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|
"{24A64B75-8ACA-4ED6-A599-0E07DBACA3E7}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|
"{B1E5536C-841A-4EE9-94F8-11611C349E23}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|
"{D5F64A9C-0CC5-4535-B958-DE949F6BE004}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|
"{A43ADE36-FF5D-4084-A32B-50D50D04771E}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|
"{0C52AF53-8708-4969-8985-42F98691AC9C}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|
"{72D7AB30-245C-443D-A4ED-BE45FB8C804F}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|
"{15145048-B822-4B58-8EAD-E481A1092035}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|
"{3CADEBF2-2520-4F5C-A349-8C3503C00C47}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|
"RemoteDesktop-UserMode-In-TCP" = v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|
"{F972EA76-F7A7-45F6-A058-0C140D8F2483}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=6004|App=C:\Program Files\Microsoft Office\Office12\outlook.exe|Name=Microsoft Office Outlook|
"{A350DE53-F7AC-4128-9C66-10B4B3F95376}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Microsoft Office\Office12\GROOVE.EXE|Name=Microsoft Office Groove|
"{6DD775CA-EA54-46EC-93DA-496CE8B8AFD3}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Microsoft Office\Office12\GROOVE.EXE|Name=Microsoft Office Groove|
"{49A8CA29-B494-4A38-9C14-6989F95F65AE}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE|Name=Microsoft Office OneNote|
"{7A3FF354-70E4-4C6C-8ED1-23FB1B5BACE4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE|Name=Microsoft Office OneNote|
"{34BE8205-A51F-45C7-8325-0721389ECE25}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Skype\Phone\Skype.exe|Name=Skype|
"{BD8CA075-46FC-40D6-B97E-95045595206F}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe|Name=WebKit|Edge=TRUE|
"{FA450632-F726-462E-9653-FDAF09A8E8BD}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{AE7EF36B-93CB-4B5F-AB05-5FB88E5BE579}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{B78D8A0A-F887-42A5-BAB4-737BB8D48F11}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe|Name=RoxioNow Player|
"{E4735DC1-00A9-48DC-9031-D8E4CBE77542}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe|Name=RoxioNow Player|
"TCP Query User{84C87028-9753-4801-95ED-4E544B7A4735}C:\users\dell 1525\appdata\roaming\spotify\spotify.exe" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\dell 1525\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{D5A342C7-3DDB-4527-BEE4-D0ED922FD3E4}C:\users\dell 1525\appdata\roaming\spotify\spotify.exe" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\dell 1525\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"{6630BA92-8F58-4D91-9790-34EF4F8E8B2F}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|
"{6AD17AE5-8B2C-4B85-BAA8-A238EDD482BC}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|
"{41F7D0B6-51EB-4B7A-A38F-5283A568C63F}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|
"{06B3581B-B61F-4004-81DF-C4E02CBEBB51}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|
"{07F6E64C-2C50-4012-80AE-3CDC47EB8885}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|
"{6C78A8C1-2A0D-429E-AA3B-FC126467B95B}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|
"{509B25B4-655D-4D47-92EB-331ED77E500E}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|
"{59B8C20F-AF7B-4611-B586-D5FF9FC10E29}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|
"{53021E62-8CFD-4C9F-A333-7C44DFAADC40}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|
"{EA342E35-56EF-489A-B93B-F13AA9B5F285}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE|
"{5BE60E6E-0BBF-440B-8307-3B37752881DC}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Dell 1525\AppData\Local\temp\7zS2645.tmp\SymNRT.exe|Name=Norton Removal Tool|
"{D022EEDB-0AEA-410A-8468-6ABBFE53BDBB}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Dell 1525\AppData\Local\temp\7zS2645.tmp\SymNRT.exe|Name=Norton Removal Tool|
"{931B810E-B002-4BDB-996B-A4A1F84F4DE2}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\iTunes\iTunes.exe|Name=iTunes|Edge=TRUE|
"{403A15B1-8C28-4733-BEBF-03DF72E9A6FD}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Dell 1525\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe|Name=Google Talk Plugin|
"{1BC45415-412F-48FB-AC7C-83A168B701B5}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Dell 1525\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe|Name=Google Talk Plugin|

< End of report >




# AdwCleaner v2.000 - Logfile created 09/07/2012 at 10:36:47
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Dell 1525 - PINKDELL1525-PC
# Boot Mode : Normal
# Running from : C:\Users\Dell 1525\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Swag_Bucks
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\Dell 1525\AppData\Local\Conduit
Folder Found : C:\Users\Dell 1525\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dell 1525\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Dell 1525\AppData\LocalLow\Swag_Bucks
Folder Found : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\ConduitCommon
Folder Found : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\FCTB

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34EDC4CE-5503-405B-A127-85E1A2D3B49E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F82775B7-84F3-4491-BCEF-DF2E556378C9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Found : HKLM\Software\Swag_Bucks
Key Found : HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\prefs.js

Found : user_pref("CT2260173..clientLogIsEnabled", false);
Found : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2260173.128958821111237507.APP_WIN_FEATURES", "savelocation=0,saveresizedsize=0,openpos[...]
Found : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2260173.AppTrackingLastCheckTime", "Fri Jun 01 2012 08:25:48 GMT-0500 (Central Daylight[...]
Found : user_pref("CT2260173.CT2260173", "CT2260173");
Found : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2260173.CurrentServerDate", "4-6-2012");
Found : user_pref("CT2260173.DSChangedManually", true);
Found : user_pref("CT2260173.DSInstall", true);
Found : user_pref("CT2260173.DialogsAlignMode", "LTR");
Found : user_pref("CT2260173.DialogsGetterLastCheckTime", "Sat Jun 02 2012 14:17:26 GMT-0500 (Central Daylig[...]
Found : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Found : user_pref("CT2260173.FeedPollDate128940659196275477", "Mon Jun 04 2012 08:39:43 GMT-0500 (Central Da[...]
Found : user_pref("CT2260173.FeedPollDate128940659574712536", "Mon Jun 04 2012 08:24:43 GMT-0500 (Central Da[...]
Found : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Found : user_pref("CT2260173.FirstServerDate", "30-10-2011");
Found : user_pref("CT2260173.FirstTime", true);
Found : user_pref("CT2260173.FirstTimeFF3", true);
Found : user_pref("CT2260173.FixPageNotFoundErrors", false);
Found : user_pref("CT2260173.GroupingInvalidateCache", false);
Found : user_pref("CT2260173.GroupingLastCheckTime", "0");
Found : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2260173.HPInstall", false);
Found : user_pref("CT2260173.HasUserGlobalKeys", true);
Found : user_pref("CT2260173.HomePageProtectorEnabled", false);
Found : user_pref("CT2260173.HomepageBeforeUnload", "www.yahoo.com");
Found : user_pref("CT2260173.Initialize", true);
Found : user_pref("CT2260173.InitializeCommonPrefs", true);
Found : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2260173.InstallationType", "Unknown");
Found : user_pref("CT2260173.InstalledDate", "Sun Oct 30 2011 14:45:31 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2260173.InvalidateCache", false);
Found : user_pref("CT2260173.IsAlertDBUpdated", true);
Found : user_pref("CT2260173.IsGrouping", false);
Found : user_pref("CT2260173.IsInitSetupIni", true);
Found : user_pref("CT2260173.IsMulticommunity", false);
Found : user_pref("CT2260173.IsOpenThankYouPage", true);
Found : user_pref("CT2260173.IsOpenUninstallPage", true);
Found : user_pref("CT2260173.IsProtectorsInit", true);
Found : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2260173.LastLogin_3.10.0.1", "Tue Apr 17 2012 19:26:35 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2260173.LastLogin_3.12.0.7", "Wed Apr 25 2012 21:37:18 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2260173.LastLogin_3.12.2.3", "Wed May 30 2012 12:11:29 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2260173.LastLogin_3.13.0.6", "Mon Jun 04 2012 08:24:57 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2260173.LastLogin_3.7.0.6", "Mon Nov 07 2011 07:17:22 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2260173.LastLogin_3.8.0.8", "Mon Dec 05 2011 16:07:40 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2260173.LastLogin_3.8.1.0", "Thu Jan 05 2012 18:17:26 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2260173.LastLogin_3.9.0.3", "Tue Mar 06 2012 09:15:47 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2260173.LatestVersion", "3.13.0.6");
Found : user_pref("CT2260173.Locale", "en");
Found : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Found : user_pref("CT2260173.MCDetectTooltipShow", false);
Found : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Found : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2260173.OriginalFirstVersion", "3.7.0.6");
Found : user_pref("CT2260173.RadioLastCheckTime", "0");
Found : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2260173.RadioLastUpdateServer", "0");
Found : user_pref("CT2260173.RadioShrinked", "expanded");
Found : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Found : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2260173.SearchBoxWidth", 146);
Found : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Found : user_pref("CT2260173.SearchEngine", "Web%20Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEAR[...]
Found : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Found : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2260173.SearchInNewTabEnabled", true);
Found : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Jun 03 2012 14:17:24 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2260173.SearchProtectorEnabled", false);
Found : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Found : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2260173.SettingsLastCheckTime", "Sun Jun 03 2012 22:37:15 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2260173.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Found : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Wed May 30 2012 19:17:17 GMT-0500 (Central Day[...]
Found : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2260173.ToolbarDisabled", false);
Found : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2260173.UserID", "UN56655730908219344");
Found : user_pref("CT2260173.ValidationData_Search", 2);
Found : user_pref("CT2260173.ValidationData_Toolbar", 2);
Found : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2260173.alertChannelId", "657446");
Found : user_pref("CT2260173.approveUntrustedApps", false);
Found : user_pref("CT2260173.components.1000034", false);
Found : user_pref("CT2260173.components.1000080", true);
Found : user_pref("CT2260173.components.1000082", false);
Found : user_pref("CT2260173.components.1000234", false);
Found : user_pref("CT2260173.components.1007", true);
Found : user_pref("CT2260173.components.128940706283150316", false);
Found : user_pref("CT2260173.components.128940706522681543", false);
Found : user_pref("CT2260173.components.128941656432219667", false);
Found : user_pref("CT2260173.components.128958271477056519", false);
Found : user_pref("CT2260173.components.128958821111237507", true);
Found : user_pref("CT2260173.components.128962387831475966", false);
Found : user_pref("CT2260173.components.128993342947475250", false);
Found : user_pref("CT2260173.components.129137782531242622", false);
Found : user_pref("CT2260173.components.129623230533828087", false);
Found : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2260173.firstTimeDialogOpened", true);
Found : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2260173.fixUrls", true);
Found : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon May 28 2012 09:35:22 GMT-0500 (Central [...]
Found : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2260173.initDone", true);
Found : user_pref("CT2260173.isAppTrackingManagerOn", true);
Found : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2260173.isFirstRadioInstallation", false);
Found : user_pref("CT2260173.isNewTabEnabled", true);
Found : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2260173.keyword", true);
Found : user_pref("CT2260173.myStuffEnabled", true);
Found : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Found : user_pref("CT2260173.revertSettingsEnabled", false);
Found : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Found : user_pref("CT2260173.search.searchCount", "2");
Found : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Found : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344047317878");
Found : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1344047204664");
Found : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1344538821726");
Found : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344047317755");
Found : user_pref("CT2260173.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344538793685");
Found : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344047317825");
Found : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1344538802663");
Found : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1344538815714");
Found : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344047317701");
Found : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1344538821758");
Found : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1344538880022");
Found : user_pref("CT2260173.settingsINI", true);
Found : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Found : user_pref("CT2260173.smartbar.Uninstall", "0");
Found : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Found : user_pref("CT2260173.startPage", "userChanged");
Found : user_pref("CT2260173.testingCtid", "");
Found : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Jun 03 2012 14:17:28 GMT-0500 (Central D[...]
Found : user_pref("CT2260173.toolbarBornServerTime", "30-10-2011");
Found : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Fri Jun 01 2012 08:33:20 GMT-0500 (Central D[...]
Found : user_pref("CT2260173.toolbarCurrentServerTime", "9-8-2012");
Found : user_pref("CT2260173.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dell 1525\\AppData\\Roaming\\Mozill[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "868x49");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://toolbartv.swagbucks.com", "400x767");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 06 2011 11:55:45 GMT-0500 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "380726c5-1894-4cc8-95ec-1f4986ebd759");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 29 2012 21:49:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jun 03 2012 07:08:09 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jun 03 2012 14:17:25 GMT-0500 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "8991f018-e33f-4f0a-98d3-d2bc2daf5ccd");
Found : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Swagbucks.com");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
Found : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109932");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "542730fb00000000000000242b9376b6");
Found : user_pref("extensions.BabylonToolbar_i.id", "542730fb00000000000000242b9376b6");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15412");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:15:52");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ClearCacheDate", 25);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DNSCatch", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DisplayEULA", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.FirstLaunchShown", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.LoadLayoutDate.60497", 25);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.MailLastCheckTime", 1335409879);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.RemoveAllData", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ShowRecommendedOptions", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.StateReportDate", "1335276063667");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.api.settings.fctoolbar51ef49d2624b41948b971c468[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeInstallSaved", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.homepage", "www.yahoo.com");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.beforeinstall.search", "Swag%20Bucks%20Customiz[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.customNewTab", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.helpUsImprove", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.hideOthers", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.processAddrBar", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.remove_search", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.restoreSearch", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.searchHistory", true);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.session", "723F991665065E7E5CC6EA7A518C1A14C6FE[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.showFirstLaunchOptions", false);
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tb_lang", "en");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tool_id", "60497");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_id", "77349769");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_key", "12e2713317c6e9476626d4990360d3df264[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_layouts", "60497");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_lnames", "MyPoints%20Point%20Finder");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_IDcid2799617", "USIL1173");
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_namecid2799617", "Topeka%2C%20[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Found : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.yahooSearch", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 9);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 8);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1344450870128");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "www.yahoo.com");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Swagbucks.com");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "260552511");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "0694605F65CBD5331F7F50AA5095C038C366[...]
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "79611621");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "3fb3105a9676779b3275587a6b673e13cb0[...]
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Found : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30614 octets] - [07/09/2012 10:36:47]

########## EOF - C:\AdwCleaner[R1].txt - [30675 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP