Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Unwanted Websites and WordFence [Solved]

Started by Jackpine , Dec 30 2018 11:00 AM

This topic is locked

#1
Jackpine

Posted 30 December 2018 - 11:00 AM

Member

Member
490 posts

Hello,

I unfortunately clicked on a file and about 5 unwanted websites downloaded onto my laptop. I was only able to uninstall some of them. I then used system restore to go back to a previous restore point, and it appears that the unwanted websites are gone, but not completely.

Then when I ran FRST and tried to post to geekstogo, a program called WordFence showed on the screen and prevented me from posting. I am posting this from my desktop computer instead, but when I tried to post (with the logs generated from my laptop FRST scan, I got the same WordFence message. I then deleted the logs and am posting only what you see here.

Also, I have lost Windows Defender and Action Centre from Control Panel.

Your help in fixing this mess is greatly appreciated.

Thanks, Jackpine

#2
Jackpine

Posted 06 January 2019 - 08:58 PM

Member

Topic Starter
Member
490 posts

The waiting room directed me to the instructions to post the FRST logs. When I tried to do that with my first post (Item #1), I got a message from Word Fence that prevented me from posting the logs. I will try again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019
Ran by Amanda (administrator) on AMANDA-HP (07-01-2019 14:16:26)
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [182272 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] ()
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-09-20] (Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2011-09-20] (Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9955086B-673D-4CF2-9BDF-346645A0F1B5}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF DefaultProfile: vipgk2r5.default-1542942173564
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vipgk2r5.default-1542942173564 [2019-01-07]
FF NewTabOverride: Mozilla\Firefox\Profiles\vipgk2r5.default-1542942173564 -> Disabled: [email protected]
FF Extension: (Adblock Plus) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\vipgk2r5.default-1542942173564\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-12-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [357872 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7882752 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987152 2017-05-27] (Paramount Software UK Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [203336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [221056 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196632 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320744 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58008 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46432 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166328 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111848 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1033904 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [474504 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217912 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380000 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-01-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [73928 2018-03-28] (Windows ® Win 7 DDK provider)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 14:16 - 2019-01-07 14:16 - 000017599 _____ C:\Users\Amanda\Desktop\FRST.txt
2019-01-07 14:16 - 2019-01-07 14:16 - 000000000 ____D C:\Users\Amanda\Desktop\FRST-OlderVersion
2019-01-04 08:42 - 2019-01-04 08:41 - 000361392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-01-04 08:42 - 2019-01-04 08:41 - 000320744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000221056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000196632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-01-03 18:31 - 2019-01-04 22:18 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-03 18:24 - 2019-01-03 18:24 - 000000000 ____D C:\Users\Amanda\AppData\Local\ElevatedDiagnostics
2019-01-03 09:10 - 2019-01-03 09:10 - 048344608 _____ (Microsoft Corporation) C:\Users\Amanda\Desktop\Windows-KB890830-x64-V5.67.exe
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\AVG
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Local\Avg
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2019-01-01 11:16 - 2019-01-04 22:18 - 000003904 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-01 11:16 - 2019-01-04 08:41 - 001033904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000474504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000380000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000217912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000203336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000166328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000111848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000046432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-01-01 11:15 - 2019-01-01 11:15 - 000000000 ____D C:\Program Files\AVG
2019-01-01 11:14 - 2019-01-01 15:01 - 000000000 ____D C:\ProgramData\AVG
2018-12-31 10:05 - 2018-12-31 10:05 - 000000000 ____D C:\KVRT_Data
2018-12-31 10:01 - 2018-12-31 10:02 - 000206070 _____ C:\TDSSKiller.3.1.0.25_31.12.2018_10.01.41_log.txt
2018-12-31 10:01 - 2018-12-31 10:01 - 000000366 _____ C:\TDSSKiller.3.1.0.24_31.12.2018_10.01.05_log.txt
2018-12-30 11:38 - 2019-01-02 16:23 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-30 11:35 - 2018-12-30 11:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-30 09:26 - 2019-01-07 14:16 - 002424832 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2018-12-30 09:24 - 2018-12-30 09:24 - 000000228 _____ C:\Users\Amanda\Desktop\Geeks to Go - Free help from tech experts.URL
2018-12-28 11:54 - 2018-12-28 12:06 - 000000000 _____ C:\lrg1sadcaoodurh
2018-12-28 11:39 - 2018-12-28 11:40 - 000000000 ____D C:\ProgramData\NKXPBZZWCEKHR4X7WPIH
2018-12-27 13:30 - 2019-01-04 22:18 - 000003206 _____ C:\Windows\System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7}
2018-12-20 10:49 - 2018-12-20 10:49 - 037534866 _____ C:\Users\Amanda\Desktop\2018 Honda CR-V Owner's Manual.pdf
2018-12-20 08:41 - 2018-12-14 19:06 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-20 08:41 - 2018-12-14 18:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-20 08:41 - 2018-12-14 03:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-20 08:41 - 2018-12-14 03:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-20 08:41 - 2018-12-14 02:51 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-20 08:41 - 2018-12-14 02:49 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-20 08:41 - 2018-12-14 02:49 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-20 08:41 - 2018-12-14 02:48 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-20 08:41 - 2018-12-14 02:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-20 08:41 - 2018-12-14 02:38 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-20 08:41 - 2018-12-14 02:33 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-20 08:41 - 2018-12-14 02:24 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-20 08:41 - 2018-12-14 02:24 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-20 08:41 - 2018-12-14 02:23 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-20 08:41 - 2018-12-14 02:18 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-20 08:41 - 2018-12-14 02:17 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-20 08:41 - 2018-12-14 02:06 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-20 08:41 - 2018-12-14 02:06 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-20 08:41 - 2018-12-14 02:04 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-20 08:41 - 2018-12-14 01:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-20 08:41 - 2018-12-14 01:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-12-20 08:41 - 2018-12-14 01:45 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-20 08:41 - 2018-12-14 01:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-20 08:41 - 2018-12-14 01:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-12-20 08:41 - 2018-12-14 01:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-12-20 08:41 - 2018-12-14 01:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-12-20 08:41 - 2018-12-14 01:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-12-20 08:41 - 2018-12-14 01:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-20 08:41 - 2018-12-14 01:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-12-20 08:41 - 2018-12-14 01:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-12-20 08:41 - 2018-12-14 01:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-12-20 08:41 - 2018-12-14 01:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-20 08:41 - 2018-12-14 01:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-12-20 08:41 - 2018-12-14 01:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-20 08:41 - 2018-12-14 01:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-12-20 08:41 - 2018-12-14 01:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-12-20 08:41 - 2018-12-14 01:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-12-20 08:41 - 2018-12-14 01:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-12-20 08:41 - 2018-12-14 01:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-12-20 08:41 - 2018-12-14 01:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-12-20 08:41 - 2018-12-14 01:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-12-20 08:41 - 2018-12-14 01:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-20 08:41 - 2018-12-14 01:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-12-20 08:41 - 2018-12-14 01:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-20 08:41 - 2018-12-14 01:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-12-20 08:41 - 2018-12-14 01:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-12-20 08:41 - 2018-12-14 01:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-20 08:41 - 2018-12-14 01:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-12-20 08:41 - 2018-12-14 00:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-20 08:41 - 2018-12-14 00:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-20 08:41 - 2018-12-14 00:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-20 08:40 - 2018-12-14 03:09 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-20 08:40 - 2018-12-14 02:49 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-20 08:40 - 2018-12-14 02:48 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-20 08:40 - 2018-12-14 02:42 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-20 08:40 - 2018-12-14 02:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-20 08:40 - 2018-12-14 02:36 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-20 08:40 - 2018-12-14 02:30 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-20 08:40 - 2018-12-14 02:21 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-20 08:40 - 2018-12-14 02:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-20 08:40 - 2018-12-14 02:09 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-20 08:40 - 2018-12-14 02:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-20 08:40 - 2018-12-14 02:02 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-20 08:40 - 2018-12-14 01:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-20 08:40 - 2018-12-14 01:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-19 10:58 - 2018-12-19 11:30 - 000001945 _____ C:\Windows\epplauncher.mif
2018-12-19 10:38 - 2018-12-19 10:38 - 000000000 ____D C:\Users\Amanda\Documents\Thule Manuals
2018-12-19 10:34 - 2018-12-19 10:39 - 000000000 ____D C:\Users\Amanda\Documents\35 Forestlane Private Documents
2018-12-16 21:21 - 2018-12-16 21:21 - 000002168 _____ C:\Users\Amanda\Desktop\Dark City London Collectors.lnk
2018-12-16 21:19 - 2018-12-16 21:19 - 000000000 ____D C:\Program Files (x86)\Games
2018-12-12 09:19 - 2018-12-05 21:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 09:19 - 2018-11-28 17:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 09:19 - 2018-11-28 17:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-12 09:19 - 2018-11-28 17:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-12 09:19 - 2018-11-28 17:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-12 09:19 - 2018-11-28 17:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-12 09:19 - 2018-11-28 16:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-12-12 09:19 - 2018-11-28 16:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 09:19 - 2018-11-28 16:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-12-12 09:19 - 2018-11-28 16:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-12-12 09:19 - 2018-11-28 16:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-12-12 09:19 - 2018-11-11 12:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-12 09:19 - 2018-11-11 12:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 09:19 - 2018-11-11 12:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 09:19 - 2018-11-11 12:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-12 09:19 - 2018-11-11 12:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 09:19 - 2018-11-11 12:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 09:19 - 2018-11-11 12:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-12 09:19 - 2018-11-11 12:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-12-12 09:19 - 2018-11-11 11:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-12-12 09:19 - 2018-11-11 11:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-12-12 09:19 - 2018-11-11 11:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-12-12 09:19 - 2018-11-11 11:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-12 09:19 - 2018-11-11 11:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-12 09:19 - 2018-11-11 11:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-12 09:19 - 2018-11-11 11:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-12 09:19 - 2018-11-11 11:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-12-12 09:19 - 2018-11-11 11:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-12 09:19 - 2018-11-11 11:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-12 09:19 - 2018-11-11 11:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-12-12 09:19 - 2018-11-11 11:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-12 09:19 - 2018-11-11 11:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-12 09:19 - 2018-11-11 11:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-12 09:19 - 2018-11-11 11:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-12 09:19 - 2018-11-11 11:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-12 09:19 - 2018-11-11 11:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-12 09:19 - 2018-11-11 11:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-12 09:19 - 2018-11-11 11:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-12 09:19 - 2018-11-11 11:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-12 09:19 - 2018-11-11 11:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-12-12 09:19 - 2018-11-11 11:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-12-12 09:19 - 2018-11-11 11:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-12-12 09:19 - 2018-11-11 11:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-12-12 09:19 - 2018-11-11 11:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-12-12 09:19 - 2018-11-11 11:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 09:19 - 2018-11-11 11:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-12-12 09:19 - 2018-11-08 11:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 09:19 - 2018-11-08 11:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 09:19 - 2018-11-08 11:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-12 09:19 - 2018-11-08 11:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-12 09:19 - 2018-11-08 11:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 09:19 - 2018-11-08 11:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 09:19 - 2018-11-08 11:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-12-12 09:19 - 2018-11-08 11:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-12-12 09:19 - 2018-11-05 23:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 09:19 - 2018-11-05 23:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-12 09:19 - 2018-10-06 11:03 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-12 09:19 - 2018-10-06 10:59 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 09:19 - 2018-10-06 10:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-12 09:19 - 2018-10-06 10:58 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-12 09:19 - 2018-10-06 10:58 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-12 09:19 - 2018-10-06 10:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-12 09:19 - 2018-10-06 10:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-12-12 09:19 - 2018-10-06 10:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 09:19 - 2018-10-06 10:44 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-12-12 09:19 - 2018-10-06 10:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-12-12 09:19 - 2018-10-06 10:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-12-12 09:19 - 2018-10-06 10:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-12-08 21:20 - 2018-12-08 21:20 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-12-08 21:20 - 2018-12-08 21:20 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Google
2018-12-08 21:20 - 2018-12-08 21:20 - 000000000 ____D C:\Program Files\Google
2018-12-08 21:18 - 2019-01-04 22:18 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-08 21:18 - 2019-01-04 22:18 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 14:16 - 2018-05-16 20:49 - 000000000 ____D C:\FRST
2019-01-07 14:16 - 2018-03-17 15:56 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\uTorrent
2019-01-07 14:15 - 2018-03-14 21:02 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2019-01-07 13:07 - 2018-03-14 21:11 - 000000000 ____D C:\Users\Amanda\AppData\Local\ClassicShell
2019-01-07 12:05 - 2018-03-15 14:23 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAmanda
2019-01-07 12:05 - 2018-03-15 14:23 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForAmanda.job
2019-01-07 12:01 - 2018-03-28 16:24 - 000000000 ____D C:\Games Downloaded
2019-01-07 11:23 - 2018-04-09 13:43 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-01-07 08:25 - 2018-07-13 11:03 - 000000000 ____D C:\Users\Amanda\Documents\Bob OlympiaFinancial
2019-01-07 07:13 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-07 07:13 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-07 07:04 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-07 07:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-07 06:58 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-06 15:52 - 2018-03-14 20:29 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F52EBCF6-B655-4260-897D-6C56F659BD58}
2019-01-05 18:27 - 2018-05-06 19:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 22:18 - 2018-05-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-04 22:18 - 2018-04-30 19:02 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-04 22:18 - 2018-04-30 15:27 - 000003616 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-04 22:18 - 2018-04-30 15:27 - 000003370 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-04 22:18 - 2018-04-16 12:45 - 000002950 _____ C:\Windows\System32\Tasks\elbyExecuteWithUAC
2019-01-04 22:18 - 2018-04-06 14:52 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-04 22:18 - 2018-04-06 14:52 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-04 22:18 - 2018-04-05 11:49 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-04 22:18 - 2018-03-14 21:38 - 000003136 _____ C:\Windows\System32\Tasks\klcp_update
2019-01-04 19:39 - 2018-07-01 09:39 - 000000000 ____D C:\Users\Amanda\Documents\Mom Menus
2019-01-03 18:24 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-01-03 09:10 - 2018-03-15 09:39 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-02 14:44 - 2018-05-07 13:48 - 000000233 _____ C:\Users\Amanda\Desktop\Cinematik.URL
2019-01-02 13:32 - 2018-04-10 09:39 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\MPC-HC
2018-12-30 14:16 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-30 09:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2018-12-28 12:57 - 2018-03-15 15:55 - 000000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps
2018-12-28 12:33 - 2018-03-14 20:26 - 000000000 ____D C:\Users\Amanda
2018-12-28 12:32 - 2018-10-29 14:26 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mahjong Epic 2
2018-12-28 12:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-12-28 11:42 - 2018-10-20 13:37 - 000000000 ____D C:\Users\Amanda\AppData\Local\Google
2018-12-25 08:51 - 2018-04-06 14:52 - 000000000 ____D C:\Program Files\CCleaner
2018-12-24 13:06 - 2018-11-02 11:02 - 000000000 ____D C:\Windows\Minidump
2018-12-20 12:05 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-12-20 08:42 - 2018-03-15 09:49 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-12-16 21:27 - 2018-11-11 20:51 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\4 Friends Games
2018-12-14 23:25 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-12 09:37 - 2009-07-13 23:45 - 000340192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 09:24 - 2018-03-15 09:39 - 000000000 ____D C:\Windows\system32\MRT
2018-12-10 17:04 - 2010-11-20 22:27 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-08 21:18 - 2018-10-20 13:37 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2018-09-14 14:25 - 2018-09-14 14:44 - 044858529 _____ () C:\Program Files (x86)\MahJong.Suite.2015.v12.0.rar
2018-04-18 11:24 - 2018-04-18 11:24 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122435.txt
2018-04-18 11:28 - 2018-04-18 11:28 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122827.txt
2018-04-18 14:03 - 2018-04-18 14:03 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150359.txt
2018-04-18 14:09 - 2018-04-18 14:09 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150955.txt
2018-04-10 08:19 - 2018-04-10 08:19 - 000007667 _____ () C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-03 10:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.01.2019
Ran by Amanda (07-01-2019 14:17:12)
Running from C:\Users\Amanda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-03-15 01:26:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3956403641-1016103790-1991301254-500 - Administrator - Disabled)
Amanda (S-1-5-21-3956403641-1016103790-1991301254-1000 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3956403641-1016103790-1991301254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956403641-1016103790-1991301254-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.1.0.0 - RedFox)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.1.3075 - AVG Technologies)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Dark City London Collectors 1.00 (HKLM-x32\...\Dark City London Collectors 1.00) (Version: 1.00 - Games)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Pro (HKLM\...\{E466DA1C-39B7-4FA7-98F5-3B7910976C3D}) (Version: 7.3.2.5495 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{F09C4BE3-9935-4457-A936-69D3C574E351}) (Version: 1.5.1.0 - HP Inc)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Macrium Reflect Server Edition (HKLM\...\{49157BD6-B5D3-4DBB-98C8-A604D4332D9B}) (Version: 7.0.2187 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Mahjong Epic 2 (HKLM-x32\...\Mahjong Epic 21.1) (Version: 1.1 - Foxy Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 64.0 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0 (x64 en-US)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03941A70-4158-4900-8D36-8F597CD87A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {3FFF6A91-3416-4527-85E7-C8676FC6B608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {430E6E3F-AD4A-4913-83CD-C2BE5A226333} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4905C002-F590-4680-86A0-5BE5EB439202} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {510F5F28-A804-486C-8788-646341D85963} - System32\Tasks\HPCeeScheduleForAmanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {58FD8687-A1F3-4CED-BFDE-DD71224F3616} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {5C119B90-A340-4B24-8FD2-5B85872ED0C7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-12-04] (Adobe Systems Incorporated)
Task: {85006378-4CFB-47BB-8A7E-F3CC7A44AD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {9DF6E07E-92B7-43C0-B9BC-5D13950CADB4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {AEC6D5B8-E058-4CCB-90BB-3CFA2D8EA1B4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2019-01-04] (AVG Technologies CZ, s.r.o.)
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
Task: {BCC2C7F2-FB3D-480A-8D73-4136010BFF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
Task: {CE06BBC7-8750-4BAB-8EA6-7CFD9DAAA460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DA92ED9A-F28D-4472-A96B-59809B015955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {DE495F0A-E470-43AB-8A28-875990DDC93C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {E1965C9E-3865-4D70-8D4E-5C7C11653368} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {E487927D-AB5A-482F-9AD0-13974F682CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2018-02-12] (Microsoft)
Task: {E6E1AFA0-3277-4B3A-BCF4-60FD91F8EAE4} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\RedFox\AnyDVD\ExecuteWithUAC.exe [2013-03-21] ()
Task: {E7AF0378-02B1-48AE-B600-C1ADBD2E42C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FE0A8B75-AB27-45BE-A930-582338E20769} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-01] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForAmanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

==================== Loaded Modules (Whitelisted) ==============

2019-01-04 08:41 - 2019-01-04 08:41 - 000662960 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 000550832 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 001967536 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2019-01-07 11:01 - 2019-01-07 11:01 - 006914248 _____ () C:\Program Files\AVG\Antivirus\defs\19010702\algo64.dll
2011-08-09 10:44 - 2011-08-09 10:44 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 093696960 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-10-24 09:21 - 2018-10-24 09:21 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c2fa64d925dff964b5574da71f162548\IsdiInterop.ni.dll
2018-03-14 21:19 - 2011-05-20 12:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-09 13:42 - 2018-04-09 13:42 - 000000143 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11\Driver;;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Intel\Services\IPT\
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{98B44A3A-A17A-47E5-ABDB-F1798C77AD44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{5943820C-A840-4247-8DD5-5142C5020FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0C736896-C1B9-4853-B4A5-77860361B3A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{5989919C-1183-43C8-88B8-0A1A33B2BA2A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5BFE4BC2-21AB-47BE-922A-041ED5B9C7F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{DC7D60E8-68E0-4278-B0B4-F88D4745A367}] => (Allow) C:\Program Files (x86)\EaseUS\System GoBack Free\bin\Agent.exe No File
FirewallRules: [{14C51BDB-5C59-40F2-8CD5-805177EB6BFD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{DF89369F-FE8A-43AB-BF45-B844BF6ACD05}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B890484-52B9-445E-9B59-E0FBD05E4B1B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{2A9980C4-D766-46DF-A58A-1054ACDC1F84}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{9ED67588-1049-42F2-88CE-A4355EA89C0B}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)
FirewallRules: [{83FDEEBF-24CD-427F-B00C-FAC797B268B8}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

06-01-2019 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2019 06:59:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2019 09:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/05/2019 11:15:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/04/2019 05:56:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1cc8a30d-ff89-4128-aa6d-1223e9390496}

Error: (01/04/2019 12:31:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/04/2019 08:44:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/04/2019 08:03:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/03/2019 01:40:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (01/07/2019 07:00:49 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (01/07/2019 07:00:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/07/2019 06:58:17 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (01/06/2019 09:55:46 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (01/06/2019 09:54:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/06/2019 09:53:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (01/06/2019 09:03:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (01/06/2019 12:01:39 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6302B0BF-5A0F-4DCD-BA81-D04591C7000E}

CodeIntegrity:
===================================

Date: 2018-12-02 00:03:52.082
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.739
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.458
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.392
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.033
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:36.752
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:16.019
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:15.691
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 6091.86 MB
Available physical RAM: 3888.63 MB
Total Virtual: 12181.86 MB
Available Virtual: 9758.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.46 GB) (Free:547.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.89 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

\\?\Volume{84515f44-27fb-11e8-9f78-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A65C9874)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Edited by Jackpine, 07 January 2019 - 01:20 PM.

#3
JSntgRvr

Posted 13 January 2019 - 02:52 PM

Global Moderator

Global Moderator
11,579 posts

Hi

Welcome and sorry for the delay.

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
Please read ALL instructions carefully and perform the steps fully and in the order they are written.
If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
Continue to read and follow my instructions until I tell you that your machine is clean.
If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...

Highlight the entire content of the quote box below.

Start::
Task: {0E2EAFE1-7DD1-415C-B021-BCB16CAD5A4E} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2019-01-12] (AVG Technologies) <==== ATTENTION
Task: {ED499121-6B8F-48FA-93AD-8CEB7C1EC911} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2019-01-12] (AVG Technologies) <==== ATTENTION
Toolbar: HKU\S-1-5-21-1732617174-2917179579-3499649716-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
FirewallRules: [{6C37470E-58D5-47A3-928E-769063EFA888}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{2DF7EF7E-A4C7-4051-8F4D-151AE0D989EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{F64733C5-6C8E-44AD-80A0-B97B4B436DCD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{499E58ED-F36D-4AFC-94A0-9B6C01832D6C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
2019-01-12 21:06 - 2017-10-10 20:51 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2018-10-02 16:07 - 2019-01-12 11:04 - 000007599 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\Resmon.ResmonCfg
2017-12-10 01:00 - 2017-12-10 01:00 - 000000000 _____ () C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll
2014-12-28 19:11 - 2014-12-28 19:11 - 000008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2014-12-27 01:49 - 2014-12-27 01:49 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
2014-12-27 01:51 - 2014-12-27 01:51 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll
2017-12-10 01:00 - 2017-12-10 01:00 - 000000000 _____ () C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll
2014-12-28 19:11 - 2014-12-28 19:11 - 000008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2014-12-27 01:49 - 2014-12-27 01:49 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
2014-12-27 01:51 - 2014-12-27 01:51 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll
2018-12-27 07:35 - 2018-12-27 07:35 - 000000000 ____D C:\Program Files (x86)\GUM6BEA.tmp
EMPTYTEMP:
Reboot:
End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan Now
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Reset your browsers to default.. For instructions read here:

After a restart, open a Command Prompt (as Administrator).

Type the following command and press Enter:

SFC /ScanNow

If successful type the following and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%"\Desktop\sfcdetails.txt

Type Exit and press Enter to leave the prompt.

This will create a file on your desktop, sfcdetails.txt. Please post its contents also in a reply.

#4
Jackpine

Posted 14 January 2019 - 07:23 AM

Member

Topic Starter
Member
490 posts

Here are the logs. When I tried to post, I got a message that the post was too long. Likely due to the sfc text. I will try and attach that as a separate file.

Note that when I go to Control Panel, the following items are still missing: Action Center, Windows Update, and Windows Defender.

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2019
Ran by Amanda (14-01-2019 07:44:15) Run:1
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {0E2EAFE1-7DD1-415C-B021-BCB16CAD5A4E} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2019-01-12] (AVG Technologies) <==== ATTENTION
Task: {ED499121-6B8F-48FA-93AD-8CEB7C1EC911} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2019-01-12] (AVG Technologies) <==== ATTENTION
Toolbar: HKU\S-1-5-21-1732617174-2917179579-3499649716-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
FirewallRules: [{6C37470E-58D5-47A3-928E-769063EFA888}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{2DF7EF7E-A4C7-4051-8F4D-151AE0D989EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{F64733C5-6C8E-44AD-80A0-B97B4B436DCD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{499E58ED-F36D-4AFC-94A0-9B6C01832D6C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
2019-01-12 21:06 - 2017-10-10 20:51 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2018-10-02 16:07 - 2019-01-12 11:04 - 000007599 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\Resmon.ResmonCfg
2017-12-10 01:00 - 2017-12-10 01:00 - 000000000 _____ () C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll
2014-12-28 19:11 - 2014-12-28 19:11 - 000008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2014-12-27 01:49 - 2014-12-27 01:49 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
2014-12-27 01:51 - 2014-12-27 01:51 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll
2017-12-10 01:00 - 2017-12-10 01:00 - 000000000 _____ () C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll
2014-12-28 19:11 - 2014-12-28 19:11 - 000008704 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
2014-12-27 01:49 - 2014-12-27 01:49 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
2014-12-27 01:51 - 2014-12-27 01:51 - 001053184 _____ (Robert Simpson, et al.) C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll
2018-12-27 07:35 - 2018-12-27 07:35 - 000000000 ____D C:\Program Files (x86)\GUM6BEA.tmp
EMPTYTEMP:
Reboot:

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2EAFE1-7DD1-415C-B021-BCB16CAD5A4E} => not found
"C:\Windows\System32\Tasks\AVGUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineCore => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED499121-6B8F-48FA-93AD-8CEB7C1EC911} => not found
"C:\Windows\System32\Tasks\AVGUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineUA => not found
"HKU\S-1-5-21-1732617174-2917179579-3499649716-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => not found
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C37470E-58D5-47A3-928E-769063EFA888}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DF7EF7E-A4C7-4051-8F4D-151AE0D989EE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F64733C5-6C8E-44AD-80A0-B97B4B436DCD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{499E58ED-F36D-4AFC-94A0-9B6C01832D6C}" => not found
"C:\Users\TEMP\AppData\LocalLow\Mozilla" => not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Resmon.ResmonCfg" => not found
"C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\SpOrder.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll" => not found
"C:\Users\Guest\AppData\Local\Temp\qfikvdeu.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\SpOrder.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll" => not found
"C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite421d4bf8-0da3-4718-b276-a1f12028730b.dll" => not found
"C:\Program Files (x86)\GUM6BEA.tmp" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5763405 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 23413340 B
Edge => 0 B
Chrome => 94208 B
Firefox => 1085347296 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 115240 B
LocalService => 0 B
NetworkService => 0 B
Amanda => 241033745 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:45:32 ====

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-14-2019
# Duration: 00:00:03
# OS:       Windows 7 Home Premium
# Cleaned: 0
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [09/01/2019 14:46:37]
AdwCleaner[S01].txt - [1318 octets] - [12/01/2019 12:33:40]
AdwCleaner[S02].txt - [1379 octets] - [14/01/2019 07:51:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

sfcdetails.txt 233.73KB 169 downloads

#5
JSntgRvr

Posted 16 January 2019 - 02:31 PM

Global Moderator

Global Moderator
11,579 posts

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#6
Jackpine

Posted 16 January 2019 - 03:06 PM

Member

Topic Starter
Member
490 posts

Here is the log:

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 16-01-2019 at 16:05:36
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#7
JSntgRvr

Posted 16 January 2019 - 08:09 PM

Global Moderator

Global Moderator
11,579 posts

There are Registry entries missing

Highlight the entire content of the quote box below.

Start::
CreateRestorePoint:
Startregedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ConSecRules]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DefaultInboundAction"=-
"DefaultOutboundAction"=-
"DisableUnicastResponsesToMulticastBroadcast"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase2AuthenticationSets]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DefaultInboundAction"=-
"DefaultOutboundAction"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DefaultInboundAction"=-
"DefaultOutboundAction"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
"DisplayName"="@%SystemRoot%\\system32\\ipnathlp.dll,-106"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\ipnathlp.dll,-107"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
6e,00,4d,00,67,00,6d,00,74,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,\
00,42,00,46,00,45,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy]
"IPSecExempt"=dword:00000009
"DisableStatefulFTP"=dword:00000000
"DisableStatefulPPTP"=dword:00000000
"PolicyVersion"=dword:0000020a

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|"
"Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|"
"SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
"SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
"WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|"
"WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|"
"WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
"WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
"WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
"WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
"WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
"WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
"WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
"WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
"WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|"
"WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|"
"WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|"
"WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
"WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
"WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
"WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
"WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
"WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
"WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
"WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
"WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|"
"WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-200|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-203|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-205|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-207|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|"
"Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|"
"Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|"
"Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|"
"Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|"
"Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
"RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|"
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|"
"RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33031|[email protected],-33034|[email protected],-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
"FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
"FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
"FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
"FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
"FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
"FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
"FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
"FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
"FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
"FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
"FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
"FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
"FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
"FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
"FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
"FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
"FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|"
"FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|"
"CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|"
"CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|"
"CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|"
"CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|"
"CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|"
"CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|"
"CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|"
"CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|"
"CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|"
"CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|"
"CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|"
"CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|"
"CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|"
"CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|"
"CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|"
"CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|"
"CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|"
"CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|"
"CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|"
"CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|"
"CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|"
"CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|"
"CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|"
"CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|"
"CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|"
"CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|"
"CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|"
"CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|"
"CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|"
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
"NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
"NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
"NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
"NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
"NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
"NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
"MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
"MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
"MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
"MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
"MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
"MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
"MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
"MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
"MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
"RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
"PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
"WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
"WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
"WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
"WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
"WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
"WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
"PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|"
"PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
"RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
"RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
"RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
"RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
"RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
"WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
"WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
"WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
"WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
"RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
"RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|"
"RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|"
"RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|"
"RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|"
"RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|"
"RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|"
"RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
"RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
"RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
"RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
"RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
"NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
"NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
"NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
"NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|"
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|"
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
"NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
"NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
"NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
"NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
"Microsoft-Windows-PeerDist-HttpTrans-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|"
"Microsoft-Windows-PeerDist-HttpTrans-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|"
"Microsoft-Windows-PeerDist-WSD-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|"
"Microsoft-Windows-PeerDist-WSD-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|"
"Microsoft-Windows-PeerDist-HostedServer-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|"
"Microsoft-Windows-PeerDist-HostedServer-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|"
"Microsoft-Windows-PeerDist-HostedClient-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|"
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|"
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|"
"MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|"
"MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|"
"MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|"
"MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|"
"MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|"
"MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|"
"MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|"
"MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|"
"MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|"
"MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|"
"MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|"
"MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|"
"MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|"
"MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|"
"MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|"
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|"
"MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|"
"RemoteDesktop-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|"
"RemoteDesktop-UserMode-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|"
"WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
"WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|"
"WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|"
"WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|"
"WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|"
"RemoteDesktop-UserMode-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-101|[email protected],-102|[email protected],-28852|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch]
"Epoch"=dword:00000138

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2]
"Epoch"=dword:00000048

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceDllUnloadOnStop"=dword:00000001
"SharedAutoDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy]
"DisableStatefulFTP"=dword:00000000
"PolicyVersion"=dword:0000020a
"DisableStatefulPPTP"=dword:00000000
"IPSecExempt"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
"RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
"RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
"RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
"RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
"RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|"
"RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|"
"RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|"
"RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|"
"RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|"
"RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
"RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
"WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
"WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
"WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
"WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
"RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
"RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
"RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
"RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
"RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|"
"PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|"
"PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|"
"WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
"WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
"WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
"WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
"WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
"WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
"PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
"RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
"MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
"MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
"MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
"MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
"MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
"MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
"MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
"MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
"MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
"MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
"NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
"NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
"NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
"NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
"NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
"NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"
"CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|"
"CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|"
"CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|"
"CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|"
"CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|"
"CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|"
"CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|"
"CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|"
"CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|"
"CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|"
"CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|"
"CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|"
"CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|"
"CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|"
"CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|"
"CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|"
"CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|"
"CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|"
"CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|"
"CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|"
"CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|"
"CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|"
"CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|"
"CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|"
"CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|"
"CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|"
"CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|"
"CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|"
"CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|"
"CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|"
"CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|"
"FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-Out)|[email protected],-28551|[email protected],-28502|"
"FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-In)|[email protected],-28549|[email protected],-28502|"
"FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv6-Out)|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv6-In)|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv4-Out)|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv4-In)|[email protected],-28547|[email protected],-28502|"
"FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=File and Printer Sharing (Spooler Service - RPC-EPMAP)|[email protected],-28542|[email protected],-28502|"
"FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=File and Printer Sharing (Spooler Service - RPC)|[email protected],-28538|[email protected],-28502|"
"FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Datagram-Out)|[email protected],-28534|[email protected],-28502|"
"FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Datagram-In)|[email protected],-28530|[email protected],-28502|"
"FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Name-Out)|[email protected],-28526|[email protected],-28502|"
"FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Name-In)|[email protected],-28522|[email protected],-28502|"
"FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (SMB-Out)|[email protected],-28518|[email protected],-28502|"
"FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (SMB-In)|[email protected],-28514|[email protected],-28502|"
"FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Session-Out)|[email protected],-28510|[email protected],-28502|"
"FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Session-In)|[email protected],-28506|[email protected],-28502|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
"FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
"FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
"FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
"FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
"FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
"RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|[email protected],-33038|[email protected],-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|[email protected],-33034|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|[email protected],-33030|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|[email protected],-33026|[email protected],-33002|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|[email protected],-33022|[email protected],-33002|"
"RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-Out)|[email protected],-33010|[email protected],-33002|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-In)|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|"
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|"
"RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|"
"RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|"
"Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|"
"Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|"
"Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|"
"Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|"
"Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|"
"Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=HomeGroup Out (PNRP)|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=HomeGroup In (PNRP)|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=HomeGroup Out|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=HomeGroup In|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|"
"WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|"
"WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
"WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
"WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
"WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
"WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
"WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
"WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
"WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
"WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|"
"WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|"
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|"
"WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
"WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
"WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
"WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
"WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
"WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
"WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
"WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
"WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|"
"WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|"
"WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|"
"SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
"SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
"Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|"
"SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|"
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
"NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
"NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
"NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
"NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|"
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|"
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
"NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
"NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
"NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
"NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
"Microsoft-Windows-PeerDist-HttpTrans-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|"
"Microsoft-Windows-PeerDist-HttpTrans-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|"
"Microsoft-Windows-PeerDist-WSD-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|"
"Microsoft-Windows-PeerDist-WSD-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|"
"Microsoft-Windows-PeerDist-HostedServer-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|"
"Microsoft-Windows-PeerDist-HostedServer-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|"
"Microsoft-Windows-PeerDist-HostedClient-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|"
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|"
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|"
"MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|"
"MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|"
"MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|"
"MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|"
"MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|"
"MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|"
"MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|"
"MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|"
"MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|"
"MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|"
"MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|"
"MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|"
"MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|"
"MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|"
"MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|"
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|"
"MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|"
"RemoteDesktop-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|"
"RemoteDesktop-UserMode-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|"
"WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
"WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|"
"WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|"
"WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|"
"WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|"
"RemoteDesktop-UserMode-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-101|[email protected],-102|[email protected],-28852|"
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-In)|[email protected],-28549|[email protected],-28502|"
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-Out)|[email protected],-28551|[email protected],-28502|"
"{FF12FAD7-907C-46A9-B753-350099A3C57D}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-In)|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
"{FB5CAB66-605E-4D70-8614-A08B382D695F}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-Out)|[email protected],-33010|[email protected],-33002|"
"{37027095-D481-4B4D-9488-C28D5D1706B6}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|[email protected],-33022|[email protected],-33002|"
"{84D3F720-2CB3-43C1-AB52-EFC9DE6AA178}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|[email protected],-33026|[email protected],-33002|"
"{61194830-003E-400D-82C6-DB3F234ECCD0}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|[email protected],-33030|[email protected],-33002|"
"{0057F9E0-1757-413E-8D2B-8338B6B6B248}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|[email protected],-33034|[email protected],-33002|"
"{BAA9DA42-3443-40D7-91CE-E36076D7F38F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
"{75712289-501A-4C79-8597-8A5C320CD92E}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|[email protected],-33038|[email protected],-33002|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"AxInstSV-1"="V2.0|Action=Block|Dir=In|app=%windir%\\System32\\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|"
"AxInstSV-2"="V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\\System32\\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"HidServ-1"="V2.0|Action=Block|Dir=in|App=%windir%\\System32\\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|"
"HidServ-2"="V2.0|Action=Block|Dir=out|App=%windir%\\System32\\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|"
"Eventlog-1"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|"
"Eventlog-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|"
"Eventlog-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|"
"PolicyAgent-1"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23300|[email protected],-23301|"
"PolicyAgent-2"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23302|[email protected],-23303|"
"PolicyAgent-3"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23312|[email protected],-23313|"
"PolicyAgent-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23304|"
"PolicyAgent-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23305|"
"DPS-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"DPS-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"WdiSystemHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"WdiSystemHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"Netman-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|"
"Netman-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|"
"BFE-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\System32\\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|"
"BFE-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\System32\\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|"
"DHCP-1"="V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"DHCP-1-1"="V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"DHCP-2"="V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"DHCP-3"="V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"DHCP-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"DHCP-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
"Trkwks-1"="V2.0|Action=Block|Dir=in|App=%windir%\\System32\\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|"
"Trkwks-2"="V2.0|Action=Block|Dir=out|App=%windir%\\System32\\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|"
"AVEndpointBuilder-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|"
"AVEndpointBuilder-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any outbound traffic from AudioEndpointBuilder|"
"Audiosrv-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=Audiosrv|Name=Block any inbound traffic to Audiosrv|"
"Audiosrv-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=Audiosrv|Name=Block any outbound traffic from Audiosrv|"
"LMHosts-1"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
"LMHosts-2"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
"LMHosts-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
"LMHosts-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=Mpssvc|[email protected],-23306|"
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=Mpssvc|[email protected],-23307|"
"WerSvc-1"="V2.0|Action=Block|Dir=In|app=%windir%\\System32\\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|"
"WerSvc-2"="V2.0|Action=Block|Dir=Out|app=%windir%\\System32\\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|"
"WudfSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
"WudfSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
"SNMPTRAP-1"="V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-5|"
"SNMPTRAP-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-6|"
"SNMPTRAP-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-6|"
"UI0Detect-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\System32\\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"UI0Detect-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\System32\\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"uxsms-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\System32\\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|"
"uxsms-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\System32\\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|"
"dot3svc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\System32\\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"dot3svc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\System32\\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"IPBusEnum-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|"
"IPBusEnum-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|"
"PNRP Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"PnrpAuto Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
"Sysmain-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|"
"PnrpAuto Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
"PcaSvc-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=PcaSvc|[email protected],-3|[email protected],-5|"
"HomeGroup Allow Out (PRNP)"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|RPort=3540|Protocol=17|Name=Allow PNRP to send from port 3540|"
"PcaSvc-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PcaSvc|[email protected],-4|[email protected],-6|"
"HomeGroup Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup incoming|"
"SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
"Wlansvc-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"P2P Grouping Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"Sysmain-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|"
"HomeGroup Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
"SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"
"Wlansvc-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"P2P Grouping Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
"SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
"HomeGroup Allow In (PRNP)"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|LPort=3540|Protocol=17|Name=Allow PNRP to receive from port 3540|"
"SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
"PNRP Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"WindowsDefender-Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\\\system32\\\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|"
"P2P Ident Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"P2P Grouping Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"HomeGroup Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup outgoing|"
"P2P Ident Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"WcsPlugInService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WcsPlugInService|[email protected],-160|"
"TabletInputService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|"
"PNRP Block Out"="v2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"WwanSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WwanSvc|Name=Block any network traffic to WwanSvc|"
"TabletInputService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|"
"HomeGroup Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
"HomeGroup Listener Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|"
"HomeGroup Listener Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|"
"PNRP Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"WcsPlugInService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WcsPlugInService|[email protected],-161|"
"WindowsDefender-In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\\\system32\\\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|"
"WwanSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WwanSvc|Name=Block any network traffic from WwanSvc|"
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
"WPDBUSENUM-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
"P2P Grouping Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
"WPDBUSENUM-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
"UmRdpService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=UmRdpService|Name=Block any traffic to UmRdpService|"
"UmRdpService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=UmRdpService|Name=Block any traffic from UmRdpService|"
"PeerDist Allow WSD In"="V2.0|Action=Allow|Dir=In|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|"
"PeerDist Allow WSD In 2"="V2.0|Action=Allow|Dir=In|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|"
"PeerDist Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|"
"CscService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|"
"PeerDist Allow TCP Out"="V2.0|Action=Allow|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing TCP from PeerDistSvc|"
"PeerDist Allow WSD Out 2"="V2.0|Action=Allow|Dir=Out|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|"
"CscService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|"
"PeerDist Allow TCP In"="V2.0|Action=Allow|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming TCP to PeerDistSvc|"
"PeerDist Allow WSD Out"="V2.0|Action=Allow|Dir=Out|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|"
"PeerDist Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"PreshutdownTimeout"=dword:036ee800
"DisplayName"="Windows Update"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Endregedit:

Reboot:
End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Upon restart, check your Control Panel. Are entries still missing? Please run Farbar Service Scanner once again and post its report.

#8
Jackpine

Posted 16 January 2019 - 09:08 PM

Member

Topic Starter
Member
490 posts

Action Center, Windows Update, and Windows Defender icons are still missing from the Control Panel. A "new updates are available" notification icon now appears in the bottom of the screen, but when I click on it, noting happens. Here are the logs.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (16-01-2019 21:59:30) Run:3
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
    CreateRestorePoint:
    Startregedit:
    Windows Registry Editor Version 5.00
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\ConSecRules]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DefaultInboundAction"=-
    "DefaultOutboundAction"=-
    "DisableUnicastResponsesToMulticastBroadcast"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase1AuthenticationSets]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Phase2AuthenticationSets]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DefaultInboundAction"=-
    "DefaultOutboundAction"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DefaultInboundAction"=-
    "DefaultOutboundAction"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
    "DisplayName"="@%SystemRoot%\\system32\\ipnathlp.dll,-106"
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "Description"="@%SystemRoot%\\system32\\ipnathlp.dll,-107"
    "ObjectName"="LocalSystem"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000003
    "Type"=dword:00000020
    "DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
      6e,00,4d,00,67,00,6d,00,74,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,\
      00,42,00,46,00,45,00,00,00,00,00
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
      00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
      67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
      00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
      65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
      00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
      53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
      61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy]
    "IPSecExempt"=dword:00000009
    "DisableStatefulFTP"=dword:00000000
    "DisableStatefulPPTP"=dword:00000000
    "PolicyVersion"=dword:0000020a
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile]
    "DisableNotifications"=dword:00000000
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
      00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
      6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    "SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|"
    "Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|"
    "SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
    "SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
    "WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|"
    "WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|"
    "WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|"
    "WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
    "WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
    "WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
    "WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
    "WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
    "WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
    "WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
    "WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
    "WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
    "WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
    "WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
    "WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
    "WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
    "WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
    "WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
    "WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
    "WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
    "WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|"
    "WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|"
    "WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|"
    "WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|"
    "WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
    "WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
    "WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
    "WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
    "WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
    "WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
    "WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
    "WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
    "WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
    "WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|"
    "WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|"
    "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-200|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-203|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-205|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-207|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|"
    "Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|"
    "Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|"
    "Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|"
    "Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|"
    "Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|"
    "Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|"
    "Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|"
    "RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
    "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
    "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|"
    "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|"
    "RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|"
    "RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33019|[email protected],-33022|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33023|[email protected],-33026|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33027|[email protected],-33030|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-33031|[email protected],-33034|[email protected],-33002|"
    "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
    "FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
    "FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
    "FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
    "FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
    "FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
    "FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
    "FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
    "FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
    "FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
    "FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
    "FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
    "FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
    "FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
    "FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
    "FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
    "FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
    "FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
    "FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
    "FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
    "FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
    "FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
    "FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
    "FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|"
    "FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-28550|[email protected],-28551|[email protected],-28502|"
    "CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|"
    "CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|"
    "CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|"
    "CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|"
    "CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|"
    "CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|"
    "CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|"
    "CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|"
    "CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|"
    "CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|"
    "CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|"
    "CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|"
    "CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|"
    "CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|"
    "CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|"
    "CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|"
    "CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|"
    "CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|"
    "CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|"
    "CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|"
    "CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|"
    "CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|"
    "CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|"
    "CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|"
    "CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|"
    "CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|"
    "CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|"
    "CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|"
    "CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|"
    "CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|"
    "CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|"
    "CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|"
    "CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|"
    "CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"
    "NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
    "NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
    "NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
    "NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
    "NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
    "NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
    "NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
    "NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
    "NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
    "NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
    "NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
    "NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
    "MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
    "MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
    "MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
    "MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
    "MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
    "MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
    "MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
    "MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
    "MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
    "MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
    "MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
    "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
    "RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
    "RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
    "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
    "RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
    "RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
    "PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
    "PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
    "PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
    "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
    "WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
    "WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
    "WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
    "WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
    "WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
    "WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
    "WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
    "WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
    "PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|"
    "PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|"
    "PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|"
    "PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|"
    "RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
    "RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
    "RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
    "RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
    "RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
    "RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
    "RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
    "RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
    "RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
    "RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
    "WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
    "WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
    "WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
    "WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
    "RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
    "RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
    "RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
    "RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
    "RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|"
    "RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|"
    "RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|"
    "RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|"
    "RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|"
    "RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|"
    "RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
    "RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
    "RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
    "RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
    "RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
    "RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
    "NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
    "NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
    "NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
    "NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
    "NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
    "NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
    "NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|"
    "NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|"
    "NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
    "NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
    "NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
    "NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
    "NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
    "NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
    "Microsoft-Windows-PeerDist-HttpTrans-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|"
    "Microsoft-Windows-PeerDist-HttpTrans-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|"
    "Microsoft-Windows-PeerDist-WSD-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|"
    "Microsoft-Windows-PeerDist-WSD-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|"
    "Microsoft-Windows-PeerDist-HostedServer-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|"
    "Microsoft-Windows-PeerDist-HostedServer-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|"
    "Microsoft-Windows-PeerDist-HostedClient-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|"
    "MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|"
    "MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|"
    "MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|"
    "MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|"
    "MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|"
    "MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|"
    "MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|"
    "MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|"
    "MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|"
    "MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|"
    "MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|"
    "MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|"
    "MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|"
    "MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|"
    "MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|"
    "MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|"
    "MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|"
    "MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|"
    "MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|"
    "RemoteDesktop-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|"
    "RemoteDesktop-UserMode-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|"
    "WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
    "WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
    "WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|"
    "WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|"
    "WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|"
    "WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|"
    "WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|"
    "RemoteDesktop-UserMode-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-101|[email protected],-102|[email protected],-28852|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile]
    "DisableNotifications"=dword:00000000
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
      00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
      6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile]
    "DisableNotifications"=dword:00000000
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      4c,00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,72,00,65,\
      00,77,00,61,00,6c,00,6c,00,5c,00,70,00,66,00,69,00,72,00,65,00,77,00,61,00,\
      6c,00,6c,00,2e,00,6c,00,6f,00,67,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch]
    "Epoch"=dword:00000138
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2]
    "Epoch"=dword:00000048
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
      00
    "ServiceDllUnloadOnStop"=dword:00000001
    "SharedAutoDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy]
    "DisableStatefulFTP"=dword:00000000
    "PolicyVersion"=dword:0000020a
    "DisableStatefulPPTP"=dword:00000000
    "IPSecExempt"=dword:00000009
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
    "RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
    "RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
    "RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-34506|[email protected],-34507|[email protected],-34501|"
    "RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vdsldr.exe|[email protected],-34504|[email protected],-34505|[email protected],-34501|"
    "RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|[email protected],-34502|[email protected],-34503|[email protected],-34501|"
    "RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|[email protected],-33761|[email protected],-33764|[email protected],-33752|"
    "RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|[email protected],-33765|[email protected],-33768|[email protected],-33752|"
    "RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|[email protected],-33757|[email protected],-33760|[email protected],-33752|"
    "RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|[email protected],-33753|[email protected],-33756|[email protected],-33752|"
    "RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|[email protected],-33773|[email protected],-33776|[email protected],-33752|"
    "RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|[email protected],-33769|[email protected],-33772|[email protected],-33752|"
    "RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
    "RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
    "RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-30007|[email protected],-30010|[email protected],-30002|"
    "RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|[email protected],-30003|[email protected],-30006|[email protected],-30002|"
    "WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
    "WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|[email protected],-35001|[email protected],-35002|[email protected],-30252|"
    "WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
    "WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|[email protected],-30253|[email protected],-30256|[email protected],-30252|"
    "RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
    "RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
    "RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33257|[email protected],-33260|[email protected],-33252|"
    "RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|[email protected],-33253|[email protected],-33256|[email protected],-33252|"
    "RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
    "RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
    "RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
    "RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29265|[email protected],-29268|[email protected],-29252|"
    "RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29257|[email protected],-29260|[email protected],-29252|"
    "RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|[email protected],-29253|[email protected],-29256|[email protected],-29252|"
    "PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34009|[email protected],-34010|[email protected],-34002|"
    "PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-34007|[email protected],-34008|[email protected],-34002|"
    "PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34005|[email protected],-34006|[email protected],-34002|"
    "PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-34003|[email protected],-34004|[email protected],-34002|Edge=TRUE|Defer=App|"
    "WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
    "WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
    "WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
    "WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
    "WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\wbem\\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|"
    "WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34258|[email protected],-34259|[email protected],-34251|"
    "WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|"
    "WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|"
    "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
    "PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
    "PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-34755|[email protected],-34756|[email protected],-34752|"
    "PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\plasrv.exe|[email protected],-34753|[email protected],-34754|[email protected],-34752|"
    "RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
    "RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
    "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
    "RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-29515|[email protected],-29518|[email protected],-29502|"
    "RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-29507|[email protected],-29510|[email protected],-29502|"
    "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"
    "MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
    "MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
    "MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
    "MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
    "MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|[email protected],-33513|[email protected],-33514|[email protected],-33502|"
    "MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|[email protected],-33511|[email protected],-33512|[email protected],-33502|"
    "MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33507|[email protected],-33510|[email protected],-33502|"
    "MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|[email protected],-33503|[email protected],-33506|[email protected],-33502|"
    "MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
    "MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
    "MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29007|[email protected],-29010|[email protected],-29002|"
    "MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|[email protected],-29003|[email protected],-29006|[email protected],-29002|"
    "NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
    "NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
    "NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
    "NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
    "NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
    "NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
    "NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
    "NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32811|[email protected],-32812|[email protected],-32752|"
    "NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|[email protected],-32809|[email protected],-32810|[email protected],-32752|"
    "NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32805|[email protected],-32808|[email protected],-32752|"
    "NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-32801|[email protected],-32804|[email protected],-32752|"
    "NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32789|[email protected],-32792|[email protected],-32752|"
    "NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-32785|[email protected],-32788|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-32821|[email protected],-32822|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32757|[email protected],-32760|[email protected],-32752|"
    "NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32753|[email protected],-32756|[email protected],-32752|"
    "NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-32819|[email protected],-32820|[email protected],-32752|"
    "NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-32817|[email protected],-32818|[email protected],-32752|"
    "NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-32815|[email protected],-32816|[email protected],-32752|"
    "NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-32813|[email protected],-32814|[email protected],-32752|"
    "NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-32781|[email protected],-32784|[email protected],-32752|"
    "NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-32777|[email protected],-32780|[email protected],-32752|"
    "NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-32773|[email protected],-32776|[email protected],-32752|"
    "NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-32769|[email protected],-32772|[email protected],-32752|"
    "NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|[email protected],-32765|[email protected],-32768|[email protected],-32752|"
    "NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|[email protected],-32761|[email protected],-32764|[email protected],-32752|"
    "CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"
    "CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|[email protected],-25405|[email protected],-25406|[email protected],-25000|"
    "CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|[email protected],-25403|[email protected],-25404|[email protected],-25000|"
    "CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-25401|[email protected],-25401|[email protected],-25000|"
    "CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|[email protected],-25352|[email protected],-25358|[email protected],-25000|"
    "CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|[email protected],-25351|[email protected],-25357|[email protected],-25000|"
    "CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25427|[email protected],-25429|[email protected],-25000|"
    "CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|[email protected],-25426|[email protected],-25428|[email protected],-25000|"
    "CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25327|[email protected],-25333|[email protected],-25000|"
    "CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|[email protected],-25326|[email protected],-25332|[email protected],-25000|"
    "CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25305|[email protected],-25306|[email protected],-25000|"
    "CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25304|[email protected],-25306|[email protected],-25000|"
    "CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25302|[email protected],-25303|[email protected],-25000|"
    "CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|[email protected],-25301|[email protected],-25303|[email protected],-25000|"
    "CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|[email protected],-25377|[email protected],-25382|[email protected],-25000|"
    "CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|[email protected],-25376|[email protected],-25382|[email protected],-25000|"
    "CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|[email protected],-25251|[email protected],-25257|[email protected],-25000|"
    "CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|[email protected],-25083|[email protected],-25088|[email protected],-25000|"
    "CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|[email protected],-25082|[email protected],-25088|[email protected],-25000|"
    "CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|[email protected],-25076|[email protected],-25081|[email protected],-25000|"
    "CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|[email protected],-25075|[email protected],-25081|[email protected],-25000|"
    "CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|[email protected],-25069|[email protected],-25074|[email protected],-25000|"
    "CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|[email protected],-25068|[email protected],-25074|[email protected],-25000|"
    "CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|[email protected],-25062|[email protected],-25067|[email protected],-25000|"
    "CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|[email protected],-25061|[email protected],-25067|[email protected],-25000|"
    "CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|[email protected],-25008|[email protected],-25011|[email protected],-25000|"
    "CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|[email protected],-25009|[email protected],-25011|[email protected],-25000|"
    "CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|[email protected],-25013|[email protected],-25018|[email protected],-25000|"
    "CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|[email protected],-25012|[email protected],-25018|[email protected],-25000|"
    "CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|[email protected],-25027|[email protected],-25032|[email protected],-25000|"
    "CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|[email protected],-25026|[email protected],-25032|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|[email protected],-25020|[email protected],-25025|[email protected],-25000|"
    "CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|[email protected],-25019|[email protected],-25025|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|[email protected],-25117|[email protected],-25118|[email protected],-25000|"
    "CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|[email protected],-25116|[email protected],-25118|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|[email protected],-25114|[email protected],-25115|[email protected],-25000|"
    "CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|[email protected],-25113|[email protected],-25115|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|[email protected],-25002|[email protected],-25007|[email protected],-25000|"
    "CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|[email protected],-25001|[email protected],-25007|[email protected],-25000|Edge=TRUE|"
    "CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|[email protected],-25110|[email protected],-25112|[email protected],-25000|Edge=TRUE|"
    "FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-Out)|[email protected],-28551|[email protected],-28502|"
    "FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-In)|[email protected],-28549|[email protected],-28502|"
    "FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv6-Out)|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv6-In)|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv4-Out)|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=File and Printer Sharing (Echo Request - ICMPv4-In)|[email protected],-28547|[email protected],-28502|"
    "FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=File and Printer Sharing (Spooler Service - RPC-EPMAP)|[email protected],-28542|[email protected],-28502|"
    "FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=File and Printer Sharing (Spooler Service - RPC)|[email protected],-28538|[email protected],-28502|"
    "FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Datagram-Out)|[email protected],-28534|[email protected],-28502|"
    "FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Datagram-In)|[email protected],-28530|[email protected],-28502|"
    "FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Name-Out)|[email protected],-28526|[email protected],-28502|"
    "FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Name-In)|[email protected],-28522|[email protected],-28502|"
    "FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (SMB-Out)|[email protected],-28518|[email protected],-28502|"
    "FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (SMB-In)|[email protected],-28514|[email protected],-28502|"
    "FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Session-Out)|[email protected],-28510|[email protected],-28502|"
    "FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=File and Printer Sharing (NB-Session-In)|[email protected],-28506|[email protected],-28502|"
    "FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28546|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28544|[email protected],-28547|[email protected],-28502|"
    "FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|"
    "FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|"
    "FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|"
    "FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|[email protected],-28531|[email protected],-28534|[email protected],-28502|"
    "FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|"
    "FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|[email protected],-28523|[email protected],-28526|[email protected],-28502|"
    "FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|"
    "FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|[email protected],-28515|[email protected],-28518|[email protected],-28502|"
    "FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|"
    "FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|[email protected],-28507|[email protected],-28510|[email protected],-28502|"
    "FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|"
    "RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|[email protected],-33038|[email protected],-33002|"
    "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|[email protected],-33034|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|[email protected],-33030|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|[email protected],-33026|[email protected],-33002|"
    "RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|[email protected],-33022|[email protected],-33002|"
    "RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-Out)|[email protected],-33010|[email protected],-33002|"
    "RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-In)|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|[email protected],-33035|[email protected],-33036|[email protected],-33002|"
    "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33015|[email protected],-33018|[email protected],-33002|"
    "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|[email protected],-33011|[email protected],-33014|[email protected],-33002|"
    "RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33037|[email protected],-33038|[email protected],-33002|"
    "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|[email protected],-33039|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
    "RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33007|[email protected],-33010|[email protected],-33002|"
    "RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|[email protected],-33003|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
    "Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32031|[email protected],-32034|[email protected],-32002|"
    "Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-32027|[email protected],-32030|[email protected],-32002|"
    "Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32023|[email protected],-32026|[email protected],-32002|"
    "Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|[email protected],-32019|[email protected],-32022|[email protected],-32002|Edge=TRUE|Defer=App|"
    "Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|"
    "Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|"
    "Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|"
    "Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|"
    "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=HomeGroup Out (PNRP)|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=HomeGroup In (PNRP)|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=HomeGroup Out|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=HomeGroup In|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
    "WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|[email protected],-31501|[email protected],-31502|[email protected],-31500|Edge=TRUE|Defer=App|"
    "WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-31321|[email protected],-31322|[email protected],-31252|"
    "WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
    "WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
    "WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
    "WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
    "WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
    "WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
    "WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
    "WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
    "WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
    "WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31281|[email protected],-31284|[email protected],-31252|"
    "WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31277|[email protected],-31280|[email protected],-31252|"
    "WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31273|[email protected],-31276|[email protected],-31252|"
    "WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|[email protected],-31269|[email protected],-31272|[email protected],-31252|"
    "WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
    "WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
    "WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
    "WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
    "WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31317|[email protected],-31320|[email protected],-31252|"
    "WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31313|[email protected],-31316|[email protected],-31252|"
    "WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31309|[email protected],-31312|[email protected],-31252|"
    "WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|[email protected],-31305|[email protected],-31308|[email protected],-31252|"
    "WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31301|[email protected],-31304|[email protected],-31252|"
    "WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31297|[email protected],-31300|[email protected],-31252|"
    "WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|[email protected],-31293|[email protected],-31296|[email protected],-31252|"
    "WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|[email protected],-31289|[email protected],-31292|[email protected],-31252|"
    "WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|[email protected],-31285|[email protected],-31288|[email protected],-31252|"
    "WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31265|[email protected],-31268|[email protected],-31252|"
    "WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31261|[email protected],-31264|[email protected],-31252|"
    "WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31257|[email protected],-31260|[email protected],-31252|"
    "WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-31253|[email protected],-31256|[email protected],-31252|"
    "WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31011|[email protected],-31014|[email protected],-31002|"
    "WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31007|[email protected],-31010|[email protected],-31002|"
    "WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|[email protected],-31003|[email protected],-31006|[email protected],-31002|"
    "SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
    "SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|[email protected],-7|[email protected],-8|[email protected],-3|"
    "Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|"
    "SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|[email protected],-35002|[email protected],-35003|[email protected],-35001|"
    "NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
    "NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
    "NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
    "NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
    "NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
    "NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
    "NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31753|[email protected],-31756|[email protected],-31752|"
    "NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31757|[email protected],-31760|[email protected],-31752|"
    "NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31761|[email protected],-31764|[email protected],-31752|"
    "NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|[email protected],-31765|[email protected],-31768|[email protected],-31752|"
    "NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31769|[email protected],-31770|[email protected],-31752|"
    "NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31771|[email protected],-31772|[email protected],-31752|"
    "NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31773|[email protected],-31774|[email protected],-31752|"
    "NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-31775|[email protected],-31776|[email protected],-31752|"
    "Microsoft-Windows-PeerDist-HttpTrans-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=SYSTEM|[email protected],-10000|[email protected],-11000|[email protected],-9000|"
    "Microsoft-Windows-PeerDist-HttpTrans-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=80|App=SYSTEM|[email protected],-10001|[email protected],-11001|[email protected],-9000|"
    "Microsoft-Windows-PeerDist-WSD-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10002|[email protected],-11002|[email protected],-9001|"
    "Microsoft-Windows-PeerDist-WSD-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=PeerDistSvc|[email protected],-10003|[email protected],-11003|[email protected],-9001|"
    "Microsoft-Windows-PeerDist-HostedServer-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10004|[email protected],-11004|[email protected],-9002|"
    "Microsoft-Windows-PeerDist-HostedServer-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|LPort=443|App=SYSTEM|[email protected],-10005|[email protected],-11005|[email protected],-9002|"
    "Microsoft-Windows-PeerDist-HostedClient-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=443|App=SYSTEM|[email protected],-10006|[email protected],-11006|[email protected],-9003|"
    "MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30753|[email protected],-30756|[email protected],-30752|"
    "MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30757|[email protected],-30760|[email protected],-30752|"
    "MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|"
    "MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|"
    "MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30769|[email protected],-30772|[email protected],-30752|"
    "MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30773|[email protected],-30776|[email protected],-30752|"
    "MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30777|[email protected],-30780|[email protected],-30752|"
    "MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|[email protected],-30781|[email protected],-30784|[email protected],-30752|"
    "MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30785|[email protected],-30788|[email protected],-30752|"
    "MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30793|[email protected],-30796|[email protected],-30752|"
    "MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30801|[email protected],-30804|[email protected],-30752|"
    "MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|"
    "MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=mcx2svc|[email protected],-30810|[email protected],-30811|[email protected],-30752|"
    "MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|"
    "MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30814|[email protected],-30815|[email protected],-30752|"
    "MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30816|[email protected],-30817|[email protected],-30752|"
    "MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|"
    "MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30820|[email protected],-30821|[email protected],-30752|"
    "MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30822|[email protected],-30823|[email protected],-30752|"
    "RemoteDesktop-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=System|[email protected],-28753|[email protected],-28756|[email protected],-28752|"
    "RemoteDesktop-UserMode-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-28853|[email protected],-28856|[email protected],-28852|"
    "WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
    "WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\wudfhost.exe|[email protected],-30503|[email protected],-30506|[email protected],-30502|"
    "WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30507|[email protected],-30510|[email protected],-30502|"
    "WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|[email protected],-30511|[email protected],-30514|[email protected],-30502|"
    "WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-30515|[email protected],-30518|[email protected],-30502|"
    "WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|[email protected],-30519|[email protected],-30522|[email protected],-30502|"
    "WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|[email protected],-30523|[email protected],-30524|[email protected],-30502|"
    "RemoteDesktop-UserMode-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|[email protected],-101|[email protected],-102|[email protected],-28852|"
    "{B99ADA06-7F1B-45E0-97CF-111F9757A78F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-In)|[email protected],-28549|[email protected],-28502|"
    "{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=File and Printer Sharing (LLMNR-UDP-Out)|[email protected],-28551|[email protected],-28502|"
    "{FF12FAD7-907C-46A9-B753-350099A3C57D}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-In)|[email protected],-33006|[email protected],-33002|Edge=TRUE|Defer=App|"
    "{FB5CAB66-605E-4D70-8614-A08B382D695F}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=Remote Assistance (TCP-Out)|[email protected],-33010|[email protected],-33002|"
    "{37027095-D481-4B4D-9488-C28D5D1706B6}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-In)|[email protected],-33022|[email protected],-33002|"
    "{84D3F720-2CB3-43C1-AB52-EFC9DE6AA178}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP UDP-Out)|[email protected],-33026|[email protected],-33002|"
    "{61194830-003E-400D-82C6-DB3F234ECCD0}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-In)|[email protected],-33030|[email protected],-33002|"
    "{0057F9E0-1757-413E-8D2B-8338B6B6B248}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=Remote Assistance (SSDP TCP-Out)|[email protected],-33034|[email protected],-33002|"
    "{BAA9DA42-3443-40D7-91CE-E36076D7F38F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-In)|[email protected],-33040|[email protected],-33002|Edge=TRUE|Defer=App|"
    "{75712289-501A-4C79-8597-8A5C320CD92E}"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=Remote Assistance (PNRP-Out)|[email protected],-33038|[email protected],-33002|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
    "AxInstSV-1"="V2.0|Action=Block|Dir=In|app=%windir%\\System32\\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|"
    "AxInstSV-2"="V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\\System32\\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
    "HidServ-1"="V2.0|Action=Block|Dir=in|App=%windir%\\System32\\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|"
    "HidServ-2"="V2.0|Action=Block|Dir=out|App=%windir%\\System32\\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|"
    "Eventlog-1"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|"
    "Eventlog-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|"
    "Eventlog-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|"
    "PolicyAgent-1"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23300|[email protected],-23301|"
    "PolicyAgent-2"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23302|[email protected],-23303|"
    "PolicyAgent-3"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23312|[email protected],-23313|"
    "PolicyAgent-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23304|"
    "PolicyAgent-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PolicyAgent|[email protected],-23305|"
    "DPS-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
    "DPS-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
    "WdiSystemHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
    "WdiSystemHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
    "Netman-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|"
    "Netman-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|"
    "BFE-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\System32\\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|"
    "BFE-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\System32\\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|"
    "DHCP-1"="V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "DHCP-1-1"="V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "DHCP-2"="V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "DHCP-3"="V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|Desc=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "DHCP-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "DHCP-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\\system32\\dhcpcore.dll,-102|"
    "Trkwks-1"="V2.0|Action=Block|Dir=in|App=%windir%\\System32\\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|"
    "Trkwks-2"="V2.0|Action=Block|Dir=out|App=%windir%\\System32\\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|"
    "AVEndpointBuilder-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|"
    "AVEndpointBuilder-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any outbound traffic from AudioEndpointBuilder|"
    "Audiosrv-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=Audiosrv|Name=Block any inbound traffic to Audiosrv|"
    "Audiosrv-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=Audiosrv|Name=Block any outbound traffic from Audiosrv|"
    "LMHosts-1"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
    "LMHosts-2"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
    "LMHosts-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
    "LMHosts-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\\system32\\lmhsvc.dll,-103|"
    "MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=Mpssvc|[email protected],-23306|"
    "MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=Mpssvc|[email protected],-23307|"
    "WerSvc-1"="V2.0|Action=Block|Dir=In|app=%windir%\\System32\\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|"
    "WerSvc-2"="V2.0|Action=Block|Dir=Out|app=%windir%\\System32\\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|"
    "WudfSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
    "WudfSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
    "SNMPTRAP-1"="V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-5|"
    "SNMPTRAP-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-6|"
    "SNMPTRAP-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\\system32\\snmptrap.exe,-6|"
    "UI0Detect-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\System32\\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
    "UI0Detect-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\System32\\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
    "uxsms-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\System32\\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|"
    "uxsms-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\System32\\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|"
    "dot3svc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\System32\\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
    "dot3svc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\System32\\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
    "IPBusEnum-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|"
    "IPBusEnum-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|"
    "PNRP Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
    "PnrpAuto Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
    "Sysmain-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|"
    "PnrpAuto Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
    "PcaSvc-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\\system32\\svchost.exe|Svc=PcaSvc|[email protected],-3|[email protected],-5|"
    "HomeGroup Allow Out (PRNP)"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|RPort=3540|Protocol=17|Name=Allow PNRP to send from port 3540|"
    "PcaSvc-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PcaSvc|[email protected],-4|[email protected],-6|"
    "HomeGroup Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup incoming|"
    "SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
    "Wlansvc-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
    "P2P Grouping Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
    "Sysmain-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|"
    "HomeGroup Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
    "WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
    "SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"
    "Wlansvc-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\\System32\\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
    "P2P Grouping Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
    "SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
    "HomeGroup Allow In (PRNP)"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|LPort=3540|Protocol=17|Name=Allow PNRP to receive from port 3540|"
    "SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
    "PNRP Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
    "WindowsDefender-Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\\\system32\\\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|"
    "P2P Ident Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
    "P2P Grouping Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
    "HomeGroup Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup outgoing|"
    "P2P Ident Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\\system32\\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
    "WcsPlugInService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WcsPlugInService|[email protected],-160|"
    "TabletInputService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|"
    "PNRP Block Out"="v2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
    "WwanSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WwanSvc|Name=Block any network traffic to WwanSvc|"
    "TabletInputService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|"
    "HomeGroup Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupProvider|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
    "HomeGroup Listener Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|"
    "HomeGroup Listener Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|"
    "PNRP Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
    "WcsPlugInService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WcsPlugInService|[email protected],-161|"
    "WindowsDefender-In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\\\system32\\\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|"
    "WwanSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WwanSvc|Name=Block any network traffic from WwanSvc|"
    "WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
    "WPDBUSENUM-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
    "P2P Grouping Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
    "WPDBUSENUM-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
    "UmRdpService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=UmRdpService|Name=Block any traffic to UmRdpService|"
    "UmRdpService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=UmRdpService|Name=Block any traffic from UmRdpService|"
    "PeerDist Allow WSD In"="V2.0|Action=Allow|Dir=In|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|"
    "PeerDist Allow WSD In 2"="V2.0|Action=Allow|Dir=In|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming WSD to PeerDistSvc|"
    "PeerDist Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|"
    "CscService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|"
    "PeerDist Allow TCP Out"="V2.0|Action=Allow|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing TCP from PeerDistSvc|"
    "PeerDist Allow WSD Out 2"="V2.0|Action=Allow|Dir=Out|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|"
    "CscService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=CscService|Name=Block any other traffic to and from CSCService|"
    "PeerDist Allow TCP In"="V2.0|Action=Allow|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow incoming TCP to PeerDistSvc|"
    "PeerDist Allow WSD Out"="V2.0|Action=Allow|Dir=Out|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Allow outgoing WSD from PeerDistSvc|"
    "PeerDist Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=PeerDistSvc|Name=Block PeerDistSvc From All other ports|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"="%systemroot%\\system32\\LogFiles\\Firewall\\pfirewall.log"
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc]
    "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
    00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
    72,00,69,00,63,00,74,00,65,00,64,00,00,00
    "Start"=dword:00000002
    "Type"=dword:00000020
    "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
    "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
    6d,00,67,00,6d,00,74,00,00,00,00,00
    "ObjectName"="NT AUTHORITY\\LocalService"
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
    00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
    67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
    00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
    00,00,00,00
    "DelayedAutoStart"=dword:00000001
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
    00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Enum]
    "0"="Root\\LEGACY_WSCSVC\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Parameters]
    "ServiceDllUnloadOnStop"=dword:00000001
    "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
    00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
    [HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\wscsvc\Security]
    "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
    00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
    00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
    00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
    7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
    00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
    "PreshutdownTimeout"=dword:036ee800
    "DisplayName"="Windows Update"
    "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "Description"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
    "ObjectName"="LocalSystem"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "DelayedAutoStart"=dword:00000001
    "Type"=dword:00000020
    "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\
      65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\
      00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
      61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\
      62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
      00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\
      79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
      00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\
      6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
      00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\
      75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
      00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]
    "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
    "ServiceMain"="WUServiceMain"
    "ServiceDllUnloadOnStop"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security]
    "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
      00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
      00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\
      05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
      20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
      01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
    Endregedit:
    Reboot:

*****************

Restore point was successfully created.

====> Registry

The system needed a reboot.

==== End of Fixlog 22:00:02 ====

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 16-01-2019 at 22:03:54
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Edited by Jackpine, 16 January 2019 - 09:14 PM.

#9
JSntgRvr

Posted 16 January 2019 - 10:48 PM

Global Moderator

Global Moderator
11,579 posts

Lets see if we can recover Windows Defender:

Highlight the entire content of the quote box below.

Start::
CreateRestorePoint:
Startregedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:0

Endregedit:
Reboot:
End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Upon restart, check your Control Panel. Are entries still missing? Please run Farbar Service Scanner once again and post its report.

#10
Jackpine

Posted 17 January 2019 - 06:57 AM

Member

Topic Starter
Member
490 posts

Icons for Action Center, Windows Update and Windows Defender are still not showing in Control Panel.

Here are the logs.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 07:49:22) Run:4
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Startregedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\TriggerInfo]
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:0
Endregedit:
Reboot:

*****************

Restore point was successfully created.

====> Registry

The system needed a reboot.

==== End of Fixlog 07:49:53 ====

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 17-01-2019 at 07:54:13
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#11
JSntgRvr

Posted 17 January 2019 - 11:35 AM

Global Moderator

Global Moderator
11,579 posts

Lets see if the default entries are in Place.

Highlight the entire content of the quote box below.

Start::
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s
End::

Right click on the highlighted text and select Copy.
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

#12
Jackpine

Posted 17 January 2019 - 05:15 PM

Member

Topic Starter
Member
490 posts

Action Centre, Windows Update and Windows Defender icons are still not showing in Control Panel. Here are the logs.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 18:13:25) Run:6
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s

*****************

========= Reg query HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s =========

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}
    (Default)    REG_SZ    Action Center CPL
    System.Software.TasksFileUrl    REG_SZ    Internal
    InfoTip    REG_EXPAND_SZ    @%SystemRoot%\System32\ActionCenterCPL.dll,-2
    LocalizedString    REG_EXPAND_SZ    @%SystemRoot%\System32\ActionCenterCPL.dll,-1
    System.ControlPanel.EnableInSafeMode    REG_DWORD    0x3
    System.ApplicationName    REG_SZ    Microsoft.ActionCenter
    System.ControlPanel.Category    REG_DWORD    0x5

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\ActionCenterCPL.dll,-1

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\shdocvw.dll
    ThreadingModel    REG_SZ    Apartment

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\Instance
    CLSID    REG_SZ    {328B0346-7EAF-4BBE-A479-7CB88A095F5B}

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\Instance\InitPropertyBag
    ResourceID    REG_DWORD    0x64
    ResourceDLL    REG_EXPAND_SZ    %SystemRoot%\System32\ActionCenterCPL.dll

HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\ShellFolder
    Attributes    REG_DWORD    0xa0000000
    WantsParseDisplayName    REG_SZ

========= End of Reg: =========

========= Reg query HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s =========

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}
    (Default)    REG_SZ    Windows Defender
    System.Software.TasksFileUrl    REG_SZ    Internal
    InfoTip    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
    LocalizedString    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\MsMpRes.dll,-104
    System.ApplicationName    REG_SZ    Microsoft.WindowsDefender
    System.ControlPanel.Category    REG_SZ    0

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MsMpRes.dll,-103

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell\Open

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell\Open\Command
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe

HKEY_CLASSES_ROOT\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\ShellFolder
    Attributes    REG_DWORD    0x0

========= End of Reg: =========

========= Reg query HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s =========

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
    (Default)    REG_SZ    Windows Update
    LocalizedString    REG_EXPAND_SZ    @%SystemRoot%\system32\wucltux.dll,-1
    InfoTip    REG_EXPAND_SZ    @%SystemRoot%\system32\wucltux.dll,-4
    System.ApplicationName    REG_SZ    Microsoft.WindowsUpdate
    System.ControlPanel.Category    REG_SZ    5,10
    System.Software.TasksFileUrl    REG_SZ    Internal

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\wucltux.dll,-1

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\shdocvw.dll
    ThreadingModel    REG_SZ    Apartment

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\Instance
    CLSID    REG_SZ    {328B0346-7EAF-4BBE-A479-7CB88A095F5B}

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\Instance\InitPropertyBag
    ResourceDLL    REG_EXPAND_SZ    %SystemRoot%\system32\wucltux.dll
    ResourceID    REG_DWORD    0x64

HKEY_CLASSES_ROOT\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\ShellFolder
    Attributes    REG_DWORD    0xa0000000
    WantsParseDisplayName    REG_SZ

========= End of Reg: =========

========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}
    (Default)    REG_SZ    Action Center CPL
    System.Software.TasksFileUrl    REG_SZ    Internal
    InfoTip    REG_EXPAND_SZ    @%SystemRoot%\System32\ActionCenterCPL.dll,-2
    LocalizedString    REG_EXPAND_SZ    @%SystemRoot%\System32\ActionCenterCPL.dll,-1
    System.ControlPanel.EnableInSafeMode    REG_DWORD    0x3
    System.ApplicationName    REG_SZ    Microsoft.ActionCenter
    System.ControlPanel.Category    REG_DWORD    0x5

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\ActionCenterCPL.dll,-1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\shdocvw.dll
    ThreadingModel    REG_SZ    Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\Instance
    CLSID    REG_SZ    {328B0346-7EAF-4BBE-A479-7CB88A095F5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\Instance\InitPropertyBag
    ResourceID    REG_DWORD    0x64
    ResourceDLL    REG_EXPAND_SZ    %SystemRoot%\System32\ActionCenterCPL.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}\ShellFolder
    Attributes    REG_DWORD    0xa0000000
    WantsParseDisplayName    REG_SZ

========= End of Reg: =========

========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}
    (Default)    REG_SZ    Windows Defender
    System.Software.TasksFileUrl    REG_SZ    Internal
    InfoTip    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
    LocalizedString    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\MsMpRes.dll,-104
    System.ApplicationName    REG_SZ    Microsoft.WindowsDefender
    System.ControlPanel.Category    REG_SZ    0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MsMpRes.dll,-103

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell\Open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\Shell\Open\Command
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}\ShellFolder
    Attributes    REG_DWORD    0x0

========= End of Reg: =========

========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
    (Default)    REG_SZ    Windows Update
    LocalizedString    REG_EXPAND_SZ    @%SystemRoot%\system32\wucltux.dll,-1
    InfoTip    REG_EXPAND_SZ    @%SystemRoot%\system32\wucltux.dll,-4
    System.ApplicationName    REG_SZ    Microsoft.WindowsUpdate
    System.ControlPanel.Category    REG_SZ    5,10
    System.Software.TasksFileUrl    REG_SZ    Internal

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\DefaultIcon
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\wucltux.dll,-1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\shdocvw.dll
    ThreadingModel    REG_SZ    Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\Instance
    CLSID    REG_SZ    {328B0346-7EAF-4BBE-A479-7CB88A095F5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\Instance\InitPropertyBag
    ResourceDLL    REG_EXPAND_SZ    %SystemRoot%\system32\wucltux.dll
    ResourceID    REG_DWORD    0x64

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}\ShellFolder
    Attributes    REG_DWORD    0xa0000000
    WantsParseDisplayName    REG_SZ

========= End of Reg: =========

==== End of Fixlog 18:13:27 ====

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 17-01-2019 at 18:16:50
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Edited by Jackpine, 17 January 2019 - 05:18 PM.

#13
JSntgRvr

Posted 17 January 2019 - 05:51 PM

Global Moderator

Global Moderator
11,579 posts

Those are OK, lets check this following the same process:

Start::
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s
End::

Post the Fixlog.txt.