Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.dnschanger


  • This topic is locked This topic is locked
13 replies to this topic

#1 morante

morante

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 21 September 2008 - 10:38 PM

I have followed all the instructions, but the registry items keep being reinfected when I reboot:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56b79420-89f8-4323-87a6-6e039aad74a4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{56b79420-89f8-4323-87a6-6e039aad74a4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56b79420-89f8-4323-87a6-6e039aad74a4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.140 192.168.0.1 -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:17 PM, on 21/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdeof.exe (file missing)

--
End of file - 8334 bytes

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 03 October 2008 - 10:35 AM

Hello morante

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 05 October 2008 - 12:35 AM

Thanks for you're help
Here are the logs. I have been doing some research. Is it possible that my wireless router has been infected?

Logfile of random's system information tool 1.04 (written by random/random)
Run by User at 2008-10-05 16:29:28
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 227 GB (74%) free of 305 GB
Total RAM: 2029 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:45 PM, on 5/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPENC446\RSIT[1].exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7300 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\User_Feed_Synchronization-{4BD48130-4392-4303-886F-D828916A7378}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2007-09-18 488712]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-08 1253040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-05 16:29:28 ----D---- C:\rsit
2008-10-03 17:22:21 ----D---- C:\Users\User\AppData\Roaming\Windows Live Writer
2008-09-28 01:39:41 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-28 01:38:24 ----D---- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2008-09-28 01:38:24 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-28 01:37:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 01:19:16 ----D---- C:\ProgramData\PrevxCSI
2008-09-26 15:18:56 ----A---- C:\Windows\ntbtlog.txt
2008-09-25 14:15:52 ----D---- C:\ProgramData\Lavasoft
2008-09-25 13:44:23 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-23 13:28:29 ----A---- C:\Windows\system32\GEARAspi.dll
2008-09-23 13:28:28 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-23 13:28:15 ----D---- C:\Program Files\iPod
2008-09-23 13:28:14 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-23 13:28:14 ----D---- C:\Program Files\iTunes
2008-09-23 13:27:05 ----D---- C:\Program Files\Bonjour
2008-09-21 15:59:30 ----D---- C:\Program Files\Lavasoft
2008-09-19 23:35:40 ----D---- C:\fixwareout
2008-09-19 21:40:13 ----HD---- C:\$AVG8.VAULT$
2008-09-19 20:49:19 ----D---- C:\Program Files\AVG
2008-09-19 19:15:21 ----D---- C:\Program Files\SpywareBlaster
2008-09-16 23:58:37 ----D---- C:\Users\User\AppData\Roaming\ITTNord
2008-09-15 21:37:10 ----D---- C:\Users\User\AppData\Roaming\PlayFirst_DressUpRush
2008-09-10 19:15:14 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 19:15:14 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 19:14:50 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 19:14:48 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 19:14:48 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 19:14:47 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 22:13:52 ----D---- C:\Program Files\Common Files\Canon
2008-09-08 15:21:36 ----D---- C:\Users\User\AppData\Roaming\LimeWire
2008-09-07 21:40:58 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2008-10-05 16:29:45 ----D---- C:\Program Files\Trend Micro
2008-10-05 16:29:40 ----D---- C:\Windows\Temp
2008-10-05 16:18:32 ----D---- C:\Windows\Prefetch
2008-10-05 15:55:29 ----SHD---- C:\System Volume Information
2008-10-05 15:15:28 ----D---- C:\Windows\System32
2008-10-05 15:04:30 ----D---- C:\Windows\inf
2008-10-05 15:04:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-30 19:51:54 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2008-09-30 18:38:14 ----RD---- C:\Program Files
2008-09-29 20:29:22 ----D---- C:\Windows\system32\catroot2
2008-09-28 01:41:27 ----D---- C:\Windows\system32\drivers
2008-09-28 01:39:41 ----HD---- C:\ProgramData
2008-09-28 01:38:31 ----SHD---- C:\Windows\Installer
2008-09-28 01:37:51 ----D---- C:\Program Files\Common Files
2008-09-26 18:41:53 ----D---- C:\Windows\system32\LogFiles
2008-09-26 15:18:56 ----D---- C:\Windows
2008-09-25 19:13:29 ----D---- C:\Windows\system32\Msdtc
2008-09-25 19:13:27 ----D---- C:\Windows\system32\wbem
2008-09-25 16:13:17 ----D---- C:\Windows\system32\config
2008-09-25 16:12:03 ----D---- C:\Windows\Tasks
2008-09-25 16:12:03 ----D---- C:\Windows\system32\Tasks
2008-09-25 16:12:03 ----D---- C:\Windows\system32\spool
2008-09-25 16:12:03 ----D---- C:\Windows\system32\CodeIntegrity
2008-09-25 16:12:02 ----D---- C:\Windows\registration
2008-09-25 14:19:38 ----SD---- C:\Windows\Downloaded Program Files
2008-09-23 13:28:33 ----D---- C:\Windows\system32\catroot
2008-09-23 13:26:50 ----D---- C:\Program Files\QuickTime
2008-09-23 13:26:19 ----D---- C:\Program Files\Common Files\Apple
2008-09-22 18:09:05 ----D---- C:\My Games
2008-09-22 17:52:10 ----D---- C:\Program Files\Common Files\LightScribe
2008-09-22 17:48:52 ----D---- C:\Windows\Minidump
2008-09-22 17:48:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 17:48:45 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2008-09-22 17:48:32 ----D---- C:\Windows\winsxs
2008-09-22 17:48:32 ----D---- C:\Program Files\Common Files\Java
2008-09-22 17:48:31 ----D---- C:\Program Files\Windows Live
2008-09-22 17:48:31 ----D---- C:\Program Files\RealArcade
2008-09-22 17:48:31 ----D---- C:\Program Files\MSECache
2008-09-22 17:48:31 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-22 17:48:29 ----D---- C:\Windows\Boot
2008-09-22 17:48:29 ----D---- C:\Users\User\AppData\Roaming\Talkback
2008-09-22 17:48:28 ----D---- C:\Windows\system32\Macromed
2008-09-22 17:48:28 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2008-09-22 17:48:28 ----D---- C:\Program Files\Picasa2
2008-09-22 17:48:27 ----D---- C:\Users\User\AppData\Roaming\Amaranth Games
2008-09-22 17:48:26 ----D---- C:\Windows\system32\Adobe
2008-09-22 17:48:25 ----SHD---- C:\$Recycle.Bin
2008-09-22 17:48:25 ----D---- C:\etax2008
2008-09-22 17:48:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-22 17:48:24 ----D---- C:\Users\User\AppData\Roaming\My Games
2008-09-22 17:48:24 ----D---- C:\Drivers
2008-09-22 17:48:23 ----D---- C:\Windows\servicing
2008-09-22 17:48:23 ----D---- C:\Windows\rescache
2008-09-22 17:48:23 ----D---- C:\Windows\Microsoft.NET
2008-09-22 17:48:23 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2008-09-22 17:48:23 ----D---- C:\Program Files\Sony
2008-09-22 17:48:23 ----D---- C:\Program Files\Optic Limited
2008-09-22 17:48:23 ----D---- C:\Program Files\Java Web Start
2008-09-22 17:48:20 ----D---- C:\Program Files\Microsoft Office
2008-09-22 17:48:20 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-22 17:48:19 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2008-09-22 17:48:19 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-22 17:48:18 ----D---- C:\Windows\Downloaded Installations
2008-09-22 17:48:17 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-22 17:48:16 ----D---- C:\Users\User\AppData\Roaming\funkitron
2008-09-22 17:48:16 ----D---- C:\Program Files\Windows Live Toolbar
2008-09-22 17:48:16 ----D---- C:\Program Files\Java
2008-09-22 17:48:16 ----D---- C:\Program Files\Google
2008-09-22 17:48:15 ----D---- C:\Program Files\Common Files\Adobe
2008-09-22 17:48:15 ----D---- C:\Program Files\Adobe
2008-09-22 17:48:14 ----D---- C:\Users\User\AppData\Roaming\Adobe
2008-09-22 17:48:13 ----D---- C:\Program Files\Internet Explorer
2008-09-22 17:48:12 ----D---- C:\Program Files\Common Files\Ahead
2008-09-22 17:48:11 ----D---- C:\ProgramData\Nero
2008-09-22 17:48:11 ----D---- C:\Program Files\Realtek
2008-09-22 17:48:11 ----D---- C:\Program Files\Intel
2008-09-22 17:48:10 ----SD---- C:\ProgramData\Microsoft
2008-09-22 17:48:10 ----RSD---- C:\Windows\assembly
2008-09-22 17:48:10 ----D---- C:\Program Files\Microsoft.NET
2008-09-22 17:48:10 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-22 17:48:10 ----D---- C:\Program Files\Common Files\System
2008-09-22 17:48:09 ----D---- C:\ProgramData\Apple
2008-09-22 17:48:09 ----D---- C:\Program Files\Intel Desktop Board
2008-09-22 17:48:08 ----D---- C:\Windows\system32\directx
2008-09-22 17:47:55 ----D---- C:\Windows\WindowsMobile
2008-09-22 17:47:55 ----D---- C:\Windows\Web
2008-09-22 17:47:55 ----D---- C:\Windows\system32\XPSViewer
2008-09-22 17:47:55 ----D---- C:\Windows\system32\winrm
2008-09-22 17:47:55 ----D---- C:\Windows\system32\WCN
2008-09-22 17:47:54 ----D---- C:\Windows\system32\sysprep
2008-09-22 17:47:54 ----D---- C:\Windows\system32\Speech
2008-09-22 17:47:54 ----D---- C:\Windows\system32\SMI
2008-09-22 17:47:54 ----D---- C:\Windows\system32\slmgr
2008-09-22 17:47:54 ----D---- C:\Windows\system32\RemInst
2008-09-22 17:47:54 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2008-09-22 17:47:54 ----D---- C:\Windows\system32\oobe
2008-09-22 17:47:54 ----D---- C:\Windows\system32\networklist
2008-09-22 17:47:54 ----D---- C:\Windows\system32\MUI
2008-09-22 17:47:54 ----D---- C:\Windows\system32\migwiz
2008-09-22 17:47:54 ----D---- C:\Windows\system32\migration
2008-09-22 17:47:54 ----D---- C:\Windows\system32\licensing
2008-09-22 17:47:54 ----D---- C:\Windows\system32\IME
2008-09-22 17:47:54 ----D---- C:\Windows\system32\en-US
2008-09-22 17:47:53 ----D---- C:\Windows\system32\DriverStore
2008-09-22 17:47:51 ----D---- C:\Windows\system32\com
2008-09-22 17:47:51 ----D---- C:\Windows\system32\Boot
2008-09-22 17:47:51 ----D---- C:\Windows\Speech
2008-09-22 17:47:51 ----D---- C:\Windows\Setup
2008-09-22 17:47:51 ----D---- C:\Windows\ServiceProfiles
2008-09-22 17:47:51 ----D---- C:\Windows\security
2008-09-22 17:47:51 ----D---- C:\Windows\schemas
2008-09-22 17:47:51 ----D---- C:\Windows\Resources
2008-09-22 17:47:51 ----D---- C:\Windows\Provisioning
2008-09-22 17:47:51 ----D---- C:\Windows\PolicyDefinitions
2008-09-22 17:47:51 ----D---- C:\Windows\PLA
2008-09-22 17:47:51 ----D---- C:\Windows\Performance
2008-09-22 17:47:51 ----D---- C:\Windows\MSAgent
2008-09-22 17:47:50 ----D---- C:\Windows\IME
2008-09-22 17:47:50 ----D---- C:\Windows\Help
2008-09-22 17:47:50 ----D---- C:\Windows\ehome
2008-09-22 17:47:49 ----D---- C:\Windows\DigitalLocker
2008-09-22 17:47:49 ----D---- C:\Windows\Branding
2008-09-22 17:47:44 ----D---- C:\Windows\AppPatch
2008-09-22 17:47:43 ----RD---- C:\Users
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Sidebar
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Photo Gallery
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows NT
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Media Player
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Mail
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Journal
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Defender
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Collaboration
2008-09-22 17:47:42 ----D---- C:\Program Files\Windows Calendar
2008-09-22 17:47:42 ----D---- C:\Program Files\Reference Assemblies
2008-09-22 17:47:42 ----D---- C:\Program Files\MSBuild
2008-09-22 17:47:42 ----D---- C:\Program Files\Movie Maker
2008-09-22 17:47:41 ----D---- C:\Program Files\Microsoft Games
2008-09-22 17:47:41 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-09-22 17:01:42 ----RHD---- C:\MSOCache
2008-09-21 15:40:20 ----AD---- C:\ProgramData\TEMP
2008-09-18 23:36:56 ----D---- C:\Users\User\AppData\Roaming\PlayFirst
2008-09-11 11:43:03 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2008-02-15 141840]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2007-12-24 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2007-12-24 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2007-12-24 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2008-02-15 234512]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-09-17 228224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HECI;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2007-03-13 44672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-17 1769952]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-03 684032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-05 16:29:49

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bet Angel - Basic-->MsiExec.exe /I{083DAB21-D6BA-4A3C-9D39-2DE46F53D9CC}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
e-tax 2008-->C:\etax2008\e-tax 2008_uninstall.exe
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel® Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Essentials-->MsiExec.exe /X{3BDEE284-1516-40E8-B784-00FEBE1B1033}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}

======Security center information======

AV: Trend Micro Internet Security
AS: Trend Micro Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.1\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 05 October 2008 - 11:24 AM

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 08 October 2008 - 08:00 PM

Sorry. file is much too large to send as either copy or attachment. I am trying to split it and will send asap. Thanks again for your help.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 08 October 2008 - 10:46 PM

Ok
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 11 October 2008 - 08:04 PM

Part1 is attached

#8 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 11 October 2008 - 08:09 PM

Part2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\Collab-P2PHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-P2P-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-P2P-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|Name=@FirewallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|Name=@FirewallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30789|Desc=@FirewallAPI.dll,-30792|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1713915-0B4C-47F7-8051-930CF42E8DA2}C:\program files\nero\nero 7\nero home\nerohome.exe -> v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\nero\nero 7\nero home\nerohome.exe|Name=Nero Home|Desc=Nero Home|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E171F845-CC39-4871-BCC6-7200F095CFDC}C:\program files\nero\nero 7\nero home\nerohome.exe -> v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\nero\nero 7\nero home\nerohome.exe|Name=Nero Home|Desc=Nero Home|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{65E59BB4-A68F-4912-B9A9-2CF43F0B31F8}C:\program files\windows live\messenger\msnmsgr.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\windows live\messenger\msnmsgr.exe|Name=Windows Live Messenger|Desc=Windows Live Messenger|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7B63583-5B73-4EE0-9AB2-73E35D4C3741}C:\program files\windows live\messenger\msnmsgr.exe -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\windows live\messenger\msnmsgr.exe|Name=Windows Live Messenger|Desc=Windows Live Messenger|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8824A9D-2440-4649-B2C4-04166DC055B9} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93C0EB1D-ABF2-463A-B497-63030F8F5DFC} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D50EE689-53F6-425B-9D11-B62278043EEB} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2621DC6-1532-4DC2-8A8B-47DF53F30B91} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E9F88B2-9026-493F-87AA-BFC2D7FEAE56} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21042A06-D5D2-49AD-8EB0-76FF842585C4} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5D694D8-16CF-4A3F-B569-62F135DC682E} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65A8C170-093C-47D3-AB0F-AF88868552F2} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B2EA829-B3F9-4C65-9177-920DD0D426B0} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F81290FD-0FB5-483B-9643-371F3E2213B3} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A86DFD3-7BBE-4FBF-908A-C523F33F2693} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05A8632A-A158-4A8F-90CC-CE119E57EA83} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D2316F6-E932-4890-9050-905234FC4683} -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D460C2DD-9B4E-49BD-9B75-EA5BEE1AC8F5} -> v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{72F726A3-2BF0-47BF-B049-2FD41B5F6B20}C:\program files\anonymizer\fpa\fpa.exe -> v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\anonymizer\fpa\fpa.exe|Name=fpa|Desc=fpa|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2B22652A-8702-4F6F-A9D7-33FA831D493F}C:\program files\anonymizer\fpa\fpa.exe -> v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\anonymizer\fpa\fpa.exe|Name=fpa|Desc=fpa|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-1 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Eventlog-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DPS-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WdiSystemHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1 -> V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-1-1 -> V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-2 -> V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-3 -> V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\DHCP-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|Name=@%SystemRoot%\system32\dhcpcsvc.dll,-102| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\dot3svc-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Netman-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\HidServ-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|Name=@mscms.dll,-160| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WcsPlugInService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|Name=@mscms.dll,-161| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\BFE-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-1 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|Name=@FirewallAPI.dll,-23300|Desc=@FirewallAPI.dll,-23301| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-2 -> V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|Name=@FirewallAPI.dll,-23302|Desc=@FirewallAPI.dll,-23303| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-3 -> V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|Name=@FirewallAPI.dll,-5010|Desc=@FirewallAPI.dll,-5011| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|Name=@FirewallAPI.dll,-23304| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PolicyAgent-5 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|Name=@FirewallAPI.dll,-23305| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-1 -> V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Trkwks-2 -> V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\AVEndpointBuilder-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-1 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-2 -> V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\LMHosts-4 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|Name=@%SystemRoot%\system32\lmhsvc.dll,-103| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI.dll,-23306| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\MPSSVC-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|Name=@FirewallAPI,-23307| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-1 -> V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WerSvc-2 -> V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Sysmain-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-1 -> V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-5| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-2 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SNMPTRAP-3 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|Name=@%SystemRoot%\system32\snmptrap.exe,-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-2 -> V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\clr_optimization_v2.0.50727_32-1 -> V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\UI0Detect-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\uxsms-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\IPBusEnum-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-2 -> V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-Out -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block Out -> v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\TabletInputService-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|Name=@pcasvc.dll,-3|Desc=@pcasvc.dll,-5| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PcaSvc-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|Name=@pcasvc.dll,-4|Desc=@pcasvc.dll,-6| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\Wlansvc-1 -> V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any outbound traffic from ehstart| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\PNRP Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EMDMgmt-2 -> V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\WindowsDefender-In -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow Out -> v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Ident Block In -> v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Block Out -> v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\EHSTART-1 -> V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=ehstart|Name=Block any inbound traffic to ehstart| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\P2P Grouping Allow In -> v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\PreshutdownTimeout -> 57600000 ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName ->
@%systemroot%\system32\wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> Microsoft Corporation [Ver = 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904) | Size = 1811656 bytes | Modified Date = 19/07/2008 4:09:40 PM | Attr = ]
-105 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\System32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 6:33:32 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> @%systemroot%\system32\wuaueng.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DelayedAutoStart -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DependOnService ->
rpcss -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 547328 bytes | Modified Date = 19/01/2008 6:36:17 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\RequiredPrivileges ->
SeAuditPrivilege -> -> File not found
SeCreateGlobalPrivilege -> -> File not found
SeCreatePageFilePrivilege -> -> File not found
SeTcbPrivilege -> -> File not found
SeAssignPrimaryTokenPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
SeIncreaseQuotaPrivilege -> -> File not found
SeShutdownPrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\FailureActions -> 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\System32\wuaueng.dll [%systemroot%\system32\wuaueng.dll] -> Microsoft Corporation [Ver = 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904) | Size = 1811656 bytes | Modified Date = 19/07/2008 4:09:40 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceMain -> WUServiceMain ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName ->
@regsvc.dll -> %SystemRoot%\System32\regsvc.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 106496 bytes | Modified Date = 19/01/2008 6:36:16 PM | Attr = ]
-1 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\system32\svchost.exe -k regsvc] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 6:33:32 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> @regsvc.dll,-2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\System32\rpcss.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 547328 bytes | Modified Date = 19/01/2008 6:36:17 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ServiceSidType -> 1 ->
*RequiredPrivileges* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\RequiredPrivileges ->
SeCreateGlobalPrivilege -> -> File not found
SeImpersonatePrivilege -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDllUnloadOnStop -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\System32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 106496 bytes | Modified Date = 19/01/2008 6:36:16 PM | Attr = ]
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 19/09/2008 9:40:13 PM | Attr = H ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/10/2008 1:28:42 PM | Attr = HS]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 19/09/2008 11:35:40 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2128216064 bytes | Created Date = 26/09/2008 6:41:32 PM | Attr = HS]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 5/10/2008 4:29:28 PM | Attr = ]
Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 7/09/2008 9:38:15 PM | Attr = H ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 23/09/2008 1:28:28 PM | Attr = ]
1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4240384 bytes | Created Date = 10/09/2008 7:15:14 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
LightScribe -> %AllUsersProfile%\LightScribe -> [Folder | Created Date = 5/10/2008 4:44:55 PM | Attr = ]
PrevxCSI -> %AllUsersProfile%\PrevxCSI -> [Folder | Created Date = 28/09/2008 1:19:16 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [Folder | Created Date = 25/09/2008 1:44:23 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 28/09/2008 1:39:41 AM | Attr = ]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [Folder | Created Date = 23/09/2008 1:28:14 PM | Attr = ]
ITTNord -> %AppData%\ITTNord -> [Folder | Created Date = 16/09/2008 11:58:37 PM | Attr = ]
LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 8/09/2008 3:21:36 PM | Attr = ]
PlayFirst_DressUpRush -> %AppData%\PlayFirst_DressUpRush -> [Folder | Created Date = 15/09/2008 9:37:10 PM | Attr = ]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 28/09/2008 1:38:24 AM | Attr = ]
Windows Live Writer -> %AppData%\Windows Live Writer -> [Folder | Created Date = 3/10/2008 5:22:21 PM | Attr = ]
Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Created Date = 30/09/2008 1:48:18 PM | Attr = ]
Ahead -> %UserProfile%\AppData\Local\Ahead -> [Folder | Created Date = 30/09/2008 6:36:47 PM | Attr = ]
Apple Computer -> %UserProfile%\AppData\Local\Apple Computer -> [Folder | Created Date = 2/10/2008 1:47:39 PM | Attr = ]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 3460302 bytes | Created Date = 26/09/2008 11:19:13 PM | Attr = H ]
Windows Live Writer -> %UserProfile%\AppData\Local\Windows Live Writer -> [Folder | Created Date = 3/10/2008 5:22:21 PM | Attr = ]
Autoruns[1] -> %UserProfile%\Documents\Autoruns[1] -> [Folder | Created Date = 22/09/2008 2:17:25 PM | Attr = ]
LimeWire -> %UserProfile%\Documents\LimeWire -> [Folder | Created Date = 8/09/2008 3:21:59 PM | Attr = ]
iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 2231 bytes | Created Date = 23/09/2008 1:28:37 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 902 bytes | Created Date = 28/09/2008 1:38:28 AM | Attr = ]
Andrea & Al's Wedding Welcome Herrman_Wedding.url -> %UserProfile%\Desktop\Andrea & Al's Wedding Welcome Herrman_Wedding.url -> [Ver = | Size = 208 bytes | Created Date = 29/09/2008 6:54:13 PM | Attr = ]
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\Andrea & Al's Wedding Welcome Herrman_Wedding.url:favicon
First_Odds_09[1].docx -> %UserProfile%\Desktop\First_Odds_09[1].docx -> [Ver = | Size = 17114 bytes | Created Date = 30/09/2008 1:22:11 PM | Attr = ]
FS820_920.pdf -> %UserProfile%\Desktop\FS820_920.pdf -> [Ver = | Size = 3670621 bytes | Created Date = 14/09/2008 3:20:37 PM | Attr = ]
inglis.xls -> %UserProfile%\Desktop\inglis.xls -> [Ver = | Size = 51200 bytes | Created Date = 23/09/2008 1:23:30 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/10/2008 4:01:38 PM | Attr = ]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Created Date = 5/10/2008 4:42:38 PM | Attr = ]
sharessept.csv -> %UserProfile%\Desktop\sharessept.csv -> [Ver = | Size = 1071 bytes | Created Date = 26/09/2008 12:44:33 PM | Attr = ]
desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Created Date = 23/09/2008 1:14:49 PM | Attr = HS]
Canon -> %CommonProgramFiles%\Canon -> [Folder | Created Date = 9/09/2008 10:13:52 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 28/09/2008 1:37:51 AM | Attr = ]
Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 7/09/2008 9:40:58 PM | Attr = ]
AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 19/09/2008 8:49:19 PM | Attr = ]
Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 23/09/2008 1:27:05 PM | Attr = ]
iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 23/09/2008 1:28:15 PM | Attr = ]
iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 23/09/2008 1:28:14 PM | Attr = ]
SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 19/09/2008 7:15:21 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 28/09/2008 1:38:24 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2128216064 bytes | Modified Date = 6/10/2008 12:12:22 PM | Attr = HS]
Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 7/09/2008 9:38:15 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4176 bytes | Modified Date = 6/10/2008 2:12:28 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4176 bytes | Modified Date = 6/10/2008 2:12:28 PM | Attr = H ]
1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 109982 bytes | Modified Date = 6/10/2008 12:16:56 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 611174 bytes | Modified Date = 6/10/2008 12:16:56 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 707452 bytes | Modified Date = 6/10/2008 12:16:56 PM | Attr = ]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 6/10/2008 12:12:25 PM | Attr = S]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/10/2008 12:12:30 PM | Attr = H ]
User_Feed_Synchronization-{4BD48130-4392-4303-886F-D828916A7378}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{4BD48130-4392-4303-886F-D828916A7378}.job -> [Ver = | Size = 416 bytes | Modified Date = 6/10/2008 4:01:02 PM | Attr = H ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 3/11/2006 12:04:06 AM | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 3/10/2008 2:06:17 PM | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 3/10/2008 2:06:17 PM | Attr = ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 30/12/2007 2:42:12 PM | Attr = ]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 30/12/2007 2:42:12 PM | Attr = ]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 1/01/2008 10:29:17 AM | Attr = ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 71760 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 7008 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 12972 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 266676 bytes | Modified Date = 6/10/2008 12:00:27 AM | Attr = ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 22/09/2008 5:47:42 PM | Attr = ]
Guest.dat -> C:\ProgramData\Microsoft\User Account Pictures\Guest.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/01/2008 12:25:46 PM | Attr = ]
Jonathan.dat -> C:\ProgramData\Microsoft\User Account Pictures\Jonathan.dat -> [Ver = | Size = 0 bytes | Modified Date = 15/01/2008 9:32:42 PM | Attr = ]
Margot.dat -> C:\ProgramData\Microsoft\User Account Pictures\Margot.dat -> [Ver = | Size = 0 bytes | Modified Date = 9/01/2008 12:47:38 PM | Attr = ]
Tegan.dat -> C:\ProgramData\Microsoft\User Account Pictures\Tegan.dat -> [Ver = | Size = 0 bytes | Modified Date = 9/01/2008 1:08:24 PM | Attr = ]
User.dat -> C:\ProgramData\Microsoft\User Account Pictures\User.dat -> [Ver = | Size = 0 bytes | Modified Date = 19/12/2007 1:30:52 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 11776 bytes | Modified Date = 2/10/2008 1:38:19 PM | Attr = ]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 3460302 bytes | Modified Date = 5/10/2008 8:10:09 PM | Attr = H ]
My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 521 bytes | Modified Date = 6/10/2008 2:06:55 PM | Attr = ]
iTunes.lnk -> %SystemDrive%\Users\Public\Desktop\iTunes.lnk -> [Ver = | Size = 2231 bytes | Modified Date = 26/09/2008 5:53:36 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 902 bytes | Modified Date = 28/09/2008 1:38:28 AM | Attr = ]
Andrea & Al's Wedding Welcome Herrman_Wedding.url -> %UserProfile%\Desktop\Andrea & Al's Wedding Welcome Herrman_Wedding.url -> [Ver = | Size = 208 bytes | Modified Date = 29/09/2008 6:54:13 PM | Attr = ]
@Alternate Data Stream - 3638 bytes -> %UserProfile%\Desktop\Andrea & Al's Wedding Welcome Herrman_Wedding.url:favicon
Bet Angel - Basic.lnk -> %UserProfile%\Desktop\Bet Angel - Basic.lnk -> [Ver = | Size = 2613 bytes | Modified Date = 13/09/2008 1:28:48 PM | Attr = ]
BETFAIR.url -> %UserProfile%\Desktop\BETFAIR.url -> [Ver = | Size = 19399 bytes | Modified Date = 3/10/2008 3:04:21 PM | Attr = H ]
@Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\BETFAIR.url:favicon
First_Odds_09[1].docx -> %UserProfile%\Desktop\First_Odds_09[1].docx -> [Ver = | Size = 17114 bytes | Modified Date = 30/09/2008 1:22:21 PM | Attr = ]
FS820_920.pdf -> %UserProfile%\Desktop\FS820_920.pdf -> [Ver = | Size = 3670621 bytes | Modified Date = 14/09/2008 3:20:37 PM | Attr = ]
inglis.xls -> %UserProfile%\Desktop\inglis.xls -> [Ver = | Size = 51200 bytes | Modified Date = 23/09/2008 1:23:32 PM | Attr = ]
Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [Ver = | Size = 2627 bytes | Modified Date = 14/09/2008 3:08:15 PM | Attr = ]
Optus myZOO - Webmail.url -> %UserProfile%\Desktop\Optus myZOO - Webmail.url -> [Ver = | Size = 262 bytes | Modified Date = 3/10/2008 4:51:16 PM | Attr = H ]
@Alternate Data Stream - 1406 bytes -> %UserProfile%\Desktop\Optus myZOO - Webmail.url:favicon
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Modified Date = 5/10/2008 4:42:38 PM | Attr = ]
Shares.xls -> %UserProfile%\Desktop\Shares.xls -> [Ver = | Size = 27648 bytes | Modified Date = 12/09/2008 1:28:16 PM | Attr = ]
sharessept.csv -> %UserProfile%\Desktop\sharessept.csv -> [Ver = | Size = 1071 bytes | Modified Date = 26/09/2008 12:45:20 PM | Attr = ]
desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 23/09/2008 1:14:49 PM | Attr = HS]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
C:\Windows\Tasks\ -> C:\Windows\Tasks -> [Folder | Modified Date = 25/09/2008 4:12:03 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 252 bytes | Modified Date = 27/12/2007 11:10:07 PM | Attr = ]
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/10/2008 12:12:30 PM | Attr = H ]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [Ver = | Size = 32574 bytes | Modified Date = 6/10/2008 12:58:05 AM | Attr = ]
User_Feed_Synchronization-{4BD48130-4392-4303-886F-D828916A7378}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{4BD48130-4392-4303-886F-D828916A7378}.job -> [Ver = | Size = 416 bytes | Modified Date = 6/10/2008 4:01:02 PM | Attr = H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9b,13,ad,f5,e7,6d,80,ed,79,d6,9b,7f,f6,b8,50,d3,60,76,30,de,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:75,04,fd,be,7e,96,3f,d3,62,7a,4f,20,1b,21,48,69,79,56,50,1a,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,19,5a,4f,a2,e8,ea,83,ce,3f,bc,17,93,45,10,74,c6,ed,81,c2,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9b,13,ad,f5,e7,6d,80,ed,79,d6,9b,7f,f6,b8,50,d3,60,76,30,de,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:75,04,fd,be,7e,96,3f,d3,62,7a,4f,20,1b,21,48,69,79,56,50,1a,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,19,5a,4f,a2,e8,ea,83,ce,3f,bc,17,93,45,10,74,c6,ed,81,c2,de,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9b,13,ad,f5,e7,6d,80,ed,79,d6,9b,7f,f6,b8,50,d3,60,76,30,de,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:75,04,fd,be,7e,96,3f,d3,62,7a,4f,20,1b,21,48,69,79,56,50,1a,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,19,5a,4f,a2,e8,ea,83,ce,3f,bc,17,93,45,10,74,c6,ed,81,c2,de,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh 5384 bytes
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\perflogs\System\Diagnostics\20080410-0001\AntiSpywareProduct.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\AntiSpywareProduct.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\AntiVirusProduct.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\AntiVirusProduct.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\BIOS.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\BIOS.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Controller Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Controller Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Cooling Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Cooling Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Desktop Rating.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Desktop Rating.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Disk Settings.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Disk Settings.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\FirewallProduct.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\FirewallProduct.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Input Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Input Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Interactive Session Processes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Interactive Session Processes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Interactive Sessions.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Interactive Sessions.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Logged On Users.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Logged On Users.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Logical Disk Dirty Test.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Logical Disk Dirty Test.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Memory Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Memory Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Motherboard Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Motherboard Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Network Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Network Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\NTFS Performance.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\NTFS Performance.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\NtKernel.etl:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\NtKernel.etl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Operating System.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Operating System.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Performance Counter.blg:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Performance Counter.blg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\PlugAndPlay Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\PlugAndPlay Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Port Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Port Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Power Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Power Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Printing Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Printing Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Processes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Processes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Processor.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Processor.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\report.xml:Qgrg2rf1Znaluncm1kfl1xla5h 136 bytes
C:\perflogs\System\Diagnostics\20080410-0001\report.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\SMART Disk Check.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\SMART Disk Check.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Startup Programs.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Startup Programs.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Startup Settings.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Startup Settings.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Storage Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Storage Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\System Services.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\System Services.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\UAC Settings.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\UAC Settings.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\User Accounts.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\User Accounts.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Video Classes.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Video Classes.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Windows Update Settings.xml:SummaryInformation 952 bytes
C:\perflogs\System\Diagnostics\20080410-0001\Windows Update Settings.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\ProgramData\TEMP:0104E054 106 bytes
C:\ProgramData\TEMP:077F4C77 106 bytes
C:\ProgramData\TEMP:27EEEB5C 109 bytes
C:\ProgramData\TEMP:29BCDA07 122 bytes
C:\ProgramData\TEMP:2E301D62 97 bytes
C:\ProgramData\TEMP:354E094D 102 bytes
C:\ProgramData\TEMP:38E2864F 122 bytes
C:\ProgramData\TEMP:3CD562B4 118 bytes
C:\ProgramData\TEMP:490BCC52 118 bytes
C:\ProgramData\TEMP:5C321E34 120 bytes
C:\ProgramData\TEMP:5C466FD6 99 bytes
C:\ProgramData\TEMP:68F81F4B 105 bytes
C:\ProgramData\TEMP:6F1F1DBC 127 bytes
C:\ProgramData\TEMP:6FA38600 115 bytes
C:\ProgramData\TEMP:77E2CEE9 124 bytes
C:\ProgramData\TEMP:85311D92 120 bytes
C:\ProgramData\TEMP:943D6A82 99 bytes
C:\ProgramData\TEMP:94A6C632 98 bytes
C:\ProgramData\TEMP:A6346EE9 123 bytes
C:\ProgramData\TEMP:AA3339BE 98 bytes
C:\ProgramData\TEMP:AB689DEA 107 bytes
C:\ProgramData\TEMP:B56AB4D2 116 bytes
C:\ProgramData\TEMP:BF3D0EA3 98 bytes
C:\ProgramData\TEMP:CA4F2C94 101 bytes
C:\ProgramData\TEMP:CEE4A457 112 bytes
C:\ProgramData\TEMP:D56F6BEE 98 bytes
C:\ProgramData\TEMP:D690C7F7 113 bytes
C:\ProgramData\TEMP:D8669B93 126 bytes
C:\ProgramData\TEMP:DAFD38AE 115 bytes
C:\ProgramData\TEMP:DEFF4EE6 126 bytes
C:\ProgramData\TEMP:DF2EA4BB 127 bytes
C:\ProgramData\TEMP:DFC5A2B2 104 bytes
C:\ProgramData\TEMP:E07230CC 111 bytes
C:\ProgramData\TEMP:EB170088 124 bytes
C:\ProgramData\TEMP:EC7C9796 123 bytes
C:\ProgramData\TEMP:F67AAFC5 109 bytes
C:\ProgramData\TEMP:FF23A360 110 bytes
C:\Users\Margot.User-PC\Favorites\EduMail (Outlook Web Access).url:favicon 318 bytes
C:\Users\Margot.User-PC\Favorites\edumail.vic.gov.au-exchweb-bin-auth-owalogon.aspurl=https--www.edumail.vic.gov.au-mail&reason=0.url:favicon 318 bytes
C:\Users\Margot.User-PC\Favorites\FOXTEL - Your Ongoing Package Options.url:favicon 1406 bytes
C:\Users\Margot.User-PC\Favorites\Movies\eFilmCritic! Movie Reviews - Australia's Essential Movie Review Source.url:favicon 318 bytes
C:\Users\Margot.User-PC\Favorites\Movies\imdb.com-.url:favicon 1718 bytes
C:\Users\Margot.User-PC\Favorites\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\Margot.User-PC\Favorites\The Internet Movie Database (IMDb).url:favicon 1718 bytes
C:\Users\Margot.User-PC\Favorites\The World Clock - Time Zones.url:favicon 7718 bytes
C:\Users\Margot.User-PC\Favorites\webmail.optuszoo.com.au-.url:favicon 1406 bytes
C:\Users\Margot.User-PC\Favorites\whitepages.com.au - Search for an Australian Business, Government or Person.url:favicon 1406 bytes
C:\Users\Margot.User-PC\Favorites\Wikipedia - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Users\Tegan.User-PC\Desktop\http--www.armoredpenguin.com-crossword-bin-crossword.cgi.url:favicon 318 bytes
C:\Users\Tegan.User-PC\Favorites\21st venues\21st venues.url:favicon 1406 bytes
C:\Users\Tegan.User-PC\Favorites\21st venues\Grosvenor Hotel ~~~ Melbourne Function Rooms and Venues to hire for your Birthday Party or 21st..url:favicon 1406 bytes
C:\Users\Tegan.User-PC\Favorites\21st venues\Im so Bored - Bored Site - PointlessSites.com.url:favicon 318 bytes
C:\Users\Tegan.User-PC\Favorites\Au Pair in America.url:favicon 15086 bytes
C:\Users\Tegan.User-PC\Favorites\Australian Job Search - Job Details.url:favicon 318 bytes
C:\Users\Tegan.User-PC\Favorites\Box Hill Institute - Courses - Certificate III in Children's Services.url:favicon 1078 bytes
C:\Users\Tegan.User-PC\Favorites\Download Ranch Rush at HarmonicFlow.com.url:favicon 4286 bytes
C:\Users\Tegan.User-PC\Favorites\Farm Games Play Farm Game at Fenomen Games.url:favicon 1150 bytes
C:\Users\Tegan.User-PC\Favorites\Jobs\Law firm admin job.url:favicon 1406 bytes
C:\Users\Tegan.User-PC\Favorites\Jobs\Make Me A Supermodel.url:favicon 6598 bytes
C:\Users\Tegan.User-PC\Favorites\Jobs\Partners Superannuation Services Pty Ltd .url:favicon 1406 bytes
C:\Users\Tegan.User-PC\Favorites\Jobs\Receptionist - Apex Electricity Richmond.url:favicon 1406 bytes
C:\Users\Tegan.User-PC\Favorites\Shopping!\My Catwalk.url:favicon 894 bytes
C:\Users\Tegan.User-PC\Favorites\Shopping!\TOPSHOP.url:favicon 894 bytes
C:\Users\Tegan.User-PC\Favorites\Tshirt Hell.url:favicon 1406 bytes
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml:OECustomProperty 143 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0120759A-0000001F.rss:OEStandardProperty 1322 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0124305E-0000000B.rss:OEStandardProperty 1454 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\074D4DC8-00000010.rss:OEStandardProperty 1376 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0BB32EA6-00000007.rss:OEStandardProperty 1202 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0E19257B-00000032.rss:OEStandardProperty 1294 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0E63441B-00000039.rss:OEStandardProperty 1240 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0F3E0099-0000000A.rss:OEStandardProperty 1256 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\107A0480-00000036.rss:OEStandardProperty 1318 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\12DB153C-00000008.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\2F905252-00000034.rss:OEStandardProperty 1306 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\301C0BDB-0000001D.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\366B66C4-0000002B.rss:OEStandardProperty 1282 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\39B32D12-0000000F.rss:OEStandardProperty 1322 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\3A9E797D-00000025.rss:OEStandardProperty 1316 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\3B251E1F-00000016.rss:OEStandardProperty 1358 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\3E121A49-00000023.rss:OEStandardProperty 1382 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\42307EB7-0000002C.rss:OEStandardProperty 1372 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\428B26A6-00000012.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\440D491C-0000000C.rss:OEStandardProperty 1274 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5E144DF2-00000028.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5F323BF6-00000024.rss:OEStandardProperty 1376 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5F490DDC-00000026.rss:OEStandardProperty 1286 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\60322C3B-0000002D.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\608A624E-00000030.rss:OEStandardProperty 1228 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\63CB6BFC-00000018.rss:OEStandardProperty 1376 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\644366BB-00000011.rss:OEStandardProperty 1232 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\657B6221-00000035.rss:OEStandardProperty 1288 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\68896B95-0000002F.rss:OEStandardProperty 1288 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\49442E40-00000029.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4AE13D6C-00000001.rss:OEStandardProperty 1310 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4B405878-00000021.rss:OEStandardProperty 1406 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4C73059F-00000033.rss:OEStandardProperty 1228 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4CAD314F-00000027.rss:OEStandardProperty 1328 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4D064DB7-0000000D.rss:OEStandardProperty 1394 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4E2D5B55-00000038.rss:OEStandardProperty 1348 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4E45323B-0000001A.rss:OEStandardProperty 1322 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\56AE0732-0000001E.rss:OEStandardProperty 1460 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5AF141BB-00000005.rss:OEStandardProperty 1322 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\2CD672AE-00000002.rss:OEStandardProperty 1370 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\45091238-00000015.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\69525F90-00000003.rss:OEStandardProperty 1436 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6A4C5CE2-00000031.rss:OEStandardProperty 1288 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6B365CFD-00000022.rss:OEStandardProperty 1322 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6B89030A-0000001C.rss:OEStandardProperty 1316 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6E5D1AD4-00000017.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\701F5D03-00000013.rss:OEStandardProperty 1388 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\7A5A767D-00000014.rss:OEStandardProperty 1226 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\7E87390C-00000009.rss:OEStandardProperty 1496 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\7F967FF5-00000019.rss:OEStandardProperty 1226 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\13661CD0-0000002A.rss:OEStandardProperty 1348 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\154754DE-0000000E.rss:OEStandardProperty 1310 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\162E6599-0000002E.rss:OEStandardProperty 1258 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\16496DF1-00000004.rss:OEStandardProperty 1280 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\2213260D-0000001B.rss:OEStandardProperty 1250 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\235022EE-00000020.rss:OEStandardProperty 1286 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\26E901EB-00000006.rss:OEStandardProperty 1382 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\276A0D27-00000037.rss:OEStandardProperty 1318 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\003507CF-0000002D.rss:OEStandardProperty 1252 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\03847F4F-00000020.rss:OEStandardProperty 1256 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\04CC55A1-0000003B.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0B092F66-00000039.rss:OEStandardProperty 1414 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0E125F1E-00000026.rss:OEStandardProperty 1598 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0FBF2F14-00000012.rss:OEStandardProperty 1184 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\11F45DD5-00000029.rss:OEStandardProperty 1328 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\121F73DA-00000005.rss:OEStandardProperty 1184 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\12E1798B-00000004.rss:OEStandardProperty 1178 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\139D7049-00000009.rss:OEStandardProperty 1262 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\13A42B42-00000036.rss:OEStandardProperty 1396 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\13E94080-0000000D.rss:OEStandardProperty 1280 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\15A15422-00000001.rss:OEStandardProperty 1346 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\401D71F0-0000001F.rss:OEStandardProperty 1370 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\41AF6BEE-00000033.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\422D54DC-00000014.rss:OEStandardProperty 1142 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\440218D7-00000022.rss:OEStandardProperty 1310 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\46572C49-00000017.rss:OEStandardProperty 1346 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\46CF01D3-00000030.rss:OEStandardProperty 1312 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\494A0677-00000021.rss:OEStandardProperty 1388 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\4CD45FA4-0000002B.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\67326D22-0000002E.rss:OEStandardProperty 1318 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\68993CD5-0000000C.rss:OEStandardProperty 1118 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\692C4A80-0000000A.rss:OEStandardProperty 1226 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6AD45A9F-0000002A.rss:OEStandardProperty 1298 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6AD6047E-00000013.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6B7232E6-0000001E.rss:OEStandardProperty 1232 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6BCB0FC9-00000025.rss:OEStandardProperty 1412 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6BE85039-00000023.rss:OEStandardProperty 1256 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\6C69288F-00000019.rss:OEStandardProperty 1478 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\78884747-00000037.rss:OEStandardProperty 1288 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\798375EF-00000016.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\7BB95772-00000008.rss:OEStandardProperty 1214 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\7C873C14-0000003C.rss:OEStandardProperty 1300 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\7DD1261E-0000001B.rss:OEStandardProperty 1286 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\19166172-0000001D.rss:OEStandardProperty 1448 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\1AF40ECC-0000002F.rss:OEStandardProperty 1270 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\1DBC4B21-00000034.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\1E8858B7-00000038.rss:OEStandardProperty 1318 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\2059127E-0000002C.rss:OEStandardProperty 1282 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\23C948CC-0000000F.rss:OEStandardProperty 1220 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\249E2B0C-00000028.rss:OEStandardProperty 1472 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\28337874-00000027.rss:OEStandardProperty 1376 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\368411FC-0000003A.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\368E0D66-00000015.rss:OEStandardProperty 1328 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\36990902-00000007.rss:OEStandardProperty 1274 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\3A6122CD-0000001A.rss:OEStandardProperty 1418 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\3C612FFF-00000018.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\3D31703A-00000035.rss:OEStandardProperty 1354 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\187E16C5-0000000B.rss:OEStandardProperty 1166 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\3EF60822-00000002.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\542C1953-00000024.rss:OEStandardProperty 1268 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\575360BF-00000010.rss:OEStandardProperty 1082 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\58B026CA-00000006.rss:OEStandardProperty 1370 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5991409D-00000003.rss:OEStandardProperty 1202 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5AFD4025-00000031.rss:OEStandardProperty 1264 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5C673CD6-00000011.rss:OEStandardProperty 1358 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5D760095-00000032.rss:OEStandardProperty 1420 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5DB233EA-0000000E.rss:OEStandardProperty 1238 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5E9D489C-0000001C.rss:OEStandardProperty 1328 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\005F49CC-0000011C.rss:OEStandardProperty 1240 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\014A33AE-0000011F.rss:OEStandardProperty 1232 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\015805D7-0000010E.rss:OEStandardProperty 1144 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\02154BD1-000000D3.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\03172062-0000017E.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\032F259C-00000103.rss:OEStandardProperty 1228 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\40B228F4-00000121.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\413E421D-0000015A.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\420C1B35-00000113.rss:OEStandardProperty 1154 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\421D17E1-00000188.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\42333F4F-00000110.rss:OEStandardProperty 1160 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\425C66A5-000000F0.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\427646C4-00000176.rss:OEStandardProperty 1144 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\51943C39-000000EC.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\52BB53A2-000000EB.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\52DD3654-000000E2.rss:OEStandardProperty 1220 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1F2614C3-00000161.rss:OEStandardProperty 1204 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1F5E13A0-000000C9.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\20110CB3-00000112.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2035246B-00000140.rss:OEStandardProperty 1160 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\212F399A-0000010F.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\21A022B0-0000017C.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\22027442-00000138.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\22121D2D-00000109.rss:OEStandardProperty 1252 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\221B3BCF-00000125.rss:OEStandardProperty 1270 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5F36107E-00000141.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\602A63EF-000000F8.rss:OEStandardProperty 1240 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\60B8073A-000000FA.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\61321FB2-000000D7.rss:OEStandardProperty 1186 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\623362D4-000000D2.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3C4D183C-000000EF.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\42AB2CA0-00000171.rss:OEStandardProperty 1258 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\10AA2F86-000000CA.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\10BD087D-00000158.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\11AA69CC-000000E7.rss:OEStandardProperty 1264 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\11D06C2C-00000182.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\12AB2DE9-00000105.rss:OEStandardProperty 1336 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6EC61FD2-00000132.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6F523C61-000000D6.rss:OEStandardProperty 1214 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6FDE6F89-00000142.rss:OEStandardProperty 1150 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\70D71EEE-00000143.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\71300115-000000CE.rss:OEStandardProperty 1166 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\34CE5C90-00000146.rss:OEStandardProperty 1204 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3502751A-00000178.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\35CD6EA5-00000151.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\36A80F40-0000016F.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\388E3127-00000117.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3A971DDC-00000177.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3B80453D-00000183.rss:OEStandardProperty 1282 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4C0F6738-00000180.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\16D422F5-00000128.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\17541D19-000000D4.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\18773426-00000165.rss:OEStandardProperty 1258 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0A3C0B2B-0000011A.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0A5E4838-00000127.rss:OEStandardProperty 1166 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0AC364BB-0000015C.rss:OEStandardProperty 1150 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0AE6533C-00000179.rss:OEStandardProperty 1252 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\589A5E7C-00000168.rss:OEStandardProperty 1282 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5B0C2538-00000157.rss:OEStandardProperty 1144 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5B1132DE-00000116.rss:OEStandardProperty 1130 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5B6812FA-000000FE.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5B8879D2-000000ED.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5BBA4837-00000122.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2BC23403-00000181.rss:OEStandardProperty 1190 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2BFA3FE6-0000015B.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2BFA44E0-0000011E.rss:OEStandardProperty 1228 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2C995D4E-0000014E.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2D9167BB-00000119.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2E5450DC-0000017D.rss:OEStandardProperty 1244 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\771D6ADC-0000014F.rss:OEStandardProperty 1240 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\793D759E-0000017A.rss:OEStandardProperty 1190 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\66B644CE-000000CB.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\67065B6E-0000010A.rss:OEStandardProperty 1238 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\672378B4-000000CF.rss:OEStandardProperty 1244 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\67296C4F-00000156.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\673E4DA9-000000F4.rss:OEStandardProperty 1238 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\67D81092-000000E4.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\683E3E5F-0000017F.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1C100853-00000108.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1C107686-000000E5.rss:OEStandardProperty 1220 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1C812540-000000EE.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1D826E12-000000F9.rss:OEStandardProperty 1208 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1DF57001-00000111.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1E060826-0000018C.rss:OEStandardProperty 1090 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1E7A3EA1-000000E9.rss:OEStandardProperty 1160 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\27F72CB9-0000012B.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\27FF37B8-0000018D.rss:OEStandardProperty 1082 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\284F0ECB-000000D1.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2924053B-00000102.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\299B66D1-00000187.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\45B50661-000000DF.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\473F05D7-0000015F.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\47581B07-0000013F.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\480D09F5-00000184.rss:OEStandardProperty 1220 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\496C2E0B-00000155.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\33012A38-0000017B.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3474240D-0000016B.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0529635E-00000166.rss:OEStandardProperty 1156 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\05425B98-00000148.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\068575D5-000000E6.rss:OEStandardProperty 1130 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\071C0138-000000F7.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\07904713-000000D9.rss:OEStandardProperty 1132 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0818032F-0000013C.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\52FB6250-00000139.rss:OEStandardProperty 1112 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\54B850D5-00000134.rss:OEStandardProperty 1178 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5608298E-000000FB.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\560923EA-000000FD.rss:OEStandardProperty 1190 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5670473F-00000107.rss:OEStandardProperty 1178 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4CC929BC-00000137.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4DD3458C-000000FF.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4E3159C1-0000012D.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4F215DAE-000000DD.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4F970464-0000016C.rss:OEStandardProperty 1190 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\4FAD3B7C-0000014B.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\68A602A8-00000135.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\69024C11-00000159.rss:OEStandardProperty 1172 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6926437D-0000013D.rss:OEStandardProperty 1186 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6B8E56D1-000000D5.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6CF73D4B-000000F5.rss:OEStandardProperty 1202 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6D8364AE-0000016E.rss:OEStandardProperty 1330 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6DFE2961-0000013A.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\6E6A76B7-000000CD.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\12F6291A-0000011D.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\143A7F56-0000010C.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\158A28AE-0000018B.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\624053F4-00000124.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\62922354-0000015E.rss:OEStandardProperty 1186 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\63B71F73-000000E8.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\63B76DE7-00000149.rss:OEStandardProperty 1202 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\63F1343C-0000012C.rss:OEStandardProperty 1156 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\64B1633C-00000164.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\650B08C0-0000010D.rss:OEStandardProperty 1240 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\66433D7A-000000DB.rss:OEStandardProperty 1204 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5BDA4FEA-0000014A.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5CB45DC1-00000167.rss:OEStandardProperty 1136 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5CF4497A-0000018E.rss:OEStandardProperty 1126 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5D0A070F-0000012F.rss:OEStandardProperty 1258 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5D8158B3-000000F3.rss:OEStandardProperty 1310 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\5E020DC5-00000123.rss:OEStandardProperty 1276 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3C7C32D9-000000F1.rss:OEStandardProperty 1186 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3CC53E82-000000DC.rss:OEStandardProperty 1198 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3D4E2958-00000150.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3D9F4679-00000145.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3E117586-0000010B.rss:OEStandardProperty 1184 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3E4E77CE-00000189.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3E722318-00000136.rss:OEStandardProperty 1156 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3EC46664-00000100.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\3EF86596-00000133.rss:OEStandardProperty 1148 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\22BD1E0C-00000106.rss:OEStandardProperty 1256 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\22C156A6-000000CC.rss:OEStandardProperty 1204 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\22EB5E7B-0000018F.rss:OEStandardProperty 1258 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\234912D2-00000114.rss:OEStandardProperty 1162 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\23854A16-00000153.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\24B506F9-00000147.rss:OEStandardProperty 1186 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\255230A6-00000190.rss:OEStandardProperty 1136 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\25673D84-00000129.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\25941F28-00000115.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\25D827FB-00000144.rss:OEStandardProperty 1124 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\25E32B16-00000185.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\25FA13AF-00000172.rss:OEStandardProperty 1160 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\56B90F89-00000186.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\57916C28-00000118.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\57FB2486-00000131.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\58443C95-00000169.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\585B1FE6-00000101.rss:OEStandardProperty 1166 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\586A22DF-00000126.rss:OEStandardProperty 1156 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\79A90766-00000152.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\79FB2F2C-0000014C.rss:OEStandardProperty 1108 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7AF07712-000000E1.rss:OEStandardProperty 1172 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7B137336-00000170.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7BDB0953-0000015D.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7C327D4E-000000DA.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7CBB0865-00000174.rss:OEStandardProperty 1210 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7CBE01D2-0000011B.rss:OEStandardProperty 1144 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7CF60B1C-0000012E.rss:OEStandardProperty 1178 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7ED27E00-0000016A.rss:OEStandardProperty 1174 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\7EF11AF5-00000173.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0C6B5AFD-0000016D.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\0FC62361-000000F6.rss:OEStandardProperty 1180 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\74356F19-00000160.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\19280EFC-0000018A.rss:OEStandardProperty 1144 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\19F30794-0000013E.rss:OEStandardProperty 1246 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1A3C6315-0000014D.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1A594453-000000FC.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1B014479-0000012A.rss:OEStandardProperty 1168 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\1B262791-00000175.rss:OEStandardProperty 1234 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\684B3DC9-000000F2.rss:OEStandardProperty 1250 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\79A46884-0000013B.rss:OEStandardProperty 1130 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2ED06AEF-00000120.rss:OEStandardProperty 1228 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2ED37A8A-000000E0.rss:OEStandardProperty 1202 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\30AB22E7-00000104.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\311B7432-000000E3.rss:OEStandardProperty 1190 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\44C82BF0-00000154.rss:OEStandardProperty 1156 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2A01108B-000000D0.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2A8E0F57-000000D8.rss:OEStandardProperty 1196 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2AA95487-000000EA.rss:OEStandardProperty 1216 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2AC316CB-00000130.rss:OEStandardProperty 1222 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2AD02B70-00000162.rss:OEStandardProperty 1178 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2AEB0B56-00000163.rss:OEStandardProperty 1172 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\MSNBC News\2AFC69A1-000000DE.rss:OEStandardProperty 1192 bytes
C:\Users\User\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6D880FA2-00000001.eml:OECustomProperty 916 bytes
C:\Users\User\Desktop\Andrea & Al's Wedding Welcome Herrman_Wedding.url:favicon 3638 bytes
C:\Users\User\Desktop\BETFAIR.url:favicon 894 bytes
C:\Users\User\Desktop\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\American Express Australia – Homepage.url:favicon 3638 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\ANZ Personal homepage.url:favicon 5430 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\BankWest Online Banking.url:favicon 1150 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\Commonwealth Securities Ltd..url:favicon 318 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\ESSSuper ESSSuper - Australia - Dedicated Super Fund, Investments, Financial Advice, Retirement Planning.url:favicon 3638 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\Welcome to SGE Credit Union.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\Westpac online - Sign In.url:favicon 1334 bytes
C:\Users\User\Favorites\Ben\Banking &Shares\Wizard Home Loans Australia, interest rates, fees.url:favicon 894 bytes
C:\Users\User\Favorites\Ben\Bleeping Computer - Computer Help and Discussion.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\D-Link Australia & New Zealand - DI-524.url:favicon 4150 bytes
C:\Users\User\Favorites\Ben\General Information for Emirates.url:favicon 4710 bytes
C:\Users\User\Favorites\Ben\Malware Silently Alters Wireless Router Settings - Security Fix#more#more.url:favicon 318 bytes
C:\Users\User\Favorites\Ben\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\Racing NSW - Forums.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\Suites Home Page - Microsoft Office Online.url:favicon 2862 bytes
C:\Users\User\Favorites\Ben\whitepages.com.au-wp-index.jsp.url:favicon 1406 bytes
C:\Users\User\Favorites\Ben\yellow.com.au - Keyword Search.url:favicon 318 bytes
C:\Users\User\Favorites\Email\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\User\Favorites\Margot\Optus myZOO - Webmail.url:favicon 1406 bytes
C:\Users\User\Favorites\METEO Previsioni del Tempo Italia ed Europa IL METEO.IT.url:favicon 1406 bytes
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh 5384 bytes
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden files: 564

< End of report >
[/code]

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 11 October 2008 - 09:36 PM

Hi can you attach part 1 again it doesn't show up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 October 2008 - 03:31 AM

[code=auto:0]
OTScanIt logfile created on: 6/10/2008 4:04:11 PM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Users\User\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.64% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.11% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 219.19 Gb Free Space | 73.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 3/09/2008 3:07:12 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 2/11/2006 8:51:38 PM | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 2/11/2006 8:51:32 PM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 2/11/2006 8:50:35 PM | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 2/11/2006 8:51:00 PM | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 2/11/2006 8:50:11 PM | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 2/11/2006 8:50:09 PM | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 2/11/2006 8:50:10 PM | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 2/11/2006 7:24:45 PM | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 2/11/2006 7:24:46 PM | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 2/11/2006 7:25:24 PM | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 2/11/2006 7:24:44 PM | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 2/11/2006 7:24:44 PM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 2/11/2006 7:24:47 PM | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 2/11/2006 8:51:34 PM | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 2/11/2006 8:50:17 PM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 2/11/2006 8:50:07 PM | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 2/11/2006 8:50:09 PM | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 2/11/2006 6:36:50 PM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 3/09/2008 3:07:14 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 3/09/2008 3:07:16 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 3/09/2008 3:07:12 PM | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 2/11/2006 8:50:10 PM | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 2/11/2006 8:50:16 PM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 28/03/2008 2:20:46 PM | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 2/11/2006 8:51:25 PM | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 2/11/2006 8:49:30 PM | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 2/11/2006 8:50:41 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 10:16:38 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 5:27:04 AM | Attr = ]
UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe ["C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"] -> Trend Micro Inc. [Ver = 16.10.0.1182 | Size = 1398024 bytes | Modified Date = 29/07/2008 3:24:38 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
OE -> %ProgramFiles%\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe ["C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"] -> Trend Micro Inc. [Ver = 5.0.0.1128 | Size = 488712 bytes | Modified Date = 18/09/2007 11:29:18 AM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 21, 0, 1004 | Size = 1576176 bytes | Modified Date = 3/09/2008 3:07:12 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 11:13:36 AM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 19/01/2008 6:33:10 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 19/01/2008 6:33:33 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 24/04/2008 3:58:20 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 19/01/2008 6:32:57 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 23/07/2008 5:28:18 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 19/01/2008 4:49:51 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 19/09/2006 8:43:36 AM | Attr = ]
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
::1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://au.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://au.yahoo.com ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com.au/ ->
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 5:27:02 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 5:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 5:27:02 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{56B79420-89F8-4323-87A6-6E039AAD74A4} -> (Intel® 82566DC-2 Gigabit Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 29/08/2008 10:53:50 AM | Attr = ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{149E45D8-163E-4189-86FC-45022AB2B6C9}[HKEY_LOCAL_MACHINE] -> file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx[SpinTop DRM Control] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.1/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.10/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.10/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.10/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.11/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.11/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.11/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.12/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.12/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.12/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.13/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.13/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.13/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.2/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.2/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.2/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.3/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.3/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.3/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.4/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.4/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.4/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.5/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.5/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.5/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.6/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.6/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.6/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.7/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.7/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.7/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.8/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.8/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.8/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.9/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.9/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/CONFLICT.9/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gp.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/stg_drm.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/stg_drm.ocx\\.Owner -> {149E45D8-163E-4189-86FC-45022AB2B6C9} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/stg_drm.ocx\\{149E45D8-163E-4189-86FC-45022AB2B6C9} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/atl.dll\\.Owner -> Unknown Owner ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Instrumentation\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Instrumentation\\InstrumentationLogFileDir -> %SystemRoot%\System32\com [C:\Windows\system32\com] -> [Folder | Modified Date = 22/09/2008 5:47:51 PM | Attr = ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AutoUpdateDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 177152 bytes | Modified Date = 19/01/2008 6:36:19 PM | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 497664 bytes | Modified Date = 19/01/2008 6:34:36 PM | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 19/01/2008 6:35:14 PM | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 268288 bytes | Modified Date = 19/01/2008 6:36:19 PM | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 168448 bytes | Modified Date = 19/01/2008 6:36:50 PM | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 62464 bytes | Modified Date = 19/01/2008 6:36:42 PM | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 19/01/2008 6:35:14 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 121344 bytes | Modified Date = 19/01/2008 6:35:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 06 E1 4D C8 DA 85 AC 1B FF A8 29 E2 B6 E8 15 17 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> AC FE AF FC 9C 0F 2F EF F0 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 9B 1F 3B 12 5D 4D [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> A6 02 21 BD 82 A5 AD 93 3A 38 E9 55 2C B3 96 90 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 19/01/2008 6:33:32 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDriverPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 513 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnPHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-UPnP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-QWave-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-HTTPSTR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30789|Desc=@FirewallAPI.dll,-30792|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-TERMSRV-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|Name=@FirewallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-Prov-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|Name=@FirewallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WinCollab-P2P-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|Name=@FirewallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MsiScsi-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-P2PHost-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\Collab-PNRP-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-VDSLDR-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RVM-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-WINMGMT-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMI-ASYNC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-PNRP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PNRPMNRS-SSDPSrv-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteEventLogSvc-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-NP-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteSvcAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\RemoteFwAdmin-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|Name=@FirewallAPI.dll,-28254|Desc=@FirewallAPI.dll,-28257|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-WSD-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|Name=@FirewallAPI.dll,-28258|Desc=@FirewallAPI.dll,-28261|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28262|Desc=@FirewallAPI.dll,-28265|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28266|Desc=@FirewallAPI.dll,-28269|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPC-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|Name=@FirewallAPI.dll,-28270|Desc=@FirewallAPI.dll,-28273|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\BITSSVC-RPCSS-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-28274|Desc=@FirewallAPI.dll,-28277|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE| ->

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 12 October 2008 - 08:47 AM

Please update and run Malware BYtes again and remove what it finds but post the log please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 morante

morante
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 October 2008 - 08:08 PM

See scan result below. It is clear. On the advice of my ISP I have reset the wireless router which may have done the trick. Thanks for your help.

Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 6.0.6001 Service Pack 1

13/10/2008 12:04:59 PM
mbam-log-2008-10-13 (12-04-59).txt

Scan type: Quick Scan
Objects scanned: 56388
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 12 October 2008 - 08:56 PM

Yep all looks good to me as well.

You can delete the OT scan it folder and anything else that we used.
==============================================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:50 AM

Posted 11 November 2008 - 07:45 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbsup:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users