Il system scan si è bloccato allo step dieci malgrado numerosi tentativi non sono riuscito ad andare oltre. Per quanto riguarda la scansione di malwarebytes è stato un mio errore; se fosse necessario potrei rifare la scansione in modalità normale.
SystemScan -
www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)
Running on: Windows VISTA , Service Pack 2 (6002.6.0)
System directory: C:\windows
SystemScan file: C:\Users\maurizio\Desktop\sys36982.exe\sys36982.exe
Running in: User mode
Date: 17/02/2011
Time: 13.31.44
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Streams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
===================== ACCOUNTS ON THIS PC =====================
Users on this computer:
Is Admin? | Username
Yes | Administrator (Disabled)
| Guest (Disabled)
Yes | maurizio
### users folders
### startup files in users folders
===================== RECENT FILES =====================
Listing files newer than 60 days
---- recent files in C:\
02/11/2006 12:18:34 -- 16/02/2011 16:18:38 (DIR) ---- 0 days old -- C:\Windows
16/02/2011 16:16:12 -- 16/02/2011 16:17:28 (DIR) -S-- 0 days old -- C:\ComboFix
16/02/2011 12:52:29 -- 16/02/2011 13:19:37 (DIR) ---- 1 days old -- C:\Qoobox
02/11/2006 12:18:33 -- 16/02/2011 13:13:11 (DIR) --R- 1 days old -- C:\Program Files
02/11/2006 12:18:33 -- 16/02/2011 13:13:10 (DIR) H--- 1 days old -- C:\ProgramData
16/02/2011 11:46:18 -- 16/02/2011 11:46:18 (DIR) HS-- 1 days old -- C:\Config.Msi
16/02/2011 11:46:05 -- 16/02/2011 11:46:06 (DIR) ---- 1 days old -- C:\1473d7559d9b4bad6f3b26f817
25/06/2008 13:22:25 -- 16/02/2011 11:37:43 (DIR) HS-- 1 days old -- C:\System Volume Information
14/02/2011 18:33:16 -- 14/02/2011 18:33:41 (DIR) ---- 2 days old -- C:\9eecbdc2b2e4de336cfd9154996585
09/02/2011 18:13:01 -- 09/02/2011 18:13:23 (DIR) ---- 7 days old -- C:\0b0b6b4cb124a7a9c4f4300c
20/12/2008 19:34:35 -- 17/02/2011 11:22:311378377728 HS-A 0 days old -- C:\pagefile.sys
09/02/2011 18:38:23 -- 09/02/2011 18:38:23 122 ---A 7 days old -- C:\mbam-error.txt
---- recent files in C:\Users\maurizio\AppData\Local\Temp\
17/02/2011 13:31:29 -- 17/02/2011 13:31:44 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\nsi5CB3.tmp
17/02/2011 12:24:29 -- 17/02/2011 12:57:33 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\nsi159.tmp
17/02/2011 12:40:49 -- 17/02/2011 12:57:33 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\nstF854.tmp
17/02/2011 12:36:36 -- 17/02/2011 12:36:40 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\{1aed23b9-e615-4bd0-bbff-94539636b397}
17/02/2011 11:52:00 -- 17/02/2011 12:32:50 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\nsl3F90.tmp
17/02/2011 11:30:04 -- 17/02/2011 12:24:12 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\Temp1_sys36982.exe.zip
17/02/2011 11:30:30 -- 17/02/2011 12:00:42 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\nss8CB5.tmp
17/02/2011 11:24:35 -- 17/02/2011 11:24:35 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\WPDNSE
17/02/2011 11:02:37 -- 17/02/2011 11:02:37 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\ppcrlui_3256_2.ui
16/02/2011 17:10:25 -- 16/02/2011 18:30:22 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\PDFC
16/02/2011 14:14:24 -- 16/02/2011 14:14:24 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp\_avast5_
16/02/2011 13:12:49 -- 16/02/2011 13:13:43 (DIR) ---- 1 days old -- C:\Users\maurizio\AppData\Local\Temp\0CP4H5FA
15/02/2011 18:55:32 -- 15/02/2011 18:59:51 (DIR) ---- 1 days old -- C:\Users\maurizio\AppData\Local\Temp\Google Toolbar
12/02/2011 19:39:37 -- 12/02/2011 19:39:37 (DIR) ---- 4 days old -- C:\Users\maurizio\AppData\Local\Temp\Low
17/02/2011 13:31:31 -- 17/02/2011 13:31:31 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DF3721.tmp
17/02/2011 11:30:30 -- 17/02/2011 13:31:29 51 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\systemscan.ini
17/02/2011 12:40:49 -- 17/02/2011 12:40:49 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DF348B.tmp
17/02/2011 12:24:31 -- 17/02/2011 12:24:31 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFB02E.tmp
17/02/2011 11:52:02 -- 17/02/2011 11:52:02 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFA7D0.tmp
17/02/2011 11:30:32 -- 17/02/2011 11:30:32 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFD5FA.tmp
16/02/2011 14:04:22 -- 17/02/2011 11:23:13 31832 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\maurizio.bmp
17/02/2011 11:09:01 -- 17/02/2011 11:09:01 16384 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DF2F4C.tmp
17/02/2011 11:09:00 -- 17/02/2011 11:09:00 0 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\~DF1E30.tmp
17/02/2011 11:02:37 -- 02/11/2006 13:33:46 254216 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\ppcrlui_3256_2
16/02/2011 15:26:50 -- 16/02/2011 15:26:50 468 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\WERC6F6.tmp.version.txt
16/02/2011 15:25:43 -- 16/02/2011 15:26:50 251388 ---A 0 days old -- C:\Users\maurizio\AppData\Local\Temp\WER-49187-0.sysdata.xml
16/02/2011 13:12:24 -- 16/02/2011 13:12:36 3347240 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\GamesBar-Silent-setup.raff_softonic-03.dl.exe
16/02/2011 12:58:57 -- 16/02/2011 13:05:28 16384 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFCF04.tmp
16/02/2011 12:58:55 -- 16/02/2011 12:58:55 0 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFC0AC.tmp
16/02/2011 12:51:32 -- 16/02/2011 12:52:03 1258736 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\facemoods.exe
15/02/2011 18:53:19 -- 15/02/2011 18:59:47 12621 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\GoogleToolbarInstaller1.log
15/02/2011 18:53:18 -- 15/02/2011 18:59:37 21652 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\GoogleToolbarInstaller2.log
15/02/2011 18:59:33 -- 15/02/2011 18:59:33 30 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\guiD1B.tmp
15/02/2011 18:55:15 -- 15/02/2011 18:55:15 30 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\gui1D03.tmp
15/02/2011 18:53:18 -- 15/02/2011 18:53:18 30 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\gui5283.tmp
15/02/2011 18:24:58 -- 02/11/2006 13:33:46 254216 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\ppcrlui_808_2
15/02/2011 14:57:50 -- 15/02/2011 14:58:31 16384 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFFDCC.tmp
15/02/2011 14:57:30 -- 15/02/2011 14:57:30 16384 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DF7EFD.tmp
15/02/2011 14:57:05 -- 15/02/2011 14:57:25 16384 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFC7B3.tmp
15/02/2011 14:57:05 -- 15/02/2011 14:57:05 0 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\~DFC146.tmp
15/02/2011 14:23:37 -- 15/02/2011 14:25:49 24091 ---A 1 days old -- C:\Users\maurizio\AppData\Local\Temp\_rf.log
---- recent files in C:\Windows\
25/06/2008 13:56:30 -- 17/02/2011 13:31:29 (DIR) ---- 0 days old -- C:\Windows\Temp
02/11/2006 12:18:34 -- 17/02/2011 11:27:36 (DIR) ---- 0 days old -- C:\Windows\inf
02/11/2006 12:18:36 -- 17/02/2011 11:27:36 (DIR) ---- 0 days old -- C:\Windows\System32
02/11/2006 12:18:44 -- 16/02/2011 16:19:40 (DIR) ---- 0 days old -- C:\Windows\tracing
10/02/2011 17:26:57 -- 16/02/2011 16:18:48 (DIR) ---- 0 days old -- C:\Windows\Minidump
02/11/2006 12:18:34 -- 16/02/2011 15:33:51 (DIR) -SR- 0 days old -- C:\Windows\assembly
02/11/2006 12:18:35 -- 16/02/2011 15:20:47 (DIR) ---- 0 days old -- C:\Windows\Microsoft.NET
16/02/2011 12:53:40 -- 16/02/2011 12:53:40 (DIR) ---- 1 days old -- C:\Windows\ERDNT
20/12/2008 10:39:18 -- 16/02/2011 12:52:14 (DIR) ---- 1 days old -- C:\Windows\Prefetch
25/06/2008 12:55:28 -- 16/02/2011 11:46:50 (DIR) HS-- 1 days old -- C:\Windows\Installer
02/11/2006 12:18:44 -- 15/02/2011 18:52:48 (DIR) ---- 1 days old -- C:\Windows\Tasks
17/04/2008 17:34:33 -- 12/02/2011 19:27:21 (DIR) ---- 4 days old -- C:\Windows\Debug
02/11/2006 12:18:44 -- 11/02/2011 15:28:15 (DIR) ---- 5 days old -- C:\Windows\winsxs
02/11/2006 12:18:36 -- 11/02/2011 12:17:05 (DIR) ---- 6 days old -- C:\Windows\rescache
09/02/2011 18:43:54 -- 09/02/2011 18:43:54 (DIR) ---- 7 days old -- C:\Windows\pss
02/11/2006 12:18:34 -- 23/12/2010 20:27:36 (DIR) -S-- 55 days old -- C:\Windows\Downloaded Program Files
20/12/2008 11:53:51 -- 17/02/2011 11:26:29 2024358 ---A 0 days old -- C:\Windows\WindowsUpdate.log
02/11/2006 13:53:49 -- 17/02/2011 11:22:37 67584 -S-A 0 days old -- C:\Windows\bootstat.dat
31/12/2008 18:01:39 -- 16/02/2011 18:30:58 3831 ---A 0 days old -- C:\Windows\bthservsdp.dat
16/02/2011 14:13:10 -- 16/02/2011 16:18:38 209708878 ---A 0 days old -- C:\Windows\MEMORY.DMP
16/02/2011 14:13:10 -- 16/02/2011 16:18:38 4410 ---A 0 days old -- C:\Windows\PFRO.log
16/02/2011 16:15:47 -- 31/08/2000 08:00:00 212480 ---A 0 days old -- C:\Windows\SWXCACLS.exe
16/02/2011 13:18:42 -- 31/08/2000 08:00:00 161792 ---A 1 days old -- C:\Windows\SWREG.exe
16/02/2011 13:18:42 -- 31/08/2000 08:00:00 98816 ---A 1 days old -- C:\Windows\sed.exe
16/02/2011 13:18:42 -- 31/08/2000 08:00:00 68096 ---A 1 days old -- C:\Windows\zip.exe
16/02/2011 13:18:42 -- 31/08/2000 08:00:00 136704 ---A 1 days old -- C:\Windows\SWSC.exe
16/02/2011 13:18:42 -- 31/08/2000 08:00:00 80412 ---A 1 days old -- C:\Windows\grep.exe
16/02/2011 13:18:42 -- 26/04/2010 15:58:12 256512 ---A 1 days old -- C:\Windows\PEV.exe
16/02/2011 13:18:42 -- 08/11/2010 01:20:24 89088 ---A 1 days old -- C:\Windows\MBR.exe
16/02/2011 13:18:42 -- 20/04/2009 12:56:28 31232 ---A 1 days old -- C:\Windows\NIRCMD.exe
13/08/2010 15:30:41 -- 13/01/2011 09:47:35 38848 ---A 35 days old -- C:\Windows\avastSS.scr
---- recent files in C:\Windows\system\
---- recent files in C:\Windows\system32\
02/11/2006 12:18:36 -- 16/02/2011 16:16:10 (DIR) ---- 0 days old -- C:\Windows\system32\drivers
02/11/2006 12:18:43 -- 16/02/2011 15:46:51 (DIR) ---- 0 days old -- C:\Windows\system32\LogFiles
02/11/2006 12:18:42 -- 16/02/2011 11:46:32 (DIR) ---A 1 days old -- C:\Windows\system32\it-IT
02/11/2006 12:18:42 -- 16/02/2011 11:43:06 (DIR) ---- 1 days old -- C:\Windows\system32\en-US
02/11/2006 12:18:43 -- 15/02/2011 18:52:48 (DIR) ---- 1 days old -- C:\Windows\system32\Tasks
02/11/2006 12:18:36 -- 15/02/2011 14:28:02 (DIR) ---- 1 days old -- C:\Windows\system32\catroot2
02/11/2006 12:18:36 -- 11/02/2011 11:57:49 (DIR) ---- 6 days old -- C:\Windows\system32\catroot
02/11/2006 12:18:43 -- 11/02/2011 11:54:30 (DIR) ---- 6 days old -- C:\Windows\system32\migration
25/06/2008 13:07:00 -- 23/12/2010 20:28:57 (DIR) ---- 55 days old -- C:\Windows\system32\Macromed
23/12/2010 20:27:35 -- 23/12/2010 20:27:55 (DIR) ---- 55 days old -- C:\Windows\system32\Adobe
02/11/2006 13:45:09 -- 17/02/2011 13:22:43 3216 ---A 0 days old -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
02/11/2006 13:45:09 -- 17/02/2011 13:22:43 3216 ---A 0 days old -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
02/11/2006 11:33:01 -- 17/02/2011 11:27:36 123852 ---A 0 days old -- C:\Windows\system32\perfc009.dat
16/04/2008 15:38:15 -- 17/02/2011 11:27:36 724196 ---A 0 days old -- C:\Windows\system32\perfh010.dat
02/11/2006 11:33:01 -- 17/02/2011 11:27:36 642684 ---A 0 days old -- C:\Windows\system32\perfh009.dat
16/04/2008 16:33:02 -- 17/02/2011 11:27:36 1633044 ---A 0 days old -- C:\Windows\system32\PerfStringBackup.INI
16/04/2008 15:38:15 -- 17/02/2011 11:27:36 148088 ---A 0 days old -- C:\Windows\system32\perfc010.dat
28/09/2009 09:03:44 -- 17/02/2011 11:23:09 17408 ---A 0 days old -- C:\Windows\system32\rpcnetp.exe
28/09/2009 09:11:02 -- 17/02/2011 11:23:06 58288 ---A 0 days old -- C:\Windows\system32\rpcnet.dll
02/11/2006 11:23:09 -- 16/02/2011 16:33:21 2577 ---A 0 days old -- C:\Windows\system32\config.nt
28/09/2009 09:11:02 -- 16/02/2011 12:34:34 58288 ---- 1 days old -- C:\Windows\system32\rpcnet.exe
05/05/2009 13:29:41 -- 16/02/2011 12:31:23 17408 ---A 1 days old -- C:\Windows\system32\rpcnetp.dll
02/11/2006 13:44:53 -- 11/02/2011 11:56:37 372688 ---A 6 days old -- C:\Windows\system32\FNTCACHE.DAT
02/11/2006 11:24:01 -- 11/02/2011 10:50:34 37443528 ---A 6 days old -- C:\Windows\system32\mrt.exe
10/02/2011 09:13:19 -- 18/12/2010 07:23:11 55296 ---A 7 days old -- C:\Windows\system32\msfeedsbs.dll
10/02/2011 09:13:19 -- 18/12/2010 07:26:50 1210880 ---A 7 days old -- C:\Windows\system32\urlmon.dll
10/02/2011 09:13:18 -- 18/12/2010 05:47:42 13312 ---A 7 days old -- C:\Windows\system32\msfeedssync.exe
10/02/2011 09:13:18 -- 18/12/2010 07:22:11 55808 ---A 7 days old -- C:\Windows\system32\iernonce.dll
10/02/2011 09:13:14 -- 18/12/2010 07:22:33 25600 ---A 7 days old -- C:\Windows\system32\jsproxy.dll
10/02/2011 09:13:14 -- 18/12/2010 07:22:27 1469440 ---A 7 days old -- C:\Windows\system32\inetcpl.cpl
10/02/2011 09:13:14 -- 18/12/2010 07:22:06 387584 ---A 7 days old -- C:\Windows\system32\iedkcs32.dll
10/02/2011 09:13:14 -- 18/12/2010 05:48:23 173568 ---A 7 days old -- C:\Windows\system32\ie4uinit.exe
10/02/2011 09:13:08 -- 18/12/2010 05:48:39 133632 ---A 7 days old -- C:\Windows\system32\ieUnatt.exe
10/02/2011 09:13:08 -- 18/12/2010 07:27:04 916480 ---A 7 days old -- C:\Windows\system32\wininet.dll
10/02/2011 09:13:07 -- 18/12/2010 07:23:11 602112 ---A 7 days old -- C:\Windows\system32\msfeeds.dll
10/02/2011 09:13:06 -- 18/12/2010 07:25:26 206848 ---A 7 days old -- C:\Windows\system32\occache.dll
10/02/2011 09:13:05 -- 18/12/2010 05:47:11 1638912 ---A 7 days old -- C:\Windows\system32\mshtml.tlb
10/02/2011 09:13:05 -- 18/12/2010 07:22:11 71680 ---A 7 days old -- C:\Windows\system32\iesetup.dll
10/02/2011 09:13:05 -- 18/12/2010 07:22:11 109056 ---A 7 days old -- C:\Windows\system32\iesysprep.dll
10/02/2011 09:13:04 -- 18/12/2010 07:22:10 11080704 ---A 7 days old -- C:\Windows\system32\ieframe.dll
10/02/2011 09:13:04 -- 18/12/2010 07:22:11 1991680 ---A 7 days old -- C:\Windows\system32\iertutil.dll
10/02/2011 09:13:02 -- 18/12/2010 07:22:41 43520 ---A 7 days old -- C:\Windows\system32\licmgr10.dll
10/02/2011 09:13:01 -- 18/12/2010 07:22:10 184320 ---A 7 days old -- C:\Windows\system32\iepeers.dll
10/02/2011 09:13:00 -- 18/12/2010 07:23:15 66560 ---A 7 days old -- C:\Windows\system32\mshtmled.dll
10/02/2011 09:13:00 -- 18/12/2010 07:22:11 164352 ---A 7 days old -- C:\Windows\system32\ieui.dll
10/02/2011 09:13:00 -- 18/12/2010 07:23:39 611840 ---A 7 days old -- C:\Windows\system32\mstime.dll
10/02/2011 09:13:00 -- 18/12/2010 06:25:26 385024 ---A 7 days old -- C:\Windows\system32\html.iec
10/02/2011 09:12:59 -- 18/12/2010 07:23:15 5961216 ---A 7 days old -- C:\Windows\system32\mshtml.dll
10/02/2011 09:12:23 -- 31/12/2010 14:57:01 2039808 ---A 7 days old -- C:\Windows\system32\win32k.sys
10/02/2011 09:12:14 -- 15/10/2010 15:08:12 3550096 ---A 7 days old -- C:\Windows\system32\ntoskrnl.exe
10/02/2011 09:12:12 -- 15/10/2010 14:48:59 1205080 ---A 7 days old -- C:\Windows\system32\ntdll.dll
10/02/2011 09:12:07 -- 15/10/2010 15:08:12 3602320 ---A 7 days old -- C:\Windows\system32\ntkrnlpa.exe
10/02/2011 09:11:50 -- 20/01/2011 15:15:10 979456 ---A 7 days old -- C:\Windows\system32\MFH264Dec.dll
10/02/2011 09:11:50 -- 20/01/2011 15:14:03 261632 ---A 7 days old -- C:\Windows\system32\mfreadwrite.dll
10/02/2011 09:11:49 -- 20/01/2011 15:14:39 357376 ---A 7 days old -- C:\Windows\system32\MFHEAACdec.dll
10/02/2011 09:11:49 -- 20/01/2011 15:14:03 302592 ---A 7 days old -- C:\Windows\system32\mfmp4src.dll
10/02/2011 09:11:49 -- 20/01/2011 17:04:54 209920 ---A 7 days old -- C:\Windows\system32\mfplat.dll
10/02/2011 09:11:48 -- 20/01/2011 14:44:03 797184 ---A 7 days old -- C:\Windows\system32\FntCache.dll
10/02/2011 09:11:48 -- 20/01/2011 15:12:46 1172480 ---A 7 days old -- C:\Windows\system32\d3d10warp.dll
10/02/2011 09:11:48 -- 20/01/2011 17:06:38 2873344 ---A 7 days old -- C:\Windows\system32\mf.dll
10/02/2011 09:11:48 -- 20/01/2011 14:44:05 1068544 ---A 7 days old -- C:\Windows\system32\DWrite.dll
10/02/2011 09:11:46 -- 20/01/2011 14:47:51 683008 ---A 7 days old -- C:\Windows\system32\d2d1.dll
10/02/2011 09:11:46 -- 20/01/2011 17:07:16 586240 ---A 7 days old -- C:\Windows\system32\stobject.dll
10/02/2011 09:11:46 -- 20/01/2011 17:07:03 1075712 ---A 7 days old -- C:\Windows\system32\shdocvw.dll
10/02/2011 09:11:45 -- 20/01/2011 17:08:06 1029120 ---A 7 days old -- C:\Windows\system32\d3d10.dll
10/02/2011 09:11:45 -- 20/01/2011 15:11:34 486400 ---A 7 days old -- C:\Windows\system32\d3d10level9.dll
10/02/2011 09:11:45 -- 20/01/2011 17:08:06 160768 ---A 7 days old -- C:\Windows\system32\d3d10_1.dll
10/02/2011 09:11:44 -- 20/01/2011 15:26:30 667648 ---A 7 days old -- C:\Windows\system32\printfilterpipelinesvc.exe
10/02/2011 09:11:44 -- 20/01/2011 17:07:58 37376 ---A 7 days old -- C:\Windows\system32\cdd.dll
10/02/2011 09:11:44 -- 20/01/2011 17:04:54 98816 ---A 7 days old -- C:\Windows\system32\mfps.dll
10/02/2011 09:11:44 -- 20/01/2011 17:08:06 219648 ---A 7 days old -- C:\Windows\system32\d3d10_1core.dll
10/02/2011 09:11:44 -- 20/01/2011 17:06:35 26112 ---A 7 days old -- C:\Windows\system32\printfilterpipelineprxy.dll
10/02/2011 09:11:44 -- 20/01/2011 17:08:16 478720 ---A 7 days old -- C:\Windows\system32\dxgi.dll
10/02/2011 09:11:43 -- 20/01/2011 17:08:06 189952 ---A 7 days old -- C:\Windows\system32\d3d10core.dll
10/02/2011 09:11:42 -- 20/01/2011 17:07:42 258048 ---A 7 days old -- C:\Windows\system32\winspool.drv
10/02/2011 09:11:42 -- 20/01/2011 15:24:26 135680 ---A 7 days old -- C:\Windows\system32\XpsRasterService.dll
10/02/2011 09:11:42 -- 20/01/2011 15:24:32 288768 ---A 7 days old -- C:\Windows\system32\XpsGdiConverter.dll
10/02/2011 09:11:41 -- 20/01/2011 15:27:50 876032 ---A 7 days old -- C:\Windows\system32\XpsPrint.dll
10/02/2011 09:11:41 -- 20/01/2011 15:28:38 1554432 ---A 7 days old -- C:\Windows\system32\xpsservices.dll
10/02/2011 09:11:41 -- 20/01/2011 15:25:25 847360 ---A 7 days old -- C:\Windows\system32\OpcServices.dll
10/02/2011 09:10:23 -- 21/01/2011 17:35:22 11586048 ---A 7 days old -- C:\Windows\system32\shell32.dll
10/02/2011 09:10:18 -- 21/01/2011 17:35:22 353280 ---A 7 days old -- C:\Windows\system32\shlwapi.dll
10/02/2011 09:10:11 -- 08/01/2011 07:28:49 292352 ---A 7 days old -- C:\Windows\system32\atmfd.dll
10/02/2011 09:10:06 -- 08/01/2011 09:47:50 34304 ---A 7 days old -- C:\Windows\system32\atmlib.dll
22/12/2008 15:07:58 -- 13/01/2011 09:47:32 188216 ---A 35 days old -- C:\Windows\system32\aswBoot.exe
12/01/2011 18:54:29 -- 28/12/2010 16:55:03 413696 ---A 35 days old -- C:\Windows\system32\odbc32.dll
12/01/2011 18:54:19 -- 14/12/2010 15:49:23 1169408 ---A 35 days old -- C:\Windows\system32\sdclt.exe
---- recent files in C:\Windows\system32\drivers\
10/02/2011 09:11:47 -- 20/01/2011 17:37:37 638336 ---A 7 days old -- C:\Windows\system32\drivers\dxgkrnl.sys
22/12/2008 15:08:09 -- 13/01/2011 09:41:16 294608 ---A 35 days old -- C:\Windows\system32\drivers\aswSP.sys
22/12/2008 15:08:10 -- 13/01/2011 09:40:16 47440 ---A 35 days old -- C:\Windows\system32\drivers\aswTdi.sys
22/12/2008 15:08:10 -- 13/01/2011 09:37:30 23632 ---A 35 days old -- C:\Windows\system32\drivers\aswRdr.sys
22/12/2008 15:07:58 -- 13/01/2011 09:37:19 51280 ---A 35 days old -- C:\Windows\system32\drivers\aswMonFlt.sys
22/12/2008 15:08:09 -- 13/01/2011 09:37:09 17744 ---A 35 days old -- C:\Windows\system32\drivers\aswFsBlk.sys
21/01/2009 12:52:03 -- 20/12/2010 18:09:00 38224 ---A 58 days old -- C:\Windows\system32\drivers\mbamswissarmy.sys
21/01/2009 12:52:06 -- 20/12/2010 18:08:40 20952 ---A 58 days old -- C:\Windows\system32\drivers\mbam.sys
---- recent files in C:\Windows\temp\
16/02/2011 14:01:49 -- 17/02/2011 13:31:31 (DIR) ---- 0 days old -- C:\Windows\temp\_avast_
10/03/2010 18:01:48 -- 17/02/2011 13:24:23 (DIR) ---- 0 days old -- C:\Windows\temp\_avast5_
16/02/2011 14:13:41 -- 16/02/2011 14:13:41 (DIR) ---- 0 days old -- C:\Windows\temp\PDFC
17/02/2011 11:25:18 -- 17/02/2011 11:25:19 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110217-112518-0.log
17/02/2011 11:22:53 -- 17/02/2011 11:25:18 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110217-112253-0.log
15/02/2011 18:55:38 -- 17/02/2011 11:04:58 2102 ---A 0 days old -- C:\Windows\temp\GoogleToolbarInstaller1.log
17/02/2011 11:03:39 -- 17/02/2011 11:03:40 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110217-110339-0.log
17/02/2011 11:01:19 -- 17/02/2011 11:03:39 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110217-110119-0.log
16/02/2011 16:20:55 -- 16/02/2011 16:20:55 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-162055-0.log
16/02/2011 16:18:58 -- 16/02/2011 16:20:54 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-161857-0.log
16/02/2011 16:16:12 -- 16/02/2011 16:16:24 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-161612-0.log
16/02/2011 16:13:38 -- 16/02/2011 16:16:11 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-161338-0.log
16/02/2011 16:10:23 -- 16/02/2011 16:10:25 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-161023-0.log
16/02/2011 16:07:06 -- 16/02/2011 16:10:20 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-160704-0.log
16/02/2011 16:01:56 -- 16/02/2011 16:01:57 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-160156-0.log
16/02/2011 16:00:06 -- 16/02/2011 16:01:55 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-160005-0.log
16/02/2011 15:48:33 -- 16/02/2011 15:48:34 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-154833-0.log
16/02/2011 15:46:53 -- 16/02/2011 15:48:33 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-154653-0.log
16/02/2011 15:28:28 -- 16/02/2011 15:28:30 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-152828-0.log
16/02/2011 15:25:33 -- 16/02/2011 15:28:27 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-152533-0.log
16/02/2011 15:17:08 -- 16/02/2011 15:17:09 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-151708-0.log
16/02/2011 15:15:36 -- 16/02/2011 15:17:08 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-151536-0.log
16/02/2011 14:30:05 -- 16/02/2011 14:30:05 4269765 ---A 0 days old -- C:\Windows\temp\ComCD0F.tmp
16/02/2011 14:28:39 -- 16/02/2011 14:28:40 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-142839-0.log
16/02/2011 14:26:33 -- 16/02/2011 14:28:39 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-142633-0.log
16/02/2011 14:21:40 -- 16/02/2011 14:21:41 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-142140-0.log
16/02/2011 14:19:33 -- 16/02/2011 14:21:40 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-141932-0.log
16/02/2011 14:15:52 -- 16/02/2011 14:15:53 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-141552-0.log
16/02/2011 14:13:30 -- 16/02/2011 14:15:52 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-141330-0.log
16/02/2011 13:35:17 -- 16/02/2011 13:35:18 622 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-133517-0.log
16/02/2011 13:32:27 -- 16/02/2011 13:35:17 37198 ---A 0 days old -- C:\Windows\temp\lpksetup-20110216-133227-0.log
16/02/2011 13:25:58 -- 16/02/2011 13:25:58 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-132558-0.log
16/02/2011 13:22:40 -- 16/02/2011 13:25:57 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-132240-0.log
16/02/2011 13:11:23 -- 16/02/2011 13:11:24 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-131123-0.log
16/02/2011 13:09:26 -- 16/02/2011 13:11:23 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-130926-0.log
16/02/2011 13:00:21 -- 16/02/2011 13:00:22 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-130021-0.log
16/02/2011 12:57:48 -- 16/02/2011 13:00:21 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-125748-0.log
16/02/2011 12:51:03 -- 16/02/2011 12:51:04 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-125103-0.log
16/02/2011 12:48:58 -- 16/02/2011 12:51:03 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-124857-0.log
16/02/2011 12:33:45 -- 16/02/2011 12:33:48 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-123345-0.log
16/02/2011 12:31:01 -- 16/02/2011 12:33:44 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-123101-0.log
16/02/2011 11:46:11 -- 16/02/2011 11:46:50 907090 ---A 1 days old -- C:\Windows\temp\Microsoft .NET Framework Client Profile Language Pack Setup_20110216_114608952-MSI_netfx_CoreLP_x86.msi.txt
16/02/2011 11:46:09 -- 16/02/2011 11:46:19 3078 ---A 1 days old -- C:\Windows\temp\HFI2E54.tmp.html
16/02/2011 11:46:08 -- 16/02/2011 11:46:11 244778 ---A 1 days old -- C:\Windows\temp\Microsoft .NET Framework Client Profile Language Pack Setup_20110216_114608952.html
16/02/2011 11:46:05 -- 16/02/2011 11:46:06 1126 ---A 1 days old -- C:\Windows\temp\dd_dotNetFx40LP_Client_x86it_decompression_log.txt
16/02/2011 11:39:06 -- 16/02/2011 11:45:59 581178 ---A 1 days old -- C:\Windows\temp\Microsoft .NET Framework 4 Client Profile Setup_20110216_113910201.html
16/02/2011 11:42:15 -- 16/02/2011 11:45:55 3585710 ---A 1 days old -- C:\Windows\temp\Microsoft .NET Framework 4 Client Profile Setup_20110216_113910201-MSI_netfx_Core_x86.msi.txt
16/02/2011 11:34:18 -- 16/02/2011 11:34:19 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-113418-0.log
16/02/2011 11:32:21 -- 16/02/2011 11:34:18 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110216-113221-0.log
15/02/2011 18:34:27 -- 15/02/2011 18:34:28 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-183427-0.log
15/02/2011 18:31:44 -- 15/02/2011 18:34:27 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-183144-0.log
15/02/2011 18:22:47 -- 15/02/2011 18:22:48 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-182247-0.log
15/02/2011 18:20:23 -- 15/02/2011 18:22:47 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-182023-0.log
15/02/2011 16:22:43 -- 15/02/2011 16:22:44 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-162243-0.log
15/02/2011 16:20:37 -- 15/02/2011 16:22:43 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-162037-0.log
15/02/2011 15:09:31 -- 15/02/2011 15:09:32 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-150931-0.log
15/02/2011 15:06:38 -- 15/02/2011 15:09:30 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-150637-0.log
15/02/2011 14:57:51 -- 15/02/2011 14:57:52 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-145751-0.log
15/02/2011 14:55:08 -- 15/02/2011 14:57:51 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-145507-0.log
15/02/2011 14:31:52 -- 15/02/2011 14:31:53 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-143152-0.log
15/02/2011 14:29:13 -- 15/02/2011 14:31:41 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-142913-0.log
15/02/2011 14:20:23 -- 15/02/2011 14:20:25 622 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-142023-0.log
15/02/2011 14:18:13 -- 15/02/2011 14:20:23 37198 ---A 1 days old -- C:\Windows\temp\lpksetup-20110215-141813-0.log
---- recent files in C:\Program Files\
16/02/2011 13:13:11 -- 16/02/2011 13:13:11 (DIR) ---- 1 days old -- C:\Program Files\Oberon Media
16/02/2011 13:12:57 -- 16/02/2011 13:13:08 (DIR) ---- 1 days old -- C:\Program Files\GamesBar
02/11/2006 12:18:33 -- 16/02/2011 13:12:55 (DIR) ---- 1 days old -- C:\Program Files\Common Files
29/12/2008 13:25:28 -- 16/02/2011 12:52:28 (DIR) ---- 1 days old -- C:\Program Files\Mozilla Firefox
16/02/2011 12:52:27 -- 16/02/2011 12:52:27 (DIR) ---- 1 days old -- C:\Program Files\facemoods.com
16/02/2011 11:42:53 -- 16/02/2011 11:42:53 (DIR) ---- 1 days old -- C:\Program Files\Microsoft.NET
23/12/2010 20:28:21 -- 15/02/2011 18:53:21 (DIR) ---- 1 days old -- C:\Program Files\Google
12/02/2011 17:10:10 -- 12/02/2011 17:10:10 (DIR) ---- 4 days old -- C:\Program Files\Trend Micro
02/11/2006 12:18:33 -- 11/02/2011 11:54:31 (DIR) ---- 6 days old -- C:\Program Files\Windows Mail
02/11/2006 12:18:33 -- 11/02/2011 11:54:30 (DIR) ---- 6 days old -- C:\Program Files\Internet Explorer
21/01/2009 12:52:02 -- 10/02/2011 17:16:13 (DIR) ---- 6 days old -- C:\Program Files\Malwarebytes' Anti-Malware
09/02/2011 18:53:54 -- 09/02/2011 19:05:49 (DIR) ---- 7 days old -- C:\Program Files\CCleaner
09/11/2010 13:32:44 -- 07/01/2011 13:03:55 (DIR) ---- 41 days old -- C:\Program Files\Microsoft Silverlight
---- recent files in C:\Program Files\Common Files\
16/02/2011 13:12:55 -- 16/02/2011 13:12:57 (DIR) ---- 1 days old -- C:\Program Files\Common Files\Oberon Media
---- recent files in C:\Users\maurizio\AppData\Roaming\
16/02/2011 13:13:02 -- 16/02/2011 13:13:02 (DIR) ---- 1 days old -- C:\Users\maurizio\AppData\Roaming\Oberon Media
20/12/2008 11:59:01 -- 15/02/2011 13:08:47 (DIR) -S-- 2 days old -- C:\Users\maurizio\AppData\Roaming\Microsoft
23/12/2010 20:37:36 -- 05/01/2011 18:58:12 (DIR) ---- 42 days old -- C:\Users\maurizio\AppData\Roaming\Google
---- recent files in C:\Users\maurizio\AppData\Local\
20/12/2008 11:59:01 -- 17/02/2011 13:31:37 (DIR) ---- 0 days old -- C:\Users\maurizio\AppData\Local\Temp
23/12/2010 20:28:37 -- 15/02/2011 18:59:47 (DIR) ---- 1 days old -- C:\Users\maurizio\AppData\Local\Google
12/02/2011 19:34:15 -- 12/02/2011 19:34:31 (DIR) ---- 4 days old -- C:\Users\maurizio\AppData\Local\Ares
16/02/2011 12:47:46 -- 16/02/2011 18:30:29 2385766 H--A 0 days old -- C:\Users\maurizio\AppData\Local\IconCache.db
===================== DUPLICATE FILES IN BAK FOLDERS =====================
No BAK folders found
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"Windows Defender"=expand:"%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
@=""
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui"
"facemoods"="\"C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe\" /md I"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"RoboForm"="\"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe\""
"SearchEngineProtection"="C:\Program Files\Gamesbar\SearchEngineProtection.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\Windows\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"WinStationsDisabled"="0"
"System"=""
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Wireless Group Policy"
"DllName"=expand:"wlgpclnt.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"%SystemRoot%\System32\dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"DllName"="C:\windows\System32\iedkcs32.dll"
"@="Internet Explorer Zonemapping"
[Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"
[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\windows\System32\iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"@="Security"
"DllName"=expand:"scecli.dll"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="C:\windows\System32\iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"
[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\windows\System32\iedkcs32.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="IP Security"
"DllName"=expand:"%SystemRoot%\System32\polstore.dll"
[Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"@="Enterprise QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\DeviceNP]
"DllName"="DeviceNP.dll"
[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001772
"ParseAutoexec"="1"
"FirstLogon"=dword:00000000
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[runonceex]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[runonce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
#### HKCR\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32 @="C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll"
@="facemoods Helper"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
#### HKCR\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\InprocServer32 @="C:\Program Files\Siber Systems\AI RoboForm\roboform.dll"
@="RoboForm"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll"
[Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
#### HKCR\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\InprocServer32 @="C:\Program Files\GamesBar\2.0.1.81\oberontb.dll"
[Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
#### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="C:\Program Files\Java\jre6\bin\jp2ssv.dll"
"NoExplorer"=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
"path"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk"
"backup"="C:\windows\pss\DVD Check.lnk.CommonStartup"
"location"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
"backupExtension"=".CommonStartup"
"command"="C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe "
"item"="DVD Check"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg]
[MSConfig\startupreg\ares]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ares"
"hkey"="HKCU"
"command"="\"C:\Program Files\Ares\Ares.exe\" -h"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:0000000c
"HOUR"=dword:00000013
"MINUTE"=dword:00000026
"SECOND"=dword:0000001d
[MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CanonSolutionMenu"
"hkey"="HKLM"
"command"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="hpWirelessAssistant"
"hkey"="HKLM"
"command"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Malwarebytes Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe\" /runcleanupscript"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\OpwareSE4]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="OpwareSE4"
"hkey"="HKLM"
"command"="\"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe\""
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="PCSuiteTrayApplication"
"hkey"="HKLM"
"command"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000013
"MINUTE"=dword:0000000d
"SECOND"=dword:0000000c
[MSConfig\startupreg\PcSync]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="PcSync"
"hkey"="HKCU"
"command"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000013
"MINUTE"=dword:0000000c
"SECOND"=dword:00000017
[MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="\"C:\Program Files\PDF Complete\pdfsty.exe\""
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\PTHOSTTR]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="PTHOSTTR"
"hkey"="HKLM"
"command"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\QlbCtrl]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="QlbCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\swg]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe\""
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000013
"MINUTE"=dword:0000000c
"SECOND"=dword:00000022
[MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000013
"MINUTE"=dword:0000000c
"SECOND"=dword:00000033
[MSConfig\startupreg\WatchDog]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\startupreg\WrtMon.exe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="WrtMon.exe"
"hkey"="HKLM"
"command"="C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe"
"inimapping"="0"
"YEAR"=dword:000007db
"MONTH"=dword:00000002
"DAY"=dword:00000009
"HOUR"=dword:00000012
"MINUTE"=dword:0000002b
"SECOND"=dword:00000036
[MSConfig\state]
"startup"=dword:00000002
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\Windows\system32\logon.scr"
[Desktop\LanguageConfiguration]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\Windows\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\AuditPolicy]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Credssp]
[Lsa\Data]
[Lsa\FipsAlgorithmPolicy]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DisplayName"="@%SystemRoot%\system32\ipnathlp.dll,-106"
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"Description"="@%SystemRoot%\system32\ipnathlp.dll,-107"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=multi:"Netman\00WinMgmt\00RasMan\00BFE\00\00"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=multi:"SeChangeNotifyPrivilege\00SeCreateGlobalPrivilege\00SeImpersonatePrivilege\00SeLoadDriverPrivilege\00SeTakeOwnershipPrivilege\00\00"
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
[SharedAccess\Defaults]
[SharedAccess\Defaults\FirewallPolicy]
"IPSecExempt"=dword:00000001
"DisableStatefulFTP"=dword:00000000
"DisableStatefulPPTP"=dword:00000000
"PolicyVersion"=dword:00000201
[SharedAccess\Defaults\FirewallPolicy\DomainProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001
[SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
[SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PerfLogsAlerts-PLASrv-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"MSDTC-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-KTMRM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"WPDMTP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30515|Desc=@FirewallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30519|Desc=@FirewallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-30523|Desc=@FirewallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"WinCollab-DFSR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-DFSR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-P2P-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-P2P-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"PNRPMNRS-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|"
"PNRPMNRS-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteTask-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"WMI-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-ASYNC-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-ASYNC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"Collab-P2PHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"Collab-P2PHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"Collab-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"RRAS-L2TP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33753|Desc=@FirewallAPI.dll,-33756|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-L2TP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33757|Desc=@FirewallAPI.dll,-33760|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-PPTP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-PPTP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RVM-VDS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"WINRM-HTTP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|"
"WINRM-HTTP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|"
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|"
"RemoteAssistance-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|"
"RemoteAssistance-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnP-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"BITSSVC-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28254|Desc=@FirewallAPI.dll,-28257|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28258|Desc=@FirewallAPI.dll,-28261|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28262|Desc=@FirewallAPI.dll,-28265|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28266|Desc=@FirewallAPI.dll,-28269|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-RPC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28270|Desc=@FirewallAPI.dll,-28273|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-28274|Desc=@FirewallAPI.dll,-28277|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"RemoteAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"MsiScsi-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"Netlogon-NamedPipe-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|xxxxx@xxxxxgon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|Edge=FALSE|"
"SNMPTRAP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|Edge=FALSE|"
"SNMPTRAP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|Edge=FALSE|"
"SSTP-IN-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|xxxxx@xxxxxvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnP-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"CoreNet-ICMP6-DU-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|xxxxx@xxxxxallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|xxxxx@xxxxxallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|xxxxx@xxxxxallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-TE-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|xxxxx@xxxxxallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|xxxxx@xxxxxallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-PP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|xxxxx@xxxxxallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|xxxxx@xxxxxallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-NDS-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|xxxxx@xxxxxallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|xxxxx@xxxxxallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-NDA-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|xxxxx@xxxxxallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|xxxxx@xxxxxallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RA-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|xxxxx@xxxxxallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RA-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|xxxxx@xxxxxallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RS-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|xxxxx@xxxxxallAPI.dll,-26106|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RS-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|xxxxx@xxxxxallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LQ-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LQ-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR2-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR2-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LD-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LD-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP4-DUFRAG-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|xxxxx@xxxxxallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IGMP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IGMP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DHCP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DHCP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-Teredo-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-Teredo-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IPv6-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IPv6-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-GP-NP-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-GP-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|xxxxx@xxxxxallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DNS-Out-UDP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|"
"CoreNet-GP-LSASS-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|xxxxx@xxxxxallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"FPS-NB_Session-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SpoolSvc-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-Out"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-Out"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
[SharedAccess\Defaults\FirewallPolicy\PublicProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001
[SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
[SharedAccess\Defaults\FirewallPolicy\StandardProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001
[SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
[SharedAccess\Epoch]
"Epoch"=dword:00000656
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
"ServiceDllUnloadOnStop"=dword:00000001
"ScopeAddress"="192.168.0.1"
"ScopeAddressBackup"="192.168.0.1"
"SharedAutoDial"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy]
"DisableStatefulFTP"=dword:00000000
"PolicyVersion"=dword:00000201
"DisableStatefulPPTP"=dword:00000000
"IPSecExempt"=dword:00000001
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
[SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"FPS-ICMP6-ERQ-Out"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-Out"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SpoolSvc-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Name-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-SMB-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"FPS-NB_Session-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|"
"CoreNet-GP-LSASS-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|xxxxx@xxxxxallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DNS-Out-UDP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|"
"CoreNet-GP-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|xxxxx@xxxxxallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-GP-NP-Out-TCP"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IPv6-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IPv6-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-Teredo-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-Teredo-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DHCP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-DHCP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IGMP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-IGMP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP4-DUFRAG-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|xxxxx@xxxxxallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LD-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LD-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR2-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR2-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LR-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LQ-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-LQ-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RS-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|xxxxx@xxxxxallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RS-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|xxxxx@xxxxxallAPI.dll,-26106|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RA-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|xxxxx@xxxxxallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-RA-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|xxxxx@xxxxxallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-NDA-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|xxxxx@xxxxxallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-NDA-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|xxxxx@xxxxxallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|xxxxx@xxxxxallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-NDS-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|xxxxx@xxxxxallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|xxxxx@xxxxxallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-PP-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|xxxxx@xxxxxallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|xxxxx@xxxxxallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-TE-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|xxxxx@xxxxxallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|xxxxx@xxxxxallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|"
"CoreNet-ICMP6-PTB-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|xxxxx@xxxxxallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-DU-In"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|xxxxx@xxxxxallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"NETDIS-WSDEVNT-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-LLMNR-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnP-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|Edge=FALSE|"
"SSTP-IN-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|xxxxx@xxxxxvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|Edge=FALSE|"
"SNMPTRAP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|Edge=FALSE|"
"SNMPTRAP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|Edge=FALSE|"
"Netlogon-NamedPipe-In"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|xxxxx@xxxxxgon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|Edge=FALSE|"
"MsiScsi-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"BITSSVC-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-28274|Desc=@FirewallAPI.dll,-28277|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-RPC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28270|Desc=@FirewallAPI.dll,-28273|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28266|Desc=@FirewallAPI.dll,-28269|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2178|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28262|Desc=@FirewallAPI.dll,-28265|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28258|Desc=@FirewallAPI.dll,-28261|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"BITSSVC-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=bits|xxxxx@xxxxxallAPI.dll,-28254|Desc=@FirewallAPI.dll,-28257|EmbedCtxt=@FirewallAPI.dll,-28252|Edge=FALSE|"
"RemoteAssistance-UPnP-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-In-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-Out-TCP-Active"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|"
"RemoteAssistance-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|"
"RemoteAssistance-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
"WINRM-HTTP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|"
"WINRM-HTTP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|Edge=FALSE|"
"RVM-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RRAS-PPTP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-PPTP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-L2TP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33757|Desc=@FirewallAPI.dll,-33760|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"RRAS-L2TP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33753|Desc=@FirewallAPI.dll,-33756|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"Collab-P2PHost-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"WMI-ASYNC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-ASYNC-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"WMI-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|"
"RemoteTask-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteTask-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|Edge=FALSE|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"PNRPMNRS-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|"
"PNRPMNRS-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|"
"WinCollab-P2P-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-P2P-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-DFSR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-DFSR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|"
"WPDMTP-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=upnphost|Name=Dispositivi mobili wireless (UPnPHost-Out)|xxxxx@xxxxxallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Universal Plug and Play (UPnP-Out)|xxxxx@xxxxxallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Dispositivi mobili wireless (UPnP-In)|xxxxx@xxxxxallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=Ssdpsrv|Name=Dispositivi mobili wireless (SSDP-Out)|xxxxx@xxxxxallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=Ssdpsrv|Name=Dispositivi mobili wireless (SSDP-In)|xxxxx@xxxxxallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\wudfhost.exe|Name=Dispositivi mobili wireless (TCP-Out)|xxxxx@xxxxxallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"WPDMTP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"MSDTC-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-KTMRM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"MSDTC-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|"
"WMPNSS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-PLASrv-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"{4E624B30-C340-4131-ABEE-EE43CCF368D1}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\wudfhost.exe|Name=Dispositivi mobili wireless (TCP-Out)|xxxxx@xxxxxallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"{913A0A55-1B80-4902-A4F8-68CC5C68FD7F}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=Ssdpsrv|Name=Dispositivi mobili wireless (SSDP-In)|xxxxx@xxxxxallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"{51DEA91A-EB6C-4343-A20B-92F102BA2470}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=Ssdpsrv|Name=Dispositivi mobili wireless (SSDP-Out)|xxxxx@xxxxxallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"{D02B64B8-E90A-43A8-93BA-4F7DE44D6C46}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Dispositivi mobili wireless (UPnP-In)|xxxxx@xxxxxallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"{81474FFC-9959-455B-BA31-103143656EA4}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Universal Plug and Play (UPnP-Out)|xxxxx@xxxxxallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"{9BDC4DFA-932D-435A-92D7-2C73849A54FA}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\windows\system32\svchost.exe|Svc=upnphost|Name=Dispositivi mobili wireless (UPnPHost-Out)|xxxxx@xxxxxallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|"
"TCP Query User{96579D55-F2DC-4CEB-AEC5-2CE143B9FE61}C:\program files\internet explorer\iexplore.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|"
"UDP Query User{FF8C32D1-B7C5-4C76-A9C2-4400FE2CEAEC}C:\program files\internet explorer\iexplore.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\internet explorer\iexplore.exe|Name=Internet Explorer|Desc=Internet Explorer|Edge=FALSE|"
"TCP Query User{C9FE2E97-F7C7-4BD8-B07B-D66685A2100C}C:\program files\ares\ares.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|Edge=FALSE|"
"UDP Query User{4A4899D6-BA45-49ED-A449-07A1CA52E2C6}C:\program files\ares\ares.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\ares\ares.exe|Name=Ares p2p for windows|Desc=Ares p2p for windows|Edge=FALSE|"
[SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"Eventlog-1"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|"
"Eventlog-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|"
"Eventlog-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|"
"DPS-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"DPS-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"WdiSystemHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"WdiSystemHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"DHCP-1"="V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|"
"DHCP-1-1"="V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|"
"DHCP-2"="V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|"
"DHCP-3"="V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|Desc=@%SystemRoot%\system32\dhcpcsvc.dll,-102|"
"DHCP-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|"
"DHCP-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcsvc.dll,-102|"
"dot3svc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"dot3svc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"Netman-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|"
"Netman-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|"
"HidServ-1"="V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|"
"HidServ-2"="V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|"
"WcsPlugInService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|xxxxx@xxxxx.dll,-160|"
"WcsPlugInService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|xxxxx@xxxxx.dll,-161|"
"BFE-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|"
"BFE-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|"
"PolicyAgent-1"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23300|Desc=@FirewallAPI.dll,-23301|"
"PolicyAgent-2"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23302|Desc=@FirewallAPI.dll,-23303|"
"PolicyAgent-3"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-5010|Desc=@FirewallAPI.dll,-5011|"
"PolicyAgent-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23304|"
"PolicyAgent-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23305|"
"Trkwks-1"="V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|"
"Trkwks-2"="V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|"
"AVEndpointBuilder-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|"
"LMHosts-1"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-2"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|xxxxx@xxxxxallAPI.dll,-23306|"
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|xxxxx@xxxxxallAPI,-23307|"
"WerSvc-1"="V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|"
"WerSvc-2"="V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|"
"Sysmain-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|"
"Sysmain-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|"
"SNMPTRAP-1"="V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-5|"
"SNMPTRAP-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-6|"
"SNMPTRAP-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-6|"
"clr_optimization_v2.0.50727_32-2"="V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|"
"clr_optimization_v2.0.50727_32-1"="V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|"
"UI0Detect-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"UI0Detect-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"uxsms-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|"
"uxsms-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|"
"IPBusEnum-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|"
"IPBusEnum-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|"
"PNRP Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"TabletInputService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|"
"Wlansvc-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"EMDMgmt-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service|"
"WindowsDefender-Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|"
"P2P Grouping Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"PNRP Block Out"="v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"TabletInputService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|"
"PcaSvc-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|xxxxx@xxxxxc.dll,-3|Desc=@pcasvc.dll,-5|"
"SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
"SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
"SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"
"PcaSvc-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|xxxxx@xxxxxc.dll,-4|Desc=@pcasvc.dll,-6|"
"SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
"P2P Ident Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"PNRP Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"Wlansvc-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"PNRP Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"EMDMgmt-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service|"
"WindowsDefender-In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|"
"P2P Grouping Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
"P2P Ident Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"P2P Grouping Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"P2P Grouping Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
"clr_optimization_v4.0.30319_32-1"="V4.0|Action=Block|Dir=In|App=C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|"
"clr_optimization_v4.0.30319_32-2"="V4.0|Action=Block|Dir=Out|App=C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"LegacyImpersonationLevel"=dword:00000002
"MachineAccessRestriction"=hex:01,00,04,80,74,00,00,00,84,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,78,00,00,00,88,00,00,00,00,00,00,00,\
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F}"="1"
"{835BEE60-8731-4159-8BFF-941301D76D05}"="1"
"{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368}"="1"
"{91BC037F-B58C-43cb-AD9C-1718ACA70E2F}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
"{9da0e0ea-86ce-11d1-8699-00c04fb98036}"="1"
"{CA6C8347-120F-4122-873F-F89138694AC8}"="1"
"{E8494122-79AD-11D2-909C-00A0C9AFE0AA}"="1"
"{A373F3DA-7A87-11D3-B1C1-00C04F68155C}"="1"
"{C7310557-AC80-11D1-8DF3-00C04FB6EF4F}"="1"
[Ole\Eventlog]
"SuppressDuplicateDuration"=dword:00015180
[Ole\Instrumentation]
"InstrumentationLogFileDir"="C:\Windows\system32\com"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\-----
[System]
"DisableRegistryTools"=dword:00000000
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"cval"=dword:00000001
[Security Center\Monitoring]
[Security Center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"VistaSp1"=hex(b):12,b7,da,3e,d9,5b,c8,01
"VistaSp2"=hex(b):f8,71,bb,ab,37,47,ca,01
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"RPSessionInterval"=dword:00000001
"RPLifeInterval"=dword:ffffffff
"RPGlobalInterval"=dword:00015180
"FirstRun"=dword:00000000
"LastIndex"=dword:00000141
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
[SystemRestore\cfg]
"DiskPercent"=dword:0000000f
[SystemRestore\Setup_Last]
"Generalize_DisableSR"=dword:00000000
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\Windows\System32\wmpdxm.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"="C:\Windows\system32\unregmp2.exe /ShowWMP"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\Windows\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"@="Personalizzazione browser"
"ComponentID"="BRANDING.CAB"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre6\bin\regutils.dll"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
"@="IEEX"
"ComponentID"="IEEX"
[Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"@="LightScribe Control Panel"
"StubPath"="\"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe\""
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\Windows\System32\wmpdxm.dll"
"@="Microsoft Windows Media Player 11.0"
[Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
"ComponentID"="M979906"
"@="Microsoft .NET Framework 1.1 Security Update (KB979906)"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
"ComponentID"="M2416447"
"@="Microsoft .NET Framework 1.1 Security Update (KB2416447)"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Windows Mail\WinMail.exe\" OCInstallUserConfigOE"
"@="Microsoft Windows Mail 7"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
[Installed Components\{5A604D2C-E968-429B-8327-62B5CE52126D}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"=expand:"%SystemRoot%\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @=expand:"%SystemRoot%\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=expand:"%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Address Book 7"
[Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4_SHELLID"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\Windows\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
===================== Advanced startup entries analysis =====================
HKLM\SOFTWARE\Microsoft\windows\currentversion\run
IgfxTray = C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe -- 22/05/2008 17:13:32 -- 22/05/2008 17:13:32 -- 141848
MD5: 14388bd12614381f4a0075dcf0493cca SHA1: 58962d54a0885124bc8abc893b10804d19221462
[1] .text [2] .rdata [3] .data [4] .rsrc
Persistence = C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe -- 22/05/2008 17:13:24 -- 22/05/2008 17:13:24 -- 133656
MD5: 57c8536018a3eb58b4be66fade1b289e SHA1: 6eed6557f8506fcb67489d67906c09e3f185238b
[1] .text [2] .rdata [3] .data [4] .rsrc
IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe -- 25/06/2008 13:06:01 -- 18/04/2008 14:53:58 -- 178712
MD5: 66b24e2eb8f8a8340f238a346f231c79 SHA1: 7f32166029069ec9d558a8c686166e3546390ec4
[1] .text [2] .rdata [3] .data [4] .rsrc
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe -hide NOT FOUND
HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
HKCU\SOFTWARE\Microsoft\windows\currentversion\run
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -- 08/11/2010 10:52:47 -- 19/11/2010 12:52:36 -- 160328
MD5: b01ffcf11904ab1da0c06972ef02d25f SHA1: c40b43699c306387c0b43ea6b13f9a0d5948f302
[1] .text [2] .rdata [3] .data [4] .rsrc [5] .reloc
SearchEngineProtection = C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe -- 29/12/2010 11:44:10 -- 29/12/2010 11:44:10 -- 591248
MD5: 6e28267b22a97526b01bfd9d76b0895c SHA1: 99b36e66e15e2fb6e959b0ce4fd1c594defea487
[1] .text [2] .rdata [3] .data [4] .rsrc
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun NOT FOUND
HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
===================== AUTOPLAY SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)
-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~
### C:\SwSetup\Btooth\Autorun.inf
open=setup.exe
label=BTW
### C:\SwSetup\Drivers\Global\INTELMSM\autorun.inf
open=setup.exe
### C:\SwSetup\Drivers\Global\Vid2\autorun.inf
open=setup.exe
### C:\SwSetup\DVD8SE\autorun.inf
OPEN=SETUP.EXE
### C:\SwSetup\Roxio\autorun.inf
open=Setup.exe
### C:\SwSetup\Roxio\EMC_HP_101\Autorun.inf
Open=Setup.EXE
===================== SCHEDULED JOBS =====================
jobs found in C:\windows:
26/02/2009 18.26.19 334 byte 721 days old -- C:\windows\tasks\HPCeeScheduleFormaurizio.job
16/02/2011 18.30.58 32574 byte 1 days old -- C:\windows\tasks\SCHEDLGU.TXT
17/02/2011 11.03.14 424 byte 0 days old -- C:\windows\tasks\User_Feed_Synchronization-{71E00D56-52B8-4B72-803B-EECD38164F19}.job
17/02/2011 11.22.52 6 byte 0 days old -- C:\windows\tasks\SA.DAT
17/02/2011 11.22.55 886 byte 0 days old -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
17/02/2011 12.57.02 890 byte 0 days old -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
17/02/2011 13.00.05 520 byte 0 days old -- C:\windows\tasks\Manutenzione in 1 clic.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
===================== LIST OF ALL SERVICES & DRIVERS =====================
-----HKLM\system\currentcontrolset\services-----
000) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\acpi.sys
---> TYPE = KERNEL_DRIVER
001) "ADIHdAudAddService" - ADI UAA Function Driver for High Definition Audio Service
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ADIHdAud.sys
---> TYPE = KERNEL_DRIVER
002) "adp94xx"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\adp94xx.sys
---> TYPE = KERNEL_DRIVER
003) "adpahci"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\adpahci.sys
---> TYPE = KERNEL_DRIVER
004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\adpu160m.sys
---> TYPE = KERNEL_DRIVER
005) "adpu320"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\adpu320.sys
---> TYPE = KERNEL_DRIVER
006) "AFD" - Ancilliary Function Driver for Winsock
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER
007) "AgereSoftModem" - Agere Systems Soft Modem
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\AGRSM.sys
---> TYPE = KERNEL_DRIVER
008) "agp440" - Intel AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\agp440.sys
---> TYPE = KERNEL_DRIVER
009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\djsvs.sys
---> TYPE = KERNEL_DRIVER
010) "aliide"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\aliide.sys
---> TYPE = KERNEL_DRIVER
011) "amdagp" - AMD AGP Bus Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\amdagp.sys
---> TYPE = KERNEL_DRIVER
012) "amdide"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\amdide.sys
---> TYPE = KERNEL_DRIVER
013) "AmdK7" - AMD K7 Processor Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\amdk7.sys
---> TYPE = KERNEL_DRIVER
014) "AmdK8" - AMD K8 Processor Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\amdk8.sys
---> TYPE = KERNEL_DRIVER
015) "arc"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\arc.sys
---> TYPE = KERNEL_DRIVER
016) "arcsas"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\arcsas.sys
---> TYPE = KERNEL_DRIVER
017) "aswFsBlk" - aswFsBlk
---> STAT = (RUNNING) Started automatically
---> TYPE = FILE_SYSTEM_DRIVER
018) "aswMonFlt" - aswMonFlt
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\drivers\aswMonFlt.sys
---> TYPE = FILE_SYSTEM_DRIVER
019) "aswRdr" - aswRdr
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
020) "aswSP" - aswSP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
021) "aswTdi" - avast! Network Shield Support
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
022) "AsyncMac" - @C:\windows\system32\rascfg.dll,-32000
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER
023) "atapi" - Canale IDE
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\atapi.sys
---> TYPE = KERNEL_DRIVER
024) "b57nd60x" - Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\b57nd60x.sys
---> TYPE = KERNEL_DRIVER
025) "BCM43XX" - Driver della scheda di rete Broadcom 802.11
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bcmwl6.sys
---> TYPE = KERNEL_DRIVER
026) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
027) "blbdrive"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\blbdrive.sys
---> TYPE = KERNEL_DRIVER
028) "bowser" - Bowser
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bowser.sys
---> TYPE = FILE_SYSTEM_DRIVER
029) "BrFiltLo" - Brother USB Mass-Storage Lower Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\brfiltlo.sys
---> TYPE = KERNEL_DRIVER
030) "BrFiltUp" - Brother USB Mass-Storage Upper Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\brfiltup.sys
---> TYPE = KERNEL_DRIVER
031) "Brserid" - Brother MFC Serial Port Interface Driver (WDM)
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\brserid.sys
---> TYPE = KERNEL_DRIVER
032) "BrSerWdm" - Brother WDM Serial driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\brserwdm.sys
---> TYPE = KERNEL_DRIVER
033) "BrUsbMdm" - Brother MFC USB Fax Only Modem
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\brusbmdm.sys
---> TYPE = KERNEL_DRIVER
034) "BrUsbSer" - Brother MFC USB Serial WDM Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\brusbser.sys
---> TYPE = KERNEL_DRIVER
035) "BthEnum" - Servizio enumeratore Bluetooth
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\BthEnum.sys
---> TYPE = KERNEL_DRIVER
036) "BTHMODEM" - Driver di comunicazione modem Bluetooth
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bthmodem.sys
---> TYPE = KERNEL_DRIVER
037) "BthPan" - Dispositivo Bluetooth (Personal Area Network)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bthpan.sys
---> TYPE = KERNEL_DRIVER
038) "BTHPORT" - Driver della porta Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\BTHport.sys
---> TYPE = KERNEL_DRIVER
039) "BTHUSB" - Driver USB radio Bluetooth
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\BTHUSB.sys
---> TYPE = KERNEL_DRIVER
040) "btwaudio" - Periferica audio Bluetooth
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\btwaudio.sys
---> TYPE = KERNEL_DRIVER
041) "btwavdt" - Bluetooth AVDT
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\btwavdt.sys
---> TYPE = KERNEL_DRIVER
042) "btwl2cap" - Bluetooth L2CAP Service
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\btwl2cap.sys
---> TYPE = KERNEL_DRIVER
043) "btwrchid"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\btwrchid.sys
---> TYPE = KERNEL_DRIVER
044) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Users\maurizio\AppData\Local\Temp\catchme.sys
---> TYPE = KERNEL_DRIVER
045) "cdfs" - CD/DVD File System Reader
---> STAT = (RUNNING) Disabled
---> FILE = system32\DRIVERS\cdfs.sys
---> TYPE = FILE_SYSTEM_DRIVER
046) "cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER
047) "circlass" - Consumer IR Devices
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\circlass.sys
---> TYPE = KERNEL_DRIVER
048) "CLFS" - Common Log (CLFS)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\CLFS.sys
---> TYPE = KERNEL_DRIVER
049) "CmBatt" - Microsoft ACPI Control Method Battery Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\CmBatt.sys
---> TYPE = KERNEL_DRIVER
050) "cmdide"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\cmdide.sys
---> TYPE = KERNEL_DRIVER
051) "Compbatt" - Driver della batteria composita Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\compbatt.sys
---> TYPE = KERNEL_DRIVER
052) "crcdisk" - Crcdisk Filter Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\crcdisk.sys
---> TYPE = KERNEL_DRIVER
053) "Crusoe" - Transmeta Crusoe Processor Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\crusoe.sys
---> TYPE = KERNEL_DRIVER
054) "DAMDrv" - DAMDrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\DAMDrv.sys
---> TYPE = KERNEL_DRIVER
055) "DfsC" - @C:\windows\system32\drivers\dfsc.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\Drivers\dfsc.sys
---> TYPE = FILE_SYSTEM_DRIVER
056) "disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\disk.sys
---> TYPE = KERNEL_DRIVER
057) "drmkaud" - Decodificatore audio DRM del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER
058) "DXGKrnl" - LDDM Graphics Subsystem
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\drivers\dxgkrnl.sys
---> TYPE = KERNEL_DRIVER
059) "e1express" - Intel(R) PRO/1000 PCI Express Network Connection Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\e1e6032.sys
---> TYPE = KERNEL_DRIVER
060) "E1G60" - Intel(R) PRO/1000 NDIS 6 Adapter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\E1G60I32.sys
---> TYPE = KERNEL_DRIVER
061) "Ecache" - ReadyBoost Caching Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\ecache.sys
---> TYPE = KERNEL_DRIVER
062) "elxstor"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\elxstor.sys
---> TYPE = KERNEL_DRIVER
063) "ErrDev" - Microsoft Hardware Error Device Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\errdev.sys
---> TYPE = KERNEL_DRIVER
064) "exfat" - exFAT File System Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER
065) "fastfat" - FAT12/16/32 File System Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER
066) "fdc" - Floppy Disk Controller Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER
067) "FileInfo" - File Information FS MiniFilter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fileinfo.sys
---> TYPE = FILE_SYSTEM_DRIVER
068) "Filetrace" - FileTrace
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\filetrace.sys
---> TYPE = FILE_SYSTEM_DRIVER
069) "flpydisk" - Floppy Disk Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER
070) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER
071) "gagp30kx" - Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\gagp30kx.sys
---> TYPE = KERNEL_DRIVER
072) "HBtnKey"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\cpqbttn.sys
---> TYPE = KERNEL_DRIVER
073) "HdAudAddService" - Microsoft 1.1 UAA Function Driver for High Definition Audio Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\HdAudio.sys
---> TYPE = KERNEL_DRIVER
074) "HDAudBus" - Driver bus Microsoft UAA per High Definition Audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HDAudBus.sys
---> TYPE = KERNEL_DRIVER
075) "HidBth" - Microsoft Bluetooth HID Miniport
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\hidbth.sys
---> TYPE = KERNEL_DRIVER
076) "HidIr" - Microsoft Infrared HID Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\hidir.sys
---> TYPE = KERNEL_DRIVER
077) "HidUsb" - Driver di classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER
078) "HpCISSs"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\hpcisss.sys
---> TYPE = KERNEL_DRIVER
079) "HpqKbFiltr" - HpqKbFilter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\HpqKbFiltr.sys
---> TYPE = KERNEL_DRIVER
080) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER
081) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\i2omp.sys
---> TYPE = KERNEL_DRIVER
082) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER
083) "iaStor" - Intel AHCI Controller
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\iastor.sys
---> TYPE = KERNEL_DRIVER
084) "iaStorV" - Intel RAID Controller Vista
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\iastorv.sys
---> TYPE = KERNEL_DRIVER
085) "igfx"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\igdkmd32.sys
---> TYPE = KERNEL_DRIVER
086) "iirsp"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\iirsp.sys
---> TYPE = KERNEL_DRIVER
087) "intelide"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\intelide.sys
---> TYPE = KERNEL_DRIVER
088) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER
089) "IpFilterDriver" - @C:\windows\system32\rascfg.dll,-32013
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER
090) "IpInIp" - IP in IP Tunnel Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER
091) "IPMIDRV"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ipmidrv.sys
---> TYPE = KERNEL_DRIVER
092) "IPNAT" - IP Network Address Translator
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER
093) "IRENUM" - IR Bus Enumerator
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\irenum.sys
---> TYPE = KERNEL_DRIVER
094) "isapnp" - PnP ISA/EISA Bus Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\isapnp.sys
---> TYPE = KERNEL_DRIVER
095) "iScsiPrt" - Driver porta iSCSI
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msiscsi.sys
---> TYPE = KERNEL_DRIVER
096) "iteatapi" - ITEATAPI_Service_Install
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\iteatapi.sys
---> TYPE = KERNEL_DRIVER
097) "iteraid" - ITERAID_Service_Install
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\iteraid.sys
---> TYPE = KERNEL_DRIVER
098) "kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER
099) "kbdhid" - Driver di tastiera HID
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER
100) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\ksecdd.sys
---> TYPE = KERNEL_DRIVER
101) "lltdio" - Link-Layer Topology Discovery Mapper I/O Driver
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\lltdio.sys
---> TYPE = KERNEL_DRIVER
102) "LSI_FC"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\lsi_fc.sys
---> TYPE = KERNEL_DRIVER
103) "LSI_SAS"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\lsi_sas.sys
---> TYPE = KERNEL_DRIVER
104) "LSI_SCSI"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\lsi_scsi.sys
---> TYPE = KERNEL_DRIVER
105) "luafv" - UAC File Virtualization
---> STAT = (RUNNING) Started automatically
---> FILE = \SystemRoot\system32\drivers\luafv.sys
---> TYPE = FILE_SYSTEM_DRIVER
106) "megasas"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\megasas.sys
---> TYPE = KERNEL_DRIVER
107) "MegaSR"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\megasr.sys
---> TYPE = KERNEL_DRIVER
108) "Modem"
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\modem.sys
---> TYPE = KERNEL_DRIVER
109) "monitor" - Servizio driver funzioni di classe monitor Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\monitor.sys
---> TYPE = KERNEL_DRIVER
110) "mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER
111) "mouhid" - Driver di mouse HID
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mouhid.sys
---> TYPE = KERNEL_DRIVER
112) "MountMgr" - Mount Point Manager
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\mountmgr.sys
---> TYPE = KERNEL_DRIVER
113) "mpio" - Microsoft Multi-Path Bus Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\mpio.sys
---> TYPE = KERNEL_DRIVER
114) "mpsdrv" - @C:\windows\system32\FirewallAPI.dll,-23092
---> STAT = (RUNNING) Started manually
---> FILE = System32\drivers\mpsdrv.sys
---> TYPE = KERNEL_DRIVER
115) "Mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\mraid35x.sys
---> TYPE = KERNEL_DRIVER
116) "MRxDAV" - WebDav Client Redirector Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER
117) "mrxsmb" - SMB MiniRedirector Wrapper and Engine
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER
118) "mrxsmb10" - SMB 1.x MiniRedirector
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb10.sys
---> TYPE = FILE_SYSTEM_DRIVER
119) "mrxsmb20" - SMB 2.0 MiniRedirector
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb20.sys
---> TYPE = FILE_SYSTEM_DRIVER
120) "msahci"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\msahci.sys
---> TYPE = KERNEL_DRIVER
121) "msdsm" - Microsoft Multi-Path Device Specific Module
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\msdsm.sys
---> TYPE = KERNEL_DRIVER
122) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
123) "msisadrv" - Driver classe ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\msisadrv.sys
---> TYPE = KERNEL_DRIVER
124) "MSKSSRV" - Microsoft Streaming Service Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER
125) "MSPCLOCK" - Microsoft Streaming Clock Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER
126) "MSPQM" - Microsoft Streaming Quality Manager Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER
127) "MsRPC"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
128) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER
129) "MSTEE" - Microsoft Streaming Tee/Sink-to-Sink Converter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER
130) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\mup.sys
---> TYPE = FILE_SYSTEM_DRIVER
131) "NativeWifiP" - Filtro NativeWiFi
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\nwifi.sys
---> TYPE = KERNEL_DRIVER
132) "NDIS" - NDIS System Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\ndis.sys
---> TYPE = KERNEL_DRIVER
133) "NdisTapi" - @C:\windows\system32\rascfg.dll,-32001
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER
134) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER
135) "NdisWan" - @C:\windows\system32\rascfg.dll,-32002
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER
136) "NDProxy" - multi:NDIS Proxy\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
137) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER
138) "netbt" - NETBT
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER
139) "nfrd960"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\nfrd960.sys
---> TYPE = KERNEL_DRIVER
140) "Nokia USB Generic" - Nokia USB Generic
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdc.sys
---> TYPE = KERNEL_DRIVER
141) "Nokia USB Modem" - Nokia USB Modem
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdcm.sys
---> TYPE = KERNEL_DRIVER
142) "Nokia USB Phone Parent" - Nokia USB Phone Parent
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcd.sys
---> TYPE = KERNEL_DRIVER
143) "Nokia USB Port" - Nokia USB Port
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\nmwcdcj.sys
---> TYPE = KERNEL_DRIVER
144) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
145) "nsiproxy" - NSI proxy service
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\nsiproxy.sys
---> TYPE = KERNEL_DRIVER
146) "Ntfs"
---> STAT = (RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER
147) "ntrigdigi" - N-trig HID Tablet Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ntrigdigi.sys
---> TYPE = KERNEL_DRIVER
148) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
149) "nvraid" - NVIDIA nForce RAID Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\nvraid.sys
---> TYPE = KERNEL_DRIVER
150) "nvstor"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\nvstor.sys
---> TYPE = KERNEL_DRIVER
151) "nv_agp" - NVIDIA nForce AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\nv_agp.sys
---> TYPE = KERNEL_DRIVER
152) "NwlnkFlt" - IPX Traffic Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER
153) "NwlnkFwd" - IPX Traffic Forwarder Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER
154) "ohci1394" - RICOH OHCI Compliant IEEE 1394 Host Controller
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\ohci1394.sys
---> TYPE = KERNEL_DRIVER
155) "Parport" - Parallel port driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER
156) "partmgr" - Partition Manager
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\partmgr.sys
---> TYPE = KERNEL_DRIVER
157) "Parvdm"
---> STAT = (NOT RUNNING) Started automatically
---> FILE = system32\DRIVERS\parvdm.sys
---> TYPE = KERNEL_DRIVER
158) "pci" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\pci.sys
---> TYPE = KERNEL_DRIVER
159) "pciide"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER
160) "pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\DRIVERS\pcmcia.sys
---> TYPE = KERNEL_DRIVER
161) "PEAUTH" - PEAUTH
---> STAT = (RUNNING) Started automatically
---> FILE = system32\drivers\peauth.sys
---> TYPE = KERNEL_DRIVER
162) "PptpMiniport" - @C:\windows\system32\rascfg.dll,-32006
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER
163) "Processor" - Processor Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\processr.sys
---> TYPE = KERNEL_DRIVER
164) "PSched" - @C:\windows\System32\drivers\pacer.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\pacer.sys
---> TYPE = KERNEL_DRIVER
165) "PxHelp20" - PxHelp20
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\PxHelp20.sys
---> TYPE = KERNEL_DRIVER
166) "ql2300" - QLogic Fibre Channel Miniport Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ql2300.sys
---> TYPE = KERNEL_DRIVER
167) "ql40xx" - QLogic iSCSI Miniport Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ql40xx.sys
---> TYPE = KERNEL_DRIVER
168) "QWAVEdrv" - @C:\windows\system32\drivers\qwavedrv.sys,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\qwavedrv.sys
---> TYPE = KERNEL_DRIVER
169) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER
170) "Rasl2tp" - @C:\windows\system32\rascfg.dll,-32005
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER
171) "RasPppoe" - @C:\windows\system32\rascfg.dll,-32007
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER
172) "RasSstp" - @C:\windows\system32\sstpsvc.dll,-202
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rassstp.sys
---> TYPE = KERNEL_DRIVER
173) "rdbss" - Redirected Buffering Sub Sysytem
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER
174) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER
175) "rdpdr" - Terminal Server Device Redirector Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\rdpdr.sys
---> TYPE = KERNEL_DRIVER
176) "RDPENCDD" - RDP Encoder Mirror Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\rdpencdd.sys
---> TYPE = KERNEL_DRIVER
177) "RDPWD" - RDP Winstation Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
178) "RFCOMM" - Dispositivo Bluetooth (RFCOMM protocollo TDI)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rfcomm.sys
---> TYPE = KERNEL_DRIVER
179) "rspndr" - Link-Layer Topology Discovery Responder
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\rspndr.sys
---> TYPE = KERNEL_DRIVER
180) "sbp2port" - SBP-2 Transport/Protocol Bus Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sbp2port.sys
---> TYPE = KERNEL_DRIVER
181) "secdrv" - Security Driver
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER
182) "Serenum" - Serenum Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\serenum.sys
---> TYPE = KERNEL_DRIVER
183) "Serial" - Serial Port Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\serial.sys
---> TYPE = KERNEL_DRIVER
184) "sermouse" - Serial Mouse Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sermouse.sys
---> TYPE = KERNEL_DRIVER
185) "sffdisk" - SFF Storage Class Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sffdisk.sys
---> TYPE = KERNEL_DRIVER
186) "sffp_mmc" - SFF Storage Protocol Driver for MMC
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\sffp_mmc.sys
---> TYPE = KERNEL_DRIVER
187) "sffp_sd" - SFF Storage Protocol Driver for SDBus
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\sffp_sd.sys
---> TYPE = KERNEL_DRIVER
188) "sfloppy" - High-Capacity Floppy Disk Drive
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sfloppy.sys
---> TYPE = KERNEL_DRIVER
189) "sisagp" - SIS AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\sisagp.sys
---> TYPE = KERNEL_DRIVER
190) "SiSRaid2"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sisraid2.sys
---> TYPE = KERNEL_DRIVER
191) "SiSRaid4"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sisraid4.sys
---> TYPE = KERNEL_DRIVER
192) "Smb" - @C:\windows\system32\tcpipcfg.dll,-50005
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\smb.sys
---> TYPE = KERNEL_DRIVER
193) "spldr" - Security Processor Loader Driver
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
194) "srv"
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER
195) "srv2" - srv2
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv2.sys
---> TYPE = FILE_SYSTEM_DRIVER
196) "srvnet"
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srvnet.sys
---> TYPE = FILE_SYSTEM_DRIVER
197) "StarOpen"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER
198) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER
199) "Symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\symc8xx.sys
---> TYPE = KERNEL_DRIVER
200) "Sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sym_hi.sys
---> TYPE = KERNEL_DRIVER
201) "Sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\sym_u3.sys
---> TYPE = KERNEL_DRIVER
202) "SynTP" - Synaptics TouchPad Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\SynTP.sys
---> TYPE = KERNEL_DRIVER
203) "Tcpip" - @C:\windows\system32\tcpipcfg.dll,-50003
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\tcpip.sys
---> TYPE = KERNEL_DRIVER
204) "Tcpip6" - Microsoft IPv6 Protocol Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER
205) "tcpipreg" - TCP/IP Registry Compatibility
---> STAT = (RUNNING) Started automatically
---> FILE = System32\drivers\tcpipreg.sys
---> TYPE = KERNEL_DRIVER
206) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\tdpipe.sys
---> TYPE = KERNEL_DRIVER
207) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\tdtcp.sys
---> TYPE = KERNEL_DRIVER
208) "tdx" - @C:\windows\system32\tcpipcfg.dll,-50004
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tdx.sys
---> TYPE = KERNEL_DRIVER
209) "TermDD" - Driver di dispositivo terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER
210) "TPM" - TPM
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\tpm.sys
---> TYPE = KERNEL_DRIVER
211) "tssecsrv" - Terminal Services Security Filter Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\tssecsrv.sys
---> TYPE = KERNEL_DRIVER
212) "tunmp" - Driver scheda Microsoft Tun Miniport
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tunmp.sys
---> TYPE = KERNEL_DRIVER
213) "tunnel" - Driver scheda Microsoft IPv6 Tunnel Miniport
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tunnel.sys
---> TYPE = KERNEL_DRIVER
214) "uagp35" - Microsoft AGPv3.5 Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\uagp35.sys
---> TYPE = KERNEL_DRIVER
215) "udfs" - udfs
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\udfs.sys
---> TYPE = FILE_SYSTEM_DRIVER
216) "uliagpkx" - Uli AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\uliagpkx.sys
---> TYPE = KERNEL_DRIVER
217) "uliahci"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\uliahci.sys
---> TYPE = KERNEL_DRIVER
218) "UlSata"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ulsata.sys
---> TYPE = KERNEL_DRIVER
219) "ulsata2"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ulsata2.sys
---> TYPE = KERNEL_DRIVER
220) "umbus" - Driver enumeratore UMBus
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\umbus.sys
---> TYPE = KERNEL_DRIVER
221) "usbbus" - LGE Mobile Composite USB Device
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\lgusbbus.sys
---> TYPE = KERNEL_DRIVER
222) "usbccgp" - Driver principale generico USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER
223) "usbcir" - eHome Infrared Receiver (USBCIR)
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\usbcir.sys
---> TYPE = KERNEL_DRIVER
224) "UsbDiag" - LGE Mobile USB Serial Port
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\lgusbdiag.sys
---> TYPE = KERNEL_DRIVER
225) "usbehci" - Driver Miniport Controller Enhanced Host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER
226) "usbhub" - Hub abilitato USB2
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER
227) "USBModem" - LGE Mobile USB Modem
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\lgusbmodem.sys
---> TYPE = KERNEL_DRIVER
228) "usbohci" - Microsoft USB Open Host Controller Miniport Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\usbohci.sys
---> TYPE = KERNEL_DRIVER
229) "usbprint" - Classe stampanti USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER
230) "usbscan" - Driver scanner USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER
231) "USBSTOR" - Driver archiviazione di massa USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER
232) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER
233) "vga"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\vgapnp.sys
---> TYPE = KERNEL_DRIVER
234) "VgaSave"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER
235) "viaagp" - VIA AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\viaagp.sys
---> TYPE = KERNEL_DRIVER
236) "ViaC7" - VIA C7 Processor Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\viac7.sys
---> TYPE = KERNEL_DRIVER
237) "viaide"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\viaide.sys
---> TYPE = KERNEL_DRIVER
238) "volmgr" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\volmgr.sys
---> TYPE = KERNEL_DRIVER
239) "volmgrx" - Dynamic Volume Manager
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\volmgrx.sys
---> TYPE = KERNEL_DRIVER
240) "volsnap" - Volumi di archiviazione
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\volsnap.sys
---> TYPE = KERNEL_DRIVER
241) "vsmraid"
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\vsmraid.sys
---> TYPE = KERNEL_DRIVER
242) "WacomPen" - Wacom Serial Pen HID Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\wacompen.sys
---> TYPE = KERNEL_DRIVER
243) "Wanarp" - Remote Access IP ARP Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER
244) "Wanarpv6" - Remote Access IPv6 ARP Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER
245) "Wd" - Microsoft Watchdog Timer Driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\wd.sys
---> TYPE = KERNEL_DRIVER
246) "Wdf01000" - Kernel Mode Driver Frameworks service
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\Wdf01000.sys
---> TYPE = KERNEL_DRIVER
247) "WmiAcpi" - Microsoft Windows Management Interface for ACPI
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wmiacpi.sys
---> TYPE = KERNEL_DRIVER
248) "ws2ifsl" - Winsock IFS driver
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ws2ifsl.sys
---> TYPE = KERNEL_DRIVER
249) "WUDFRd"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\WUDFRd.sys
---> TYPE = KERNEL_DRIVER
-----HKLM\system\currentcontrolset\services-----
000) "AEADIFilters" - Andrea ADI Filters Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\AEADISRV.EXE
---> TYPE = OWN_SERVICE
001) "AeLookupSvc" - @C:\windows\system32\aelupsvc.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
002) "AgereModemAudio" - Agere Modem Call Progress Audio
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\agrsmsvc.exe
---> TYPE = OWN_SERVICE
003) "ALG" - @C:\windows\system32\Alg.exe,-112
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\alg.exe
---> TYPE = OWN_SERVICE
004) "Appinfo" - @C:\windows\system32\appinfo.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
005) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE
006) "AudioEndpointBuilder" - @C:\windows\system32\audiosrv.dll,-204
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
007) "Audiosrv" - @C:\windows\system32\audiosrv.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
008) "avast! Antivirus" - avast! Antivirus
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Alwil Software\Avast5\AvastSvc.exe\
---> TYPE = SHARE_SERVICE
009) "BFE" - @C:\windows\system32\bfe.dll,-1001
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE
010) "BITS" - @C:\windows\system32\qmgr.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
011) "Browser" - @C:\windows\system32\browser.dll,-100
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
012) "BthServ" - @C:\windows\System32\bthserv.dll,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k bthsvcs
---> TYPE = SHARE_SERVICE
013) "CertPropSvc" - @C:\windows\System32\certprop.dll,-11
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
014) "clr_optimization_v2.0.50727_32" - Microsoft .NET Framework NGEN v2.0.50727_X86
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE
015) "clr_optimization_v4.0.30319_32" - Microsoft .NET Framework NGEN v4.0.30319_X86
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
---> TYPE = OWN_SERVICE
016) "Com4Qlb" - Com4Qlb
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe\
---> TYPE = OWN_SERVICE
017) "COMSysApp" - @comres.dll,-947
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE
018) "CryptSvc" - @C:\windows\system32\cryptsvc.dll,-1001
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
019) "DcomLaunch" - @oleres.dll,-5012
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k DcomLaunch
---> TYPE = SHARE_SERVICE
020) "DFSR" - @dfsrres.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\DFSR.exe
---> TYPE = OWN_SERVICE
021) "Dhcp" - @C:\windows\system32\dhcpcsvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
022) "Dnscache" - @C:\windows\System32\dnsapi.dll,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
023) "dot3svc" - @C:\windows\system32\dot3svc.dll,-1102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
024) "DPS" - @C:\windows\system32\dps.dll,-500
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE
025) "EapHost" - @C:\windows\system32\eapsvc.dll,-1
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
026) "EMDMgmt" - @C:\windows\system32\emdmgmt.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
027) "Eventlog" - @C:\windows\system32\wevtsvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
028) "EventSystem" - @comres.dll,-2450
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
029) "fdPHost" - @C:\windows\system32\fdPHost.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
030) "FDResPub" - @C:\windows\system32\fdrespub.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
031) "FLCDLOCK" - HP ProtectTools Device Locking / Auditing
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\flcdlock.exe
---> TYPE = OWN_SERVICE
032) "FontCache" - @C:\windows\system32\FntCache.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE
033) "FontCache3.0.0.0" - @C:\windows\system32\PresentationHost.exe,-3309
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE
034) "gpsvc" - @gpapi.dll,-112
---> STAT = (RUNNING) Started automatically
---> FILE = %windir%\system32\svchost.exe -k GPSvcGroup
---> TYPE = OWN_SERVICE
035) "gupdate" - Google Update Service (gupdate)
---> STAT = (NOT RUNNING) Started automatically
---> FILE = \C:\Program Files\Google\Update\GoogleUpdate.exe\ /svc
---> TYPE = OWN_SERVICE
036) "gusvc" - Google Software Updater
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\
---> TYPE = OWN_SERVICE
037) "hidserv" - @C:\windows\System32\hidserv.dll,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
038) "hkmsvc" - @C:\windows\system32\kmsvc.dll,-6
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
039) "HP Health Check Service" - HP Health Check Service
---> STAT = (RUNNING) Started automatically
---> FILE = \c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe\
---> TYPE = OWN_SERVICE
040) "hpqwmiex" - hpqwmiex
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe\
---> TYPE = OWN_SERVICE
041) "IAANTMON" - Intel(R) Matrix Storage Event Monitor
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---> TYPE = OWN_SERVICE
042) "IDriverT" - InstallDriver Table Manager
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\
---> TYPE = OWN_SERVICE
043) "idsvc" - @C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE
044) "IKEEXT" - @C:\windows\system32\ikeext.dll,-501
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
045) "IPBusEnum" - @C:\windows\system32\IPBusEnum.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
046) "iphlpsvc" - @C:\windows\system32\iphlpsvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k NetSvcs
---> TYPE = SHARE_SERVICE
047) "IviRegMgr" - IviRegMgr
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
---> TYPE = OWN_SERVICE
048) "KeyIso" - @keyiso.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE
049) "KtmRm" - @comres.dll,-2946
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
050) "LanmanServer" - @C:\windows\system32\srvsvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
051) "LanmanWorkstation" - @C:\windows\system32\wkssvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
052) "LightScribeService" - LightScribeService Direct Disc Labeling Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Common Files\LightScribe\LSSrvc.exe\
---> TYPE = OWN_SERVICE
053) "lltdsvc" - @C:\windows\system32\lltdres.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
054) "lmhosts" - @C:\windows\system32\lmhsvc.dll,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
055) "MMCSS" - @C:\windows\system32\mmcss.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
056) "MpsSvc" - @C:\windows\system32\FirewallAPI.dll,-23090
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE
057) "MSDTC" - @comres.dll,-2797
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\msdtc.exe
---> TYPE = OWN_SERVICE
058) "MSiSCSI" - @C:\windows\system32\iscsidsc.dll,-5000
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
059) "msiserver" - @C:\windows\system32\msimsg.dll,-27
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\msiexec /V
---> TYPE = OWN_SERVICE
060) "napagent" - @C:\windows\system32\qagentrt.dll,-6
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
061) "Net Driver HPZ12"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k HPZ12
---> TYPE = OWN_SERVICE
062) "Netlogon" - @C:\windows\System32\netlogon.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE
063) "Netman" - @C:\windows\system32\netman.dll,-109
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
064) "netprofm" - @C:\windows\system32\netprof.dll,-246
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
065) "NetTcpPortSharing" - @C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE
066) "NlaSvc" - @C:\windows\System32\nlasvc.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
067) "NMSAccessU" - NMSAccessU
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\CDBurnerXP\NMSAccessU.exe
---> TYPE = OWN_SERVICE
068) "nsi" - @C:\windows\system32\nsisvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
069) "p2pimsvc" - @C:\windows\system32\p2psvc.dll,-8004
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
070) "p2psvc" - @C:\windows\system32\p2psvc.dll,-8006
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
071) "PcaSvc" - @C:\windows\system32\pcasvc.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
072) "pdfcDispatcher" - PDF Document Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
---> TYPE = OWN_SERVICE
073) "pla" - @C:\windows\system32\pla.dll,-500
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE
074) "PlugPlay" - @C:\windows\system32\umpnpmgr.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k DcomLaunch
---> TYPE = SHARE_SERVICE
075) "Pml Driver HPZ12"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k HPZ12
---> TYPE = OWN_SERVICE
076) "PNRPAutoReg" - @C:\windows\system32\p2psvc.dll,-8002
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
077) "PNRPsvc" - @C:\windows\system32\p2psvc.dll,-8000
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
078) "PolicyAgent" - @C:\windows\System32\polstore.dll,-5010
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
079) "ProfSvc" - @C:\windows\system32\profsvc.dll,-300
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
080) "ProtectedStorage" - @C:\windows\system32\psbase.dll,-300
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE
081) "QWAVE" - @C:\windows\system32\qwave.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = %windir%\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
082) "RasAuto" - @%Systemroot%\system32\rasauto.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
083) "RasMan" - @%Systemroot%\system32\rasmans.dll,-200
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
084) "RemoteAccess" - @%Systemroot%\system32\mprdim.dll,-200
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
085) "RemoteRegistry" - @regsvc.dll,-1
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\windows\system32\svchost.exe -k regsvc
---> TYPE = SHARE_SERVICE
086) "RpcLocator" - @C:\windows\system32\Locator.exe,-2
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\locator.exe
---> TYPE = OWN_SERVICE
087) "rpcnet" - Remote Procedure Call (RPC) Net
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\rpcnet.exe
---> TYPE = OWN_SERVICE
088) "RpcSs" - @oleres.dll,-5010
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k rpcss
---> TYPE = SHARE_SERVICE
089) "SamSs" - @C:\windows\system32\samsrv.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE
090) "SCardSvr" - @C:\windows\System32\SCardSvr.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
091) "Schedule" - @C:\windows\system32\schedsvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
092) "SCPolicySvc" - @C:\windows\System32\certprop.dll,-13
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
093) "SDRSVC" - @C:\windows\system32\sdrsvc.dll,-107
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k SDRSVC
---> TYPE = OWN_SERVICE
094) "seclogon" - @C:\windows\system32\seclogon.dll,-7001
---> STAT = (RUNNING) Started automatically
---> FILE = %windir%\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
095) "SENS" - @C:\windows\system32\Sens.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
096) "ServiceLayer" - ServiceLayer
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe\
---> TYPE = OWN_SERVICE
097) "SessionEnv" - @C:\windows\System32\SessEnv.dll,-1026
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
098) "SharedAccess" - @C:\windows\system32\ipnathlp.dll,-106
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
099) "ShellHWDetection" - @C:\windows\System32\shsvcs.dll,-12288
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
100) "slsvc" - @C:\windows\system32\SLsvc.exe,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\SLsvc.exe
---> TYPE = OWN_SERVICE
101) "SLUINotify" - @C:\windows\system32\SLUINotify.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
102) "SNMPTRAP" - @C:\windows\system32\snmptrap.exe,-3
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\snmptrap.exe
---> TYPE = OWN_SERVICE
103) "Spooler" - @C:\windows\system32\spoolsv.exe,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\spoolsv.exe
---> TYPE = OWN_SERVICE
104) "SSDPSRV" - @C:\windows\system32\ssdpsrv.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
105) "SstpSvc" - @C:\windows\system32\sstpsvc.dll,-200
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
106) "stisvc" - @C:\windows\system32\wiaservc.dll,-9
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k imgsvc
---> TYPE = OWN_SERVICE
107) "swprv" - @C:\windows\System32\swprv.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k swprv
---> TYPE = OWN_SERVICE
108) "SysMain" - @C:\windows\system32\sysmain.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
109) "TabletInputService" - @C:\windows\system32\TabSvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
110) "TapiSrv" - @C:\windows\system32\tapisrv.dll,-10100
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
111) "TBS" - @C:\windows\system32\tbssvc.dll,-100
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
112) "TermService" - @C:\windows\System32\termsrv.dll,-268
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
113) "Themes" - @C:\windows\System32\shsvcs.dll,-8192
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
114) "THREADORDER" - @C:\windows\system32\mmcss.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
115) "TrkWks" - @C:\windows\system32\trkwks.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
116) "TrustedInstaller" - @C:\windows\servicing\TrustedInstaller.exe,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\servicing\TrustedInstaller.exe
---> TYPE = OWN_SERVICE
117) "TuneUp.Defrag" - @C:\windows\System32\TuneUpDefragService.exe,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\TuneUpDefragService.exe
---> TYPE = OWN_SERVICE
118) "TuneUp.ProgramStatisticsSvc" - @C:\windows\System32\TUProgSt.exe,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\TUProgSt.exe
---> TYPE = OWN_SERVICE
119) "UI0Detect" - @C:\windows\system32\ui0detect.exe,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\UI0Detect.exe
---> TYPE = OWN_SERVICE
120) "upnphost" - @C:\windows\system32\upnphost.dll,-213
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
121) "UxSms" - @C:\windows\system32\dwm.exe,-2000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
122) "UxTuneUp" - @C:\windows\System32\uxtuneup.dll,-4096
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
123) "vds" - @C:\windows\system32\vds.exe,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\vds.exe
---> TYPE = OWN_SERVICE
124) "VSS" - @C:\windows\system32\vssvc.exe,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\vssvc.exe
---> TYPE = OWN_SERVICE
125) "W32Time" - @C:\windows\system32\w32time.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
126) "wcncsvc" - @C:\windows\system32\wcncsvc.dll,-3
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
127) "WcsPlugInService" - @C:\windows\system32\WcsPlugInService.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k wcssvc
---> TYPE = SHARE_SERVICE
128) "WdiServiceHost" - @C:\windows\system32\wdi.dll,-502
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k wdisvc
---> TYPE = SHARE_SERVICE
129) "WdiSystemHost" - @C:\windows\system32\wdi.dll,-500
---> STAT = (RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
130) "WebClient" - @C:\windows\system32\webclnt.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
131) "Wecsvc" - @C:\windows\system32\wecsvc.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
132) "wercplsupport" - @C:\windows\System32\wercplsupport.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
133) "WerSvc" - @C:\windows\System32\wersvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k WerSvcGroup
---> TYPE = SHARE_SERVICE
134) "WinDefend" - @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k secsvcs
---> TYPE = SHARE_SERVICE
135) "WinHttpAutoProxySvc" - @C:\windows\system32\winhttp.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
136) "Winmgmt" - @%Systemroot%\system32\wbem\wmisvc.dll,-205
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
137) "WinRM" - @%Systemroot%\system32\wsmsvc.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
138) "Winsock"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = ADAPTER
139) "Wlansvc" - @C:\windows\System32\wlansvc.dll,-257
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
140) "wmiApSrv" - @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\wbem\WmiApSrv.exe
---> TYPE = OWN_SERVICE
141) "WMPNetworkSvc" - @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = \%ProgramFiles%\Windows Media Player\wmpnetwk.exe\
---> TYPE = OWN_SERVICE
142) "WPCSvc" - @C:\windows\system32\wpcsvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
143) "WPDBusEnum" - @C:\windows\system32\wpdbusenum.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
144) "WPFFontCache_v0400" - @C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
---> TYPE = OWN_SERVICE
145) "wscsvc" - @C:\windows\System32\wscsvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE
146) "WSearch" - @C:\windows\system32\SearchIndexer.exe,-103
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\SearchIndexer.exe /Embedding
---> TYPE = OWN_SERVICE
147) "wuauserv" - @C:\windows\system32\wuaueng.dll,-105
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
148) "wudfsvc" - @C:\windows\system32\wudfsvc.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE
===================== SVCHOST INSTANCES =====================
LocalService
+---- nsi
+---- %systemroot%\system32\nsisvc.dll
+---- lltdsvc
+---- %SystemRoot%\System32\lltdsvc.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SCardSvr
+---- %SystemRoot%\System32\SCardSvr.dll
+---- w32time
+---- %systemroot%\system32\w32time.dll
+---- EventSystem
+---- %systemroot%\system32\es.dll
+---- RemoteRegistry
+---- %SystemRoot%\system32\regsvc.dll
+---- WinHttpAutoProxySvc
+---- winhttp.dll
+---- lanmanworkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- TBS
+---- %SystemRoot%\System32\tbssvc.dll
+---- SLUINotify
+---- %SystemRoot%\system32\SLUINotify.dll
+---- THREADORDER
+---- %SystemRoot%\system32\mmcss.dll
+---- fdrespub
+---- %SystemRoot%\system32\fdrespub.dll
+---- netprofm
+---- %SystemRoot%\System32\netprofm.dll
+---- fdphost
+---- %SystemRoot%\system32\fdPHost.dll
+---- wcncsvc
+---- %SystemRoot%\System32\wcncsvc.dll
+---- QWAVE
+---- %windir%\system32\qwave.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- SstpSvc
+---- %SystemRoot%\system32\sstpsvc.dll
LocalSystemNetworkRestricted
+---- hidserv
+---- %SystemRoot%\System32\hidserv.dll
+---- UxSms
+---- %SystemRoot%\System32\uxsms.dll
+---- WdiSystemHost
+---- %SystemRoot%\system32\wdi.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- trkwks
+---- %SystemRoot%\System32\trkwks.dll
+---- AudioEndpointBuilder
+---- %SystemRoot%\System32\Audiosrv.dll
+---- WUDFSvc
+---- %SystemRoot%\System32\WUDFSvc.dll
+---- irmon
+---- sysmain
+---- %systemroot%\system32\sysmain.dll
+---- IPBusEnum
+---- %SystemRoot%\system32\ipbusenum.dll
+---- dot3svc
+---- %SystemRoot%\System32\dot3svc.dll
+---- PcaSvc
+---- %SystemRoot%\System32\pcasvc.dll
+---- wlansvc
+---- %SystemRoot%\System32\wlansvc.dll
+---- EMDMgmt
+---- %systemroot%\system32\emdmgmt.dll
+---- TabletInputService
+---- %SystemRoot%\System32\TabSvc.dll
+---- WPDBusEnum
+---- %SystemRoot%\system32\wpdbusenum.dll
NetworkServiceNetworkRestricted
+---- PolicyAgent
+---- %SystemRoot%\System32\ipsecsvc.dll
LocalServiceNoNetwork
+---- PLA
+---- %systemroot%\system32\pla.dll
+---- DPS
+---- %SystemRoot%\system32\dps.dll
+---- BFE
+---- %SystemRoot%\System32\bfe.dll
+---- mpssvc
+---- %SystemRoot%\system32\mpssvc.dll
NetworkService
+---- CryptSvc
+---- %SystemRoot%\system32\cryptsvc.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
+---- KtmRm
+---- %systemroot%\system32\msdtckrm.dll
+---- DNSCache
+---- %SystemRoot%\System32\dnsrslvr.dll
+---- NapAgent
+---- %SystemRoot%\system32\qagentRT.dll
+---- nlasvc
+---- %SystemRoot%\System32\nlasvc.dll
+---- WinRM
+---- %SystemRoot%\system32\WsmSvc.dll
+---- WECSVC
+---- %SystemRoot%\system32\wecsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
WerSvcGroup
+---- wersvc
+---- %SystemRoot%\System32\WerSvc.dll
netsvcs
+---- AeLookupSvc
+---- %SystemRoot%\System32\aelupsvc.dll
+---- UxTuneUp
+---- %SystemRoot%\System32\uxtuneup.dll
+---- wercplsupport
+---- %SystemRoot%\System32\wercplsupport.dll
+---- Themes
+---- %SystemRoot%\system32\shsvcs.dll
+---- CertPropSvc
+---- %SystemRoot%\System32\certprop.dll
+---- SCPolicySvc
+---- %SystemRoot%\System32\certprop.dll
+---- lanmanserver
+---- %SystemRoot%\System32\srvsvc.dll
+---- gpsvc
+---- %SystemRoot%\System32\gpsvc.dll
+---- IKEEXT
+---- %SystemRoot%\System32\ikeext.dll
+---- AudioSrv
+---- %SystemRoot%\System32\Audiosrv.dll
+---- FastUserSwitchingCompatibility
+---- Ias
+---- Irmon
+---- Nla
+---- Ntmssvc
+---- NWCWorkstation
+---- Nwsapagent
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- SENS
+---- %SystemRoot%\System32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Wmi
+---- WmdmPmSp
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
+---- wuauserv
+---- %systemroot%\system32\wuaueng.dll
+---- BITS
+---- %SystemRoot%\System32\qmgr.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- LogonHours
+---- PCAudit
+---- helpsvc
+---- uploadmgr
+---- iphlpsvc
+---- %SystemRoot%\System32\iphlpsvc.dll
+---- seclogon
+---- %windir%\system32\seclogon.dll
+---- AppInfo
+---- %SystemRoot%\System32\appinfo.dll
+---- msiscsi
+---- %systemroot%\system32\iscsiexe.dll
+---- MMCSS
+---- %SystemRoot%\system32\mmcss.dll
+---- ProfSvc
+---- %systemroot%\system32\profsvc.dll
+---- EapHost
+---- %SystemRoot%\System32\eapsvc.dll
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- schedule
+---- %systemroot%\system32\schedsvc.dll
+---- SessionEnv
+---- %SystemRoot%\system32\sessenv.dll
+---- browser
+---- %SystemRoot%\System32\browser.dll
+---- hkmsvc
+---- %SystemRoot%\system32\kmsvc.dll
swprv
+---- swprv
+---- %Systemroot%\System32\swprv.dll
LocalServiceNetworkRestricted
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- eventlog
+---- AudioSrv
+---- %SystemRoot%\System32\Audiosrv.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll
+---- p2pimsvc
+---- %SystemRoot%\system32\p2psvc.dll
+---- PNRPSvc
+---- %SystemRoot%\system32\p2psvc.dll
+---- p2psvc
+---- %SystemRoot%\system32\p2psvc.dll
+---- WPCSvc
+---- %SystemRoot%\System32\wpcsvc.dll
+---- PnrpAutoReg
+---- %SystemRoot%\system32\p2psvc.dll
rpcss
+---- RpcSs
+---- %SystemRoot%\system32\rpcss.dll
regsvc
+---- RemoteRegistry
+---- %SystemRoot%\system32\regsvc.dll
wcssvc
+---- WcsPlugInService
+---- %SystemRoot%\System32\WcsPlugInService.dll
DcomLaunch
+---- PlugPlay
+---- %SystemRoot%\system32\umpnpmgr.dll
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
wdisvc
+---- WdiServiceHost
+---- %SystemRoot%\system32\wdi.dll
sdrsvc
+---- sdrsvc
+---- %Systemroot%\System32\SDRSVC.dll
imgsvc
+---- StiSvc
+---- %SystemRoot%\System32\wiaservc.dll
secsvcs
+---- WinDefend
+---- %ProgramFiles%\Windows Defender\mpsvc.dll
HPZ12
+---- Pml Driver HPZ12
+---- C:\windows\system32\HPZipm12.dll
+---- Net Driver HPZ12
+---- C:\windows\system32\HPZinw12.dll
bthsvcs
+---- BthServ
+---- %SystemRoot%\System32\bthserv.dll
GPSvcGroup
+---- GPSvc
+---- %SystemRoot%\System32\gpsvc.dll
LocalServiceAndNoImpersonation
+---- FontCache
+---- %SystemRoot%\system32\FntCache.dll
===================== LOADED MODULES =====================
*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown
System pid: 4
Command line: <unable to retrieve>
smss.exe pid: 424
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x47e00000 0x12000 \SystemRoot\System32\smss.exe
csrss.exe pid: 504
Command line: C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x49a80000 0x5000 6.00.6001.18000 C:\windows\system32\csrss.exe
0x75d80000 0xf000 6.00.6001.18000 C:\windows\system32\CSRSRV.dll
0x75d60000 0x13000 6.00.6001.18000 C:\windows\system32\basesrv.dll
0x75d00000 0x60000 6.00.6002.18005 C:\windows\system32\winsrv.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
wininit.exe pid: 548
Command line: wininit.exe
Base Size Version Path
0x008d0000 0x1a000 6.00.6001.18000 C:\windows\system32\wininit.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
csrss.exe pid: 556
Command line: C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x49a80000 0x5000 6.00.6001.18000 C:\windows\system32\csrss.exe
0x75d80000 0xf000 6.00.6001.18000 C:\windows\system32\CSRSRV.dll
0x75d60000 0x13000 6.00.6001.18000 C:\windows\system32\basesrv.dll
0x75d00000 0x60000 6.00.6002.18005 C:\windows\system32\winsrv.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
winlogon.exe pid: 596
Command line: winlogon.exe
Base Size Version Path
0x00b10000 0x50000 6.00.6002.18005 C:\windows\system32\winlogon.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x55580000 0xc000 8.00.3310.0003 c:\windows\system32\uxtuneup.dll
0x74aa0000 0xdc000 6.00.6001.18000 C:\windows\system32\dbghelp.dll
0x73fa0000 0xf4000 7.00.6002.18107 C:\windows\system32\WindowsCodecs.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x75ca0000 0x16000 6.00.6002.18005 C:\windows\system32\AUTHZ.dll
services.exe pid: 632
Command line: C:\windows\system32\services.exe
Base Size Version Path
0x009c0000 0x47000 6.00.6002.18005 C:\windows\system32\services.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x75a20000 0x4e000 6.00.6002.18005 C:\windows\system32\SCESRV.dll
0x75ca0000 0x16000 6.00.6002.18005 C:\windows\system32\AUTHZ.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
lsass.exe pid: 644
Command line: C:\windows\system32\lsass.exe
Base Size Version Path
0x001e0000 0x6000 6.00.6002.18051 C:\windows\system32\lsass.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x75a70000 0x136000 6.00.6002.18051 C:\windows\system32\LSASRV.dll
0x759a0000 0x7b000 6.00.6002.18005 C:\windows\system32\SAMSRV.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\system32\cryptdll.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x75850000 0x11000 6.00.6002.18005 C:\windows\system32\FeClient.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x75be0000 0x7000 6.00.6000.16386 C:\windows\system32\SYSNTFY.dll
0x756b0000 0x40000 6.00.6002.18005 C:\windows\system32\wevtapi.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x75600000 0x6000 6.00.6000.16386 C:\windows\system32\cngaudit.dll
0x75ca0000 0x16000 6.00.6002.18005 C:\windows\system32\AUTHZ.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\BCRYPT.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75540000 0x2000 6.00.6000.16386 C:\windows\system32\msprivs.dll
0x754b0000 0x7e000 6.00.6002.18051 C:\windows\system32\kerberos.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x75380000 0x94000 6.00.6002.18005 C:\windows\system32\netlogon.dll
0x75280000 0xd7000 6.00.6000.16386 C:\windows\system32\WINBRAND.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x751e0000 0x2d000 6.00.6002.18051 C:\windows\system32\wdigest.dll
0x75360000 0x12000 6.00.6001.18000 C:\windows\system32\tspkg.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x751b0000 0x2e000 6.00.6002.18005 C:\windows\system32\scecli.dll
0x74290000 0x8000 6.00.6000.16386 C:\windows\system32\keyiso.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x748b0000 0x26000 6.00.6001.18000 C:\windows\system32\dssenh.dll
lsm.exe pid: 652
Command line: C:\windows\system32\lsm.exe
Base Size Version Path
0x00260000 0x3b000 6.00.6001.18000 C:\windows\system32\lsm.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x75be0000 0x7000 6.00.6000.16386 C:\windows\system32\SYSNTFY.dll
0x758e0000 0x6000 6.00.6000.16386 C:\windows\system32\WMsgAPI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
svchost.exe pid: 828
Command line: C:\windows\system32\svchost.exe -k DcomLaunch
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x750f0000 0x39000 6.00.6002.18005 c:\windows\system32\umpnpmgr.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75060000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x743c0000 0x15000 6.00.6001.18000 C:\windows\system32\Cabinet.dll
svchost.exe pid: 896
Command line: C:\windows\system32\svchost.exe -k rpcss
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75060000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x72e50000 0x96000 6.00.6002.18005 C:\windows\system32\fwpuclnt.dll
svchost.exe pid: 1020
Command line: C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\System32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74d90000 0xfc000 6.00.6002.18005 c:\windows\system32\wevtsvc.dll
0x75260000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\System32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x743e0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x73de0000 0x21000 6.00.6002.18005 C:\windows\System32\audioses.dll
0x73d30000 0x66000 6.00.6001.18000 C:\windows\System32\audioeng.dll
0x74520000 0x7000 6.00.6001.18000 C:\windows\System32\AVRT.dll
0x75060000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
0x74aa0000 0xdc000 6.00.6001.18000 c:\windows\system32\dbghelp.dll
0x72c80000 0xb000 6.00.6002.18005 C:\windows\system32\wbem\wbemprox.dll
0x72c20000 0x5b000 6.00.6001.18000 C:\windows\system32\wbemcomn.dll
0x71a20000 0x10000 6.00.6002.18005 C:\windows\system32\wbem\wbemsvc.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\System32\ncrypt.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\System32\BCRYPT.dll
0x6bd10000 0x8e000 7.04.7600.0226 C:\Windows\system32\wuapi.dll
0x743c0000 0x15000 6.00.6001.18000 C:\Windows\system32\Cabinet.dll
svchost.exe pid: 1080
Command line: C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\System32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x743e0000 0x28000 6.00.6002.18005 c:\windows\system32\MMDevAPI.DLL
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x742c0000 0xb000 6.00.6002.18005 c:\windows\system32\uxsms.dll
0x742b0000 0x10000 6.00.6001.18000 c:\windows\system32\wudfsvc.dll
0x741c0000 0x30000 6.00.6001.18000 c:\windows\system32\WUDFPlatform.dll
0x756b0000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
0x73a60000 0x82000 6.00.6002.18064 c:\windows\system32\wlansvc.dll
0x73a10000 0x4c000 6.00.6002.18064 c:\windows\system32\WLANMSM.DLL
0x739b0000 0x52000 6.00.6002.18064 c:\windows\system32\WLANSEC.dll
0x73420000 0x17c000 6.00.6002.18005 c:\windows\system32\OneX.DLL
0x73e20000 0xe000 6.00.6001.18000 c:\windows\system32\eappprxy.dll
0x73d00000 0x24000 6.00.6002.18005 c:\windows\system32\eappcfg.dll
0x74550000 0x1ab000 5.02.6002.18005 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x74d20000 0x30000 6.00.6001.18000 c:\windows\system32\DUser.dll
0x74710000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
0x75ca0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x73970000 0x18000 6.00.6002.18005 c:\windows\system32\wlgpclnt.dll
0x73cf0000 0x10000 6.00.6001.18000 c:\windows\system32\l2gpstore.dll
0x73e10000 0x6000 6.00.6000.16386 c:\windows\system32\wlanutil.dll
0x75be0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x75560000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
0x72240000 0x15b000 6.20.5002.0000 C:\windows\System32\msxml6.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\System32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x754b0000 0x7e000 6.00.6002.18051 C:\windows\system32\kerberos.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\System32\cryptdll.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\Windows\system32\slc.dll
0x743c0000 0x15000 6.00.6001.18000 C:\windows\System32\Cabinet.dll
0x72680000 0x8d000 6.00.6002.18005 c:\windows\system32\emdmgmt.dll
0x724a0000 0x39000 6.00.6002.18005 c:\windows\system32\WDSCORE.dll
0x72650000 0x9000 6.00.6002.18005 c:\windows\system32\hidserv.dll
0x723a0000 0xd000 6.00.6001.18000 c:\windows\system32\pcasvc.dll
0x71d60000 0x8a000 6.00.6002.18005 c:\windows\system32\sysmain.dll
0x71d40000 0x17000 6.00.6002.18112 c:\windows\system32\wpdbusenum.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\System32\GPAPI.dll
0x717a0000 0x56000 6.00.6002.18112 C:\windows\system32\PortableDeviceApi.dll
0x71c50000 0x12000 6.00.6002.18112 C:\windows\System32\portabledeviceconnectapi.dll
0x72660000 0x15000 6.00.6001.18000 c:\windows\system32\wdi.dll
0x71ed0000 0xa000 6.00.6001.18000 C:\windows\system32\pcadm.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\System32\nlaapi.dll
0x72740000 0x2e000 6.00.6002.18005 C:\windows\System32\credui.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\System32\ATL.DLL
0x70ed0000 0x4a000 6.00.6001.18000 C:\windows\System32\hnetcfg.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x72c80000 0xb000 6.00.6002.18005 C:\windows\system32\wbem\wbemprox.dll
0x72c20000 0x5b000 6.00.6001.18000 C:\windows\system32\wbemcomn.dll
0x71a20000 0x10000 6.00.6002.18005 C:\windows\system32\wbem\wbemsvc.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x6c640000 0x15000 6.00.6000.16386 C:\windows\system32\radardt.dll
svchost.exe pid: 1104
Command line: C:\windows\system32\svchost.exe -k netsvcs
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74330000 0x11000 6.00.6001.18000 c:\windows\system32\mmcss.dll
0x74520000 0x7000 6.00.6001.18000 c:\windows\system32\AVRT.dll
0x74300000 0x29000 6.00.6002.18005 c:\windows\system32\profsvc.dll
0x75be0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
0x74700000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x742e0000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x55580000 0xc000 8.00.3310.0003 c:\windows\system32\uxtuneup.dll
0x74aa0000 0xdc000 6.00.6001.18000 c:\windows\system32\dbghelp.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x73e80000 0x10000 6.00.6001.18000 c:\windows\system32\eapsvc.dll
0x73e50000 0x30000 6.00.6002.18005 C:\windows\system32\eapphost.dll
0x73e30000 0xf000 6.00.6001.18000 C:\Windows\system32\umb.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x732a0000 0xb000 6.00.6001.18000 C:\windows\system32\wiarpc.dll
0x756b0000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
0x75ca0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
0x73160000 0x7000 6.00.6001.18000 c:\windows\system32\ktmw32.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x73050000 0x44000 6.00.6002.18342 C:\windows\system32\taskcomp.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x730b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
0x756f0000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
0x72de0000 0x6000 6.00.6000.16386 C:\windows\system32\SSCORE.DLL
0x75060000 0x66000 6.00.6001.18000 C:\windows\system32\FirewallAPI.DLL
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\system32\cryptdll.dll
0x72740000 0x2e000 6.00.6002.18005 C:\windows\system32\credui.dll
0x72b50000 0x9000 6.00.6000.16386 c:\windows\system32\aelupsvc.dll
0x71c70000 0x2a000 6.00.6002.18005 c:\windows\system32\wbem\wmisvc.dll
0x72c20000 0x5b000 6.00.6001.18000 C:\windows\system32\wbemcomn.dll
0x71e90000 0x34000 6.00.6002.18209 c:\windows\system32\iphlpsvc.dll
0x72e50000 0x96000 6.00.6002.18005 c:\windows\system32\fwpuclnt.dll
0x71ee0000 0x23000 6.00.6001.18000 c:\windows\system32\sqmapi.dll
0x75560000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
0x743c0000 0x15000 6.00.6001.18000 C:\windows\system32\Cabinet.dll
0x72480000 0x14000 6.00.6001.18000 C:\windows\system32\vsstrace.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x70c40000 0x1bf000 7.00.6002.18005 c:\windows\system32\qmgr.dll
0x71e80000 0x8000 7.00.6000.16386 c:\windows\system32\bitsperf.dll
0x71a20000 0x10000 6.00.6002.18005 C:\windows\system32\wbem\wbemsvc.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x71e70000 0xb000 7.00.6002.18005 C:\windows\system32\bitsigd.dll
0x71580000 0x136000 8.100.5003.0000 C:\windows\System32\msxml3.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x754b0000 0x7e000 6.00.6002.18051 C:\windows\system32\kerberos.dll
0x6ed60000 0x14000 6.00.6001.18000 C:\windows\system32\RASQEC.DLL
0x72ba0000 0x17000 6.00.6001.18000 C:\windows\system32\QUtil.dll
0x75050000 0x5000 6.00.6000.16386 C:\windows\system32\MSIMG32.dll
0x69cd0000 0x1d9000 7.04.7600.0226 c:\windows\system32\wuaueng.dll
0x74a70000 0xc000 6.00.6001.18000 c:\windows\system32\mspatcha.dll
0x758e0000 0x6000 6.00.6000.16386 C:\windows\system32\WMsgAPI.dll
0x69830000 0xd9000 6.00.6002.18005 C:\windows\system32\wer.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\SensApi.dll
0x748b0000 0x26000 6.00.6001.18000 C:\windows\system32\dssenh.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x6f9e0000 0xb000 6.00.6001.18000 c:\windows\system32\appinfo.dll
audiodg.exe pid: 1164
Command line: <unable to retrieve>
svchost.exe pid: 1212
Command line: C:\windows\system32\svchost.exe -k GPSvcGroup
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74130000 0x8f000 6.00.6002.18005 c:\windows\system32\gpsvc.dll
0x75870000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75260000 0x15000 6.00.6002.18005 c:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 c:\windows\system32\slc.dll
0x75ca0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
0x75be0000 0x7000 6.00.6000.16386 c:\windows\system32\SYSNTFY.dll
0x74700000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
SLsvc.exe pid: 1228
Command line: C:\windows\system32\SLsvc.exe
Base Size Version Path
0x008f0000 0x343000 6.00.6002.18005 C:\windows\system32\SLsvc.exe
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
svchost.exe pid: 1256
Command line: C:\windows\system32\svchost.exe -k LocalService
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x740a0000 0x46000 2001.12.6932.18005 c:\windows\system32\es.dll
0x74410000 0xbb000 7.00.6002.18005 c:\windows\system32\PROPSYS.dll
0x742d0000 0x8000 6.00.6001.18000 c:\windows\system32\nsisvc.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x75870000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
0x75280000 0xd7000 6.00.6000.16386 c:\windows\system32\WINBRAND.dll
0x71980000 0x48000 6.00.6002.18005 c:\windows\system32\w32time.dll
0x75bf0000 0x11000 6.00.6001.18000 c:\windows\system32\cryptdll.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x71940000 0x3c000 6.00.6001.18000 c:\windows\system32\netprofm.dll
0x74700000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
0x71f50000 0x8000 6.00.6000.16386 C:\windows\System32\npmproxy.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x75060000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
0x703b0000 0x25000 6.00.6001.18000 c:\windows\system32\sstpsvc.dll
0x74500000 0xb000 6.00.6002.18136 c:\windows\system32\HTTPAPI.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
svchost.exe pid: 1504
Command line: C:\windows\system32\svchost.exe -k NetworkService
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x742e0000 0x14000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x72480000 0x14000 6.00.6001.18000 c:\windows\system32\vsstrace.dll
0x75ca0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
0x74880000 0x2f000 1.02.1009.0000 c:\windows\system32\XmlLite.dll
0x740a0000 0x46000 2001.12.6932.18005 C:\windows\system32\es.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x72170000 0x2b000 6.00.6001.18000 c:\windows\system32\nlasvc.dll
0x756b0000 0x40000 6.00.6002.18005 c:\windows\system32\wevtapi.dll
0x72450000 0x1a000 6.00.6001.18000 c:\windows\system32\ncsi.dll
0x75560000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
0x72b90000 0x8000 6.00.6001.18000 c:\windows\system32\CFGMGR32.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x72740000 0x2e000 6.00.6002.18005 c:\windows\system32\credui.dll
0x74710000 0x3d000 7.00.6002.18155 c:\windows\system32\OLEACC.dll
0x6ec60000 0x48000 6.00.6002.18005 C:\windows\system32\unimdm.tsp
0x70390000 0x11000 6.00.6000.16386 C:\windows\system32\unimdmat.dll
0x6e580000 0x4a000 6.00.6002.18005 C:\windows\system32\modemui.dll
0x71750000 0xc000 6.00.6000.16386 C:\windows\system32\kmddsp.tsp
0x70e00000 0xf000 6.00.6000.16386 C:\windows\system32\ndptsp.tsp
0x70a70000 0xb000 6.00.6000.16386 C:\windows\system32\hidphone.tsp
0x6bf10000 0x59000 2001.12.6931.18000 c:\windows\system32\msdtckrm.dll
0x73160000 0x7000 6.00.6001.18000 c:\windows\system32\ktmw32.dll
0x75870000 0x18000 6.00.6001.18000 c:\windows\system32\NTDSAPI.dll
0x75bf0000 0x11000 6.00.6001.18000 c:\windows\system32\cryptdll.dll
0x71a00000 0x1b000 6.00.6001.18000 C:\windows\system32\CRYPTNET.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\SensApi.dll
dwm.exe pid: 1572
Command line: "C:\windows\system32\Dwm.exe"
Base Size Version Path
0x00730000 0x18000 6.00.6002.18005 C:\windows\system32\Dwm.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x73dc0000 0x18000 6.00.6001.18000 C:\windows\system32\dwmredir.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x73af0000 0x1f1000 6.00.6002.18005 C:\windows\system32\milcore.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x73f00000 0xc000 6.00.6001.18000 C:\windows\system32\dwmapi.dll
0x10000000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
explorer.exe pid: 1612
Command line: C:\windows\Explorer.EXE
Base Size Version Path
0x00780000 0x2cd000 6.00.6002.18005 C:\windows\Explorer.EXE
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x73790000 0x10a000 6.00.6002.18392 C:\windows\system32\SHDOCVW.dll
0x73f00000 0xc000 6.00.6001.18000 C:\windows\system32\dwmapi.dll
0x74550000 0x1ab000 5.02.6002.18005 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x735a0000 0x146000 6.00.6002.18005 C:\windows\system32\BROWSEUI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x74d20000 0x30000 6.00.6001.18000 C:\windows\system32\DUser.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x73fa0000 0xf4000 7.00.6002.18107 C:\windows\system32\WindowsCodecs.dll
0x73920000 0x1f000 5.02.3790.1830 C:\windows\system32\EhStorShell.dll
0x74f50000 0x6000 6.00.6000.16386 C:\windows\system32\IconCodecService.dll
0x73360000 0xb2000 6.00.6002.18127 C:\windows\system32\timedate.cpl
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x75280000 0xd7000 6.00.6000.16386 C:\windows\system32\WINBRAND.dll
0x71880000 0x53000 6.00.6001.18000 C:\windows\system32\ACTXPRXY.DLL
0x72d10000 0x2b000 6.00.6002.18005 C:\windows\system32\msutb.dll
0x70e60000 0x1b000 11.00.6002.18005 C:\PROGRA~1\WI4EB4~1\wmpband.dll
0x744d0000 0x16000 6.00.6001.18000 C:\windows\System32\shacct.dll
0x74a20000 0x3c000 7.00.6002.18255 C:\windows\System32\msshsq.dll
0x707d0000 0xc7000 6.00.6002.18005 C:\windows\System32\NaturalLanguage6.dll
0x6ff30000 0x44f000 6.00.6001.18000 C:\windows\System32\NLSData0010.dll
0x6fb30000 0x3fd000 6.00.6000.16386 C:\windows\System32\NLSLexicons0010.dll
0x705e0000 0x1e8000 6.00.6002.18005 C:\windows\system32\authui.dll
0x75050000 0x5000 6.00.6000.16386 C:\windows\system32\MSIMG32.dll
0x74e90000 0x9000 6.00.6000.16386 C:\windows\system32\LINKINFO.dll
0x6ef40000 0xa95000 8.00.6001.19019 C:\windows\system32\ieframe.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x74f70000 0xb000 6.00.6002.18005 C:\windows\system32\cscapi.dll
0x74a80000 0x9000 6.00.6002.18005 C:\windows\system32\ExplorerFrame.dll
0x704a0000 0x92000 6.00.6002.18392 C:\windows\system32\stobject.dll
0x703e0000 0xb6000 6.00.6000.16386 C:\windows\system32\BatMeter.dll
0x740a0000 0x46000 2001.12.6932.18005 C:\windows\system32\es.dll
0x72d40000 0x30000 6.00.6000.16386 C:\windows\System32\SndVolSSO.dll
0x743e0000 0x28000 6.00.6002.18005 C:\windows\System32\MMDevApi.dll
0x73de0000 0x21000 6.00.6002.18005 C:\windows\system32\AUDIOSES.DLL
0x73d30000 0x66000 6.00.6001.18000 C:\windows\system32\audioeng.dll
0x74520000 0x7000 6.00.6001.18000 C:\windows\system32\AVRT.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\System32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\System32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\System32\dhcpcsvc6.DLL
0x74700000 0xf000 6.00.6001.18000 C:\windows\System32\nlaapi.dll
0x6ed80000 0x1bf000 6.00.6002.18005 C:\windows\system32\pnidui.dll
0x72ba0000 0x17000 6.00.6001.18000 C:\windows\system32\QUtil.dll
0x756b0000 0x40000 6.00.6002.18005 C:\windows\system32\wevtapi.dll
0x73e10000 0x6000 6.00.6000.16386 C:\windows\system32\wlanutil.dll
0x71f50000 0x8000 6.00.6000.16386 C:\windows\System32\npmproxy.dll
0x74f30000 0x12000 6.00.6002.18064 C:\windows\system32\Wlanapi.dll
0x73420000 0x17c000 6.00.6002.18005 C:\windows\system32\OneX.DLL
0x73e20000 0xe000 6.00.6001.18000 C:\windows\system32\eappprxy.dll
0x73d00000 0x24000 6.00.6002.18005 C:\windows\system32\eappcfg.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\bcrypt.dll
0x71120000 0xd000 6.00.6000.16386 C:\windows\System32\AltTab.dll
0x6ed40000 0x19000 6.00.6002.18112 C:\windows\system32\wpdshserviceobj.dll
0x6e550000 0x2b000 6.00.6002.18112 C:\windows\system32\PortableDeviceTypes.dll
0x717a0000 0x56000 6.00.6002.18112 C:\windows\system32\PortableDeviceApi.dll
0x10000000 0x85000 6.81.0046.0001 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
0x064c0000 0x8c000 6.81.0068.0000 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll
0x04cb0000 0x3f000 6.81.0062.0000 C:\windows\system32\ConnAPI.DLL
0x7c3a0000 0x7b000 7.10.3077.0000 C:\windows\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\windows\system32\MSVCR71.dll
0x747d0000 0x18000 6.00.6002.18005 C:\windows\system32\OLEPRO32.DLL
0x02e70000 0xa000 6.81.0029.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
0x06b40000 0x8b000 6.81.0011.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
0x71f40000 0xb000 7.00.6002.18005 C:\windows\system32\mssprxy.dll
0x6e4d0000 0x30000 6.00.6001.18000 C:\windows\system32\MLANG.dll
0x72cd0000 0x13000 6.00.6001.18000 C:\windows\System32\ntlanman.dll
0x74860000 0x8000 6.00.6000.16386 C:\windows\System32\drprov.dll
0x72cb0000 0x12000 6.00.6002.18005 C:\windows\System32\davclnt.dll
0x00720000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
0x723e0000 0x59000 6.00.6002.18342 C:\Windows\system32\taskschd.dll
0x74880000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
0x6cde0000 0x4d000 7.00.6002.18005 C:\windows\System32\srchadmin.dll
0x6c9a0000 0x21c000 6.00.6002.18005 C:\windows\System32\SyncCenter.dll
0x6ce80000 0x39000 6.00.6002.18005 C:\windows\system32\wscntfy.dll
0x738f0000 0xb000 6.00.6002.18005 C:\windows\system32\WSCAPI.dll
0x72b60000 0x2e000 6.00.6001.18000 C:\windows\System32\QAgent.dll
0x72e50000 0x96000 6.00.6002.18005 C:\windows\System32\fwpuclnt.dll
0x6d260000 0xa3000 6.00.6002.18005 C:\windows\system32\bthprops.cpl
0x69770000 0x57000 6.00.6002.18005 C:\windows\system32\zipfldr.dll
0x743c0000 0x15000 6.00.6001.18000 C:\windows\system32\Cabinet.dll
0x74ea0000 0xa000 8.00.3310.0003 C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
0x6fae0000 0x17000 1.50.0001.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x6cd20000 0x2e000 6.00.6001.18000 C:\windows\system32\syncui.dll
0x6f9f0000 0x16000 6.00.6001.18000 C:\windows\system32\SYNCENG.dll
0x64e40000 0x22000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\ashShell.dll
0x74f60000 0xa000 8.00.3310.0003 C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
wlanext.exe pid: 1712
Command line: C:\windows\system32\WLANExt.exe 1296824
Base Size Version Path
0x00650000 0x15000 6.00.6001.18000 C:\windows\system32\WLANExt.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x10000000 0x354000 4.170.0077.0003 C:\windows\System32\bcmihvsrv.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x74f30000 0x12000 6.00.6002.18064 C:\windows\system32\Wlanapi.dll
0x73420000 0x17c000 6.00.6002.18005 C:\windows\system32\OneX.DLL
0x73e20000 0xe000 6.00.6001.18000 C:\windows\system32\eappprxy.dll
0x73d00000 0x24000 6.00.6002.18005 C:\windows\system32\eappcfg.dll
0x74550000 0x1ab000 5.02.6002.18005 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x74d20000 0x30000 6.00.6001.18000 C:\windows\system32\DUser.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\bcrypt.dll
0x73e10000 0x6000 6.00.6000.16386 C:\windows\system32\wlanutil.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
AvastSvc.exe pid: 1756
Command line: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
spoolsv.exe pid: 320
Command line: C:\windows\System32\spoolsv.exe
Base Size Version Path
0x00340000 0x21000 6.00.6002.18294 C:\windows\System32\spoolsv.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\System32\slc.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\System32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\System32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\System32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\System32\dhcpcsvc6.DLL
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x67380000 0x37000 0.03.0000.0001 C:\windows\System32\CNMLM90.DLL
0x63200000 0x2a000 8.00.0000.0000 C:\windows\System32\CNCF2Lc.DLL
0x3f100000 0x33000 0.03.1537.0049 C:\windows\System32\HPU5PMW.DLL
0x3f000000 0x4e000 0.03.1537.0049 C:\windows\System32\HPU5PM.DLL
0x75870000 0x18000 6.00.6001.18000 C:\windows\System32\NTDSAPI.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\System32\cryptdll.dll
0x72740000 0x2e000 6.00.6002.18005 C:\windows\System32\credui.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\System32\ATL.DLL
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x00370000 0x6000 0.03.0001.0004 C:\windows\System32\pdfc_port.dll
0x74a90000 0x9000 6.00.6000.16386 C:\windows\System32\snmpapi.dll
0x74800000 0xf000 6.00.6002.18005 C:\windows\System32\wsnmp32.dll
0x72240000 0x15b000 6.20.5002.0000 C:\windows\System32\msxml6.dll
0x705a0000 0xa000 6.00.6000.16386 C:\windows\System32\tcpmib.dll
0x70590000 0x8000 6.00.6000.16386 C:\windows\System32\mgmtapi.dll
0x6ec40000 0x6000 6.00.6000.16386 C:\windows\system32\wls0wndh.dll
0x6dea0000 0x2d000 6.00.6002.18005 C:\windows\System32\WSDMon.dll
0x6de40000 0x59000 6.00.6002.18085 C:\windows\System32\wsdapi.dll
0x74500000 0xb000 6.00.6002.18136 C:\windows\System32\HTTPAPI.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\System32\XmlLite.dll
0x72b90000 0x8000 6.00.6001.18000 C:\windows\System32\CFGMGR32.dll
0x71f10000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
0x71580000 0x136000 8.100.5003.0000 C:\windows\System32\msxml3.dll
0x67200000 0xa000 0.03.0000.0000 C:\windows\system32\spool\PRTPROCS\W32X86\CNMPD90.DLL
0x6dac0000 0x43000 0.03.1537.0049 C:\windows\system32\spool\PRTPROCS\W32X86\hpzpp073.dll
0x6e4c0000 0xd000 6.00.6001.18000 C:\windows\system32\printcom.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\SensApi.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\System32\GPAPI.dll
taskeng.exe pid: 328
Command line: taskeng.exe {34E040F0-5E6F-4BB1-BDC8-9F56FEAF1980}
Base Size Version Path
0x00090000 0x2c000 6.00.6002.18342 C:\windows\system32\taskeng.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x730b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
0x72ca0000 0xc000 6.00.6001.18000 C:\windows\system32\dimsjob.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x72c90000 0xd000 6.00.6000.16386 C:\windows\system32\pautoenr.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x6d8d0000 0x112000 6.00.6002.18005 C:\windows\system32\certenroll.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
svchost.exe pid: 440
Command line: C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x72ef0000 0x55000 6.00.6002.18005 c:\windows\system32\bfe.dll
0x75ca0000 0x16000 6.00.6002.18005 c:\windows\system32\AUTHZ.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x72d70000 0x66000 6.00.6002.18005 c:\windows\system32\mpssvc.dll
0x75060000 0x66000 6.00.6001.18000 c:\windows\system32\FirewallAPI.dll
0x74700000 0xf000 6.00.6001.18000 c:\windows\system32\nlaapi.dll
0x758f0000 0x2c000 6.00.6002.18005 c:\windows\system32\DNSAPI.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75640000 0x7000 6.00.6001.18000 c:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 c:\windows\system32\dhcpcsvc6.DLL
0x75560000 0x45000 6.00.6002.18005 c:\windows\system32\bcrypt.dll
0x72e50000 0x96000 6.00.6002.18005 c:\windows\system32\fwpuclnt.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x73150000 0x8000 6.00.6001.18000 C:\windows\system32\wfapigp.dll
0x72620000 0x23000 6.00.6001.18000 c:\windows\system32\dps.dll
0x72660000 0x15000 6.00.6001.18000 c:\windows\system32\wdi.dll
0x723e0000 0x59000 6.00.6002.18342 C:\Windows\system32\taskschd.dll
0x74880000 0x2f000 1.02.1009.0000 C:\Windows\system32\XmlLite.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x71f50000 0x8000 6.00.6000.16386 C:\windows\System32\npmproxy.dll
taskeng.exe pid: 1304
Command line: taskeng.exe {BB8C8C74-F6B0-4B0A-818B-A1FF90B6DECE}
Base Size Version Path
0x00090000 0x2c000 6.00.6002.18342 C:\windows\system32\taskeng.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x730b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
0x730a0000 0x8000 6.00.6001.18000 C:\windows\System32\HotStartUserAgent.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\System32\slc.dll
0x72f80000 0x7000 6.00.6001.18000 C:\windows\System32\PlaySndSrv.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\System32\OLEACC.dll
0x72df0000 0x8000 6.00.6002.18005 C:\windows\system32\MsCtfMonitor.dll
0x72d10000 0x2b000 6.00.6002.18005 C:\windows\system32\MSUTB.dll
0x73f00000 0xc000 6.00.6001.18000 C:\windows\system32\dwmapi.dll
0x73e90000 0x4000 6.00.6000.16386 C:\windows\system32\ksuser.dll
0x743e0000 0x28000 6.00.6002.18005 C:\windows\system32\MMDevAPI.DLL
0x74520000 0x7000 6.00.6001.18000 C:\windows\system32\AVRT.dll
0x73de0000 0x21000 6.00.6002.18005 C:\windows\system32\AUDIOSES.DLL
0x73d30000 0x66000 6.00.6001.18000 C:\windows\system32\audioeng.dll
0x72a10000 0x140000 6.00.6001.18000 C:\windows\System32\TMM.dll
0x72850000 0x1ba000 6.00.6002.18005 C:\windows\System32\d3d9.dll
0x73140000 0x6000 6.00.6000.16386 C:\windows\System32\d3d8thk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x10000000 0x3e000 7.14.0010.1437 C:\Windows\system32\igfxTMM.dll
0x72b60000 0x2e000 6.00.6001.18000 C:\windows\System32\QAgent.dll
0x72e50000 0x96000 6.00.6002.18005 C:\windows\System32\fwpuclnt.dll
0x72ba0000 0x17000 6.00.6001.18000 C:\windows\System32\QUtil.dll
0x756b0000 0x40000 6.00.6002.18005 C:\windows\System32\wevtapi.dll
0x01ae0000 0x35000 7.14.0010.1437 C:\Windows\system32\igfxdev.dll
0x72ca0000 0xc000 6.00.6001.18000 C:\windows\system32\dimsjob.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x72c90000 0xd000 6.00.6000.16386 C:\windows\system32\pautoenr.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x6d8d0000 0x112000 6.00.6002.18005 C:\windows\system32\certenroll.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
AEADISRV.EXE pid: 1176
Command line: C:\windows\system32\AEADISRV.EXE
Base Size Version Path
0x00400000 0x13000 1.00.0032.0003 C:\windows\system32\AEADISRV.EXE
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
agrsmsvc.exe pid: 1428
Command line: C:\Windows\system32\agrsmsvc.exe
Base Size Version Path
0x01000000 0x10000 1.00.0000.0007 C:\Windows\system32\agrsmsvc.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74710000 0x3d000 7.00.6002.18155 C:\Windows\system32\OLEACC.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
svchost.exe pid: 2068
Command line: C:\windows\system32\svchost.exe -k bthsvcs
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x72710000 0xe000 6.00.6002.18005 c:\windows\system32\bthserv.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74f30000 0x12000 6.00.6002.18064 C:\windows\system32\Wlanapi.dll
0x73420000 0x17c000 6.00.6002.18005 C:\windows\system32\OneX.DLL
0x73e20000 0xe000 6.00.6001.18000 C:\windows\system32\eappprxy.dll
0x73d00000 0x24000 6.00.6002.18005 C:\windows\system32\eappcfg.dll
0x74550000 0x1ab000 5.02.6002.18005 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x74d20000 0x30000 6.00.6001.18000 C:\windows\system32\DUser.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\bcrypt.dll
0x73e10000 0x6000 6.00.6000.16386 C:\windows\system32\wlanutil.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\system32\cryptdll.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
IAANTmon.exe pid: 2104
Command line: "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
Base Size Version Path
0x00400000 0x59000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x10000000 0x36000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x003e0000 0x1d000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
0x72c80000 0xb000 6.00.6002.18005 C:\windows\system32\wbem\wbemprox.dll
0x72c20000 0x5b000 6.00.6001.18000 C:\windows\system32\wbemcomn.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x71a20000 0x10000 6.00.6002.18005 C:\windows\system32\wbem\wbemsvc.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
iviRegMgr.exe pid: 2220
Command line: "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
Base Size Version Path
0x00400000 0x1c000 1.00.0004.0000 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
LSSrvc.exe pid: 2252
Command line: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
Base Size Version Path
0x00400000 0x12000 1.12.0037.0001 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x67000000 0x1b000 1.12.0037.0001 C:\Program Files\Common Files\LightScribe\LSSProxy.dll
0x68000000 0xb000 1.12.0037.0001 C:\Program Files\Common Files\LightScribe\LSLog.dll
0x721a0000 0x9b000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll
0x71f90000 0x87000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCP80.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
svchost.exe pid: 2284
Command line: C:\windows\System32\svchost.exe -k HPZ12
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\System32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x000a0000 0xe000 12.01.0002.0054 c:\windows\system32\hpzinw12.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
NMSAccessU.exe pid: 2300
Command line: "C:\Program Files\CDBurnerXP\NMSAccessU.exe"
Base Size Version Path
0x00400000 0x13000 C:\Program Files\CDBurnerXP\NMSAccessU.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
pdfsvc.exe pid: 2356
Command line: "C:\Program Files\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
Base Size Version Path
0x00400000 0x89000 3.00.0001.0002 C:\Program Files\PDF Complete\pdfsvc.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
svchost.exe pid: 2380
Command line: C:\windows\System32\svchost.exe -k HPZ12
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\System32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x00090000 0x10000 12.01.0002.0054 c:\windows\system32\hpzipm12.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
rpcnet.exe pid: 2392
Command line: C:\windows\system32\rpcnet.exe
Base Size Version Path
0x00400000 0x11000 8.00.0898.0000 C:\windows\system32\rpcnet.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x723c0000 0x1e000 6.00.6000.16386 C:\windows\system32\ShimEng.dll
0x73f00000 0xc000 6.00.6001.18000 C:\windows\system32\dwmapi.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x003b0000 0x11000 8.00.0898.0000 C:\windows\system32\rpcnet.dll
svchost.exe pid: 2436
Command line: C:\windows\system32\svchost.exe -k imgsvc
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x71df0000 0x71000 6.00.6002.18005 c:\windows\system32\wiaservc.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x72150000 0x7000 6.00.6000.16386 C:\windows\system32\wiatrace.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x75bf0000 0x11000 6.00.6001.18000 C:\windows\system32\cryptdll.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x71f70000 0x9000 6.00.6002.18005 C:\windows\system32\WSDCHNGR.DLL
0x71f10000 0x28000 6.00.6002.18005 C:\Windows\system32\FunDisc.dll
0x742e0000 0x14000 3.05.2284.0002 C:\Windows\system32\ATL.DLL
0x71580000 0x136000 8.100.5003.0000 C:\windows\System32\msxml3.dll
0x72b90000 0x8000 6.00.6001.18000 C:\windows\system32\CFGMGR32.dll
TUProgSt.exe pid: 2476
Command line: C:\windows\System32\TUProgSt.exe
Base Size Version Path
0x00270000 0x97000 8.00.3310.0003 C:\windows\System32\TUProgSt.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\System32\PROPSYS.dll
0x74e90000 0x9000 6.00.6000.16386 C:\windows\System32\LINKINFO.dll
svchost.exe pid: 2492
Command line: C:\windows\System32\svchost.exe -k WerSvcGroup
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\System32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x719d0000 0x23000 6.00.6002.18005 c:\windows\system32\wersvc.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
SearchIndexer.exe pid: 2544
Command line: C:\windows\system32\SearchIndexer.exe /Embedding
Base Size Version Path
0x00df0000 0x6e000 7.00.6002.18005 C:\windows\system32\SearchIndexer.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x713f0000 0x183000 7.00.6002.18005 C:\windows\system32\TQUERY.DLL
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x71280000 0x16d000 7.00.6002.18005 C:\windows\system32\MSSRCH.DLL
0x74aa0000 0xdc000 6.00.6001.18000 C:\windows\system32\dbghelp.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x70fc0000 0x157000 6.00.6002.18005 C:\windows\system32\query.dll
0x71f40000 0xb000 7.00.6002.18005 C:\windows\system32\mssprxy.dll
0x71760000 0xc000 7.00.6002.18005 C:\windows\system32\msscb.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x72480000 0x14000 6.00.6001.18000 C:\windows\system32\vsstrace.dll
0x75ca0000 0x16000 6.00.6002.18005 C:\windows\system32\AUTHZ.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x74f70000 0xb000 6.00.6002.18005 C:\windows\system32\cscapi.dll
0x740a0000 0x46000 2001.12.6932.18005 C:\windows\system32\es.dll
0x707d0000 0xc7000 6.00.6002.18005 C:\windows\System32\NaturalLanguage6.dll
0x6ff30000 0x44f000 6.00.6001.18000 C:\windows\System32\NLSData0010.dll
0x6fb30000 0x3fd000 6.00.6000.16386 C:\windows\System32\NLSLexicons0010.dll
0x69910000 0x17a000 6.00.6001.18000 C:\windows\System32\NLSData0000.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\normaliz.dll
igfxtray.exe pid: 3088
Command line: "C:\Windows\System32\igfxtray.exe"
Base Size Version Path
0x00400000 0x23000 7.14.0010.1437 C:\Windows\System32\igfxtray.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x10000000 0x1a000 7.14.0010.1437 C:\Windows\System32\hccutils.DLL
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x00360000 0x11000 7.14.0010.1437 C:\Windows\system32\igfxsrvc.dll
0x00380000 0x2e000 7.14.0010.1437 C:\windows\system32\igfxrITA.lrc
0x02400000 0x324000 7.14.0010.1437 C:\Windows\System32\igfxress.dll
igfxpers.exe pid: 3096
Command line: "C:\Windows\System32\igfxpers.exe"
Base Size Version Path
0x00400000 0x21000 7.14.0010.1437 C:\Windows\System32\igfxpers.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x10000000 0x11000 7.14.0010.1437 C:\Windows\system32\igfxsrvc.dll
IAAnotif.exe pid: 3104
Command line: "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
Base Size Version Path
0x00400000 0x2e000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x10000000 0x36000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x00c50000 0x12000 8.00.0000.1039 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
0x72c80000 0xb000 6.00.6002.18005 C:\windows\system32\wbem\wbemprox.dll
0x72c20000 0x5b000 6.00.6001.18000 C:\windows\system32\wbemcomn.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x71a20000 0x10000 6.00.6002.18005 C:\windows\system32\wbem\wbemsvc.dll
0x75870000 0x18000 6.00.6001.18000 C:\windows\system32\NTDSAPI.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
AvastUI.exe pid: 3120
Command line: "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
sidebar.exe pid: 3152
Command line: "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
Base Size Version Path
0x004f0000 0x131000 6.00.6002.18005 C:\Program Files\Windows Sidebar\sidebar.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll
0x74550000 0x1ab000 5.02.6002.18005 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x73f00000 0xc000 6.00.6001.18000 C:\windows\system32\dwmapi.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75050000 0x5000 6.00.6000.16386 C:\windows\system32\MSIMG32.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74f30000 0x12000 6.00.6002.18064 C:\windows\system32\Wlanapi.dll
0x73420000 0x17c000 6.00.6002.18005 C:\windows\system32\OneX.DLL
0x73e20000 0xe000 6.00.6001.18000 C:\windows\system32\eappprxy.dll
0x73d00000 0x24000 6.00.6002.18005 C:\windows\system32\eappcfg.dll
0x74d20000 0x30000 6.00.6001.18000 C:\windows\system32\DUser.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\bcrypt.dll
0x73e10000 0x6000 6.00.6000.16386 C:\windows\system32\wlanutil.dll
0x71580000 0x136000 8.100.5003.0000 C:\windows\System32\msxml3.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x6d310000 0x5b3000 8.00.6001.19019 C:\Windows\system32\mshtml.dll
0x74810000 0x29000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x6e4d0000 0x30000 6.00.6001.18000 C:\windows\system32\MLANG.dll
0x74870000 0xb000 6.00.6002.18005 C:\windows\system32\msimtf.dll
0x10000000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
0x6ef40000 0xa95000 8.00.6001.19019 C:\windows\system32\ieframe.dll
0x6ec30000 0xc000 8.00.6001.18702 C:\windows\system32\ImgUtil.dll
0x6d0c0000 0x6a000 5.08.6001.18909 C:\windows\system32\vbscript.dll
0x6d080000 0x39000 8.00.6001.18702 C:\Windows\system32\Dxtrans.dll
0x6de20000 0xa000 6.00.6000.16386 C:\Windows\system32\ddrawex.dll
0x6cf90000 0xe5000 6.00.6001.18000 C:\Windows\system32\DDRAW.dll
0x6de30000 0x6000 6.00.6002.18051 C:\Windows\system32\DCIMAN32.dll
0x6da80000 0xe000 8.00.6001.18702 C:\Windows\system32\pngfilt.dll
0x03d00000 0x335000 7.14.0010.1437 C:\windows\system32\igdumd32.dll
0x6cf30000 0x57000 8.00.6001.18702 C:\Windows\system32\Dxtmsft.dll
0x6d160000 0x16000 6.00.6001.18000 C:\Windows\system32\thumbcache.dll
0x73790000 0x10a000 6.00.6002.18392 C:\windows\System32\shdocvw.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x73fa0000 0xf4000 7.00.6002.18107 C:\windows\system32\windowscodecs.dll
0x6cec0000 0x62000 6.00.6002.18005 C:\windows\system32\mscms.dll
0x6ce30000 0x38000 6.00.6001.18000 C:\windows\system32\icm32.dll
0x6d140000 0x12000 6.00.6000.16386 C:\Program Files\Windows Sidebar\wlsrvc.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\sensapi.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
robotaskbaricon.exe pid: 3160
Command line: "C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe"
Base Size Version Path
0x00400000 0x29000 6.10.0001.0000 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x10000000 0x5cc000 6.10.0001.0000 C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x747d0000 0x18000 6.00.6002.18005 C:\windows\system32\OLEPRO32.DLL
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.DLL
0x6d310000 0x5b3000 8.00.6001.19019 C:\Windows\system32\mshtml.dll
0x74810000 0x29000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x71880000 0x53000 6.00.6001.18000 C:\windows\system32\ACTXPRXY.DLL
SearchEngineProtection.exe pid: 3168
Command line: "C:\Program Files\GamesBar\SearchEngineProtection.exe"
Base Size Version Path
0x00400000 0x93000 1.00.0000.0036 C:\Program Files\GamesBar\SearchEngineProtection.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\SensApi.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
BTTray.exe pid: 3192
Command line: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
Base Size Version Path
0x00400000 0x109000 5.02.0000.0400 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x10000000 0xd8000 5.02.0000.0400 C:\windows\system32\btwapi.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x6dd10000 0x10f000 8.00.50727.0762 C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
0x721a0000 0x9b000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll
0x00170000 0x3a000 5.02.0000.0400 C:\windows\system32\btosif.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x002f0000 0x7c000 C:\windows\system32\btwhidcs.DLL
0x72b90000 0x8000 6.00.6001.18000 C:\windows\system32\CFGMGR32.dll
0x6db80000 0x10f000 8.00.50727.0762 C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL
0x6db10000 0x69000 6.00.6000.16386 C:\windows\system32\irprops.cpl
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll
0x71f90000 0x87000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCP80.dll
0x001d0000 0x1a000 5.02.0000.0400 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x72cf0000 0xf000 8.00.50727.0762 C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ITA.DLL
0x6d260000 0xa3000 6.00.6002.18005 C:\windows\system32\bthprops.cpl
0x025c0000 0x51e000 5.02.0000.0400 C:\windows\system32\btrez.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\System32\wshBth.dll
0x01cc0000 0x21000 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
0x01d20000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
igfxsrvc.exe pid: 3500
Command line: C:\Windows\system32\igfxsrvc.exe -Embedding
Base Size Version Path
0x00400000 0x3f000 7.14.0010.1437 C:\Windows\system32\igfxsrvc.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x10000000 0x11000 7.14.0010.1437 C:\Windows\system32\igfxsrvc.dll
0x01970000 0x35000 7.14.0010.1437 C:\Windows\system32\igfxdev.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
BTStackServer.exe pid: 3864
Command line: "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
Base Size Version Path
0x00400000 0x441000 5.02.0000.0400 C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x10000000 0x12d000 5.02.0000.0400 C:\windows\system32\btins.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x72b90000 0x8000 6.00.6001.18000 C:\windows\system32\CFGMGR32.dll
0x00170000 0x3a000 5.02.0000.0400 C:\windows\system32\btosif.dll
0x6dd10000 0x10f000 8.00.50727.0762 C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
0x721a0000 0x9b000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll
0x001c0000 0x2e000 5.02.0000.0400 C:\windows\system32\BtAudioHelper.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x72cf0000 0xf000 8.00.50727.0762 C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ITA.DLL
0x6d260000 0xa3000 6.00.6002.18005 C:\windows\system32\bthprops.cpl
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\System32\wshBth.dll
0x73e90000 0x4000 6.00.6000.16386 C:\windows\system32\ksuser.dll
0x743e0000 0x28000 6.00.6002.18005 C:\windows\system32\MMDevAPI.DLL
0x74520000 0x7000 6.00.6001.18000 C:\windows\system32\AVRT.dll
0x73de0000 0x21000 6.00.6002.18005 C:\windows\system32\AUDIOSES.DLL
0x73d30000 0x66000 6.00.6001.18000 C:\windows\system32\audioeng.dll
svchost.exe pid: 1188
Command line: C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Base Size Version Path
0x00d90000 0x8000 6.00.6001.18000 C:\windows\system32\svchost.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x6c660000 0xc6000 7.00.6002.18392 c:\windows\system32\fntcache.dll
0x73160000 0x7000 6.00.6001.18000 c:\windows\system32\ktmw32.dll
HPHC_Service.exe pid: 1068
Command line: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
Base Size Version Path
0x00320000 0x1c000 3.01.0004.0001 c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
0x6c5c0000 0x4a000 4.00.31106.0000 C:\windows\system32\mscoree.dll
0x6bfd0000 0x66000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x6b150000 0x590000 2.00.50727.4206 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x721a0000 0x9b000 8.00.50727.4016 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\MSVCR80.dll
0x6a650000 0xaf8000 2.00.50727.4206 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
0x6fa70000 0x5b000 2.00.50727.4016 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x69eb0000 0x798000 2.00.50727.4205 C:\windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
0x6fa30000 0x37000 2.00.50727.4016 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll
0x6be30000 0xc1000 2.00.50727.4016 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
0x74980000 0x1c000 2.00.0000.0002 C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
0x6fb20000 0xe000 2.00.50727.4016 C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_it_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
conime.exe pid: 3744
Command line: C:\windows\system32\conime.exe
Base Size Version Path
0x004e0000 0x14000 6.00.6002.18005 C:\windows\system32\conime.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
taskeng.exe pid: 1956
Command line: taskeng.exe {21446E92-251A-4DFF-AC82-0111545C74FC}
Base Size Version Path
0x00090000 0x2c000 6.00.6002.18342 C:\windows\system32\taskeng.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74880000 0x2f000 1.02.1009.0000 C:\windows\system32\XmlLite.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x730b0000 0x9000 6.00.6000.16386 C:\Windows\system32\tschannel.dll
0x72660000 0x15000 6.00.6001.18000 C:\windows\System32\wdi.dll
0x71ed0000 0xa000 6.00.6001.18000 C:\windows\system32\pcadm.dll
0x74d20000 0x30000 6.00.6001.18000 C:\windows\system32\DUser.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
0x73fa0000 0xf4000 7.00.6002.18107 C:\windows\system32\WindowsCodecs.dll
0x73920000 0x1f000 5.02.3790.1830 C:\windows\system32\EhStorShell.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x748b0000 0x26000 6.00.6001.18000 C:\windows\system32\dssenh.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\bcrypt.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
HelpPane.exe pid: 2928
Command line: C:\windows\helppane.exe -Embedding
Base Size Version Path
0x00490000 0x7e000 6.00.6001.18000 C:\windows\helppane.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x10000000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
0x6b750000 0x1ac000 6.00.6002.18005 C:\windows\System32\apds.dll
0x71580000 0x136000 8.100.5003.0000 C:\windows\System32\msxml3.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x6ef40000 0xa95000 8.00.6001.19019 C:\Windows\system32\ieframe.dll
0x6d310000 0x5b3000 8.00.6001.19019 C:\Windows\system32\mshtml.dll
0x74810000 0x29000 3.10.0349.0000 C:\Windows\system32\msls31.dll
0x6e4d0000 0x30000 6.00.6001.18000 C:\windows\system32\MLANG.dll
0x71840000 0x34000 6.00.6001.18000 C:\windows\System32\apss.dll
0x74870000 0xb000 6.00.6002.18005 C:\windows\system32\msimtf.dll
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\sensapi.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
0x72240000 0x15b000 6.20.5002.0000 C:\windows\System32\msxml6.dll
0x755c0000 0x35000 6.00.6002.18005 C:\windows\system32\ncrypt.dll
0x75560000 0x45000 6.00.6002.18005 C:\windows\system32\BCRYPT.dll
0x75260000 0x15000 6.00.6002.18005 C:\windows\system32\GPAPI.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\system32\slc.dll
0x6ec30000 0xc000 8.00.6001.18702 C:\windows\system32\ImgUtil.dll
0x6da80000 0xe000 8.00.6001.18702 C:\Windows\system32\pngfilt.dll
0x75050000 0x5000 6.00.6000.16386 C:\windows\system32\msimg32.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\system32\PROPSYS.dll
mshta.exe pid: 2828
Command line: "C:\windows\System32\mshta.exe" res://acprgwiz.dll/compatmode.hta
Base Size Version Path
0x00030000 0xe000 8.00.6001.18702 C:\windows\System32\mshta.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x6d310000 0x5b3000 8.00.6001.19019 C:\Windows\system32\mshtml.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x74810000 0x29000 3.10.0349.0000 C:\windows\System32\msls31.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x6e4d0000 0x30000 6.00.6001.18000 C:\windows\System32\MLANG.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x74870000 0xb000 6.00.6002.18005 C:\windows\system32\msimtf.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\System32\OLEACC.DLL
0x10000000 0x35000 5.02.0000.0400 C:\windows\system32\btmmhook.dll
0x6ef40000 0xa95000 8.00.6001.19019 C:\windows\System32\ieframe.dll
0x74210000 0x21000 5.07.0000.18005 C:\windows\system32\wshom.ocx
0x72100000 0x2a000 5.07.0000.18005 C:\windows\system32\ScrRun.dll
0x72060000 0x49000 6.00.6001.18000 C:\windows\system32\CompatUI.dll
0x742e0000 0x14000 3.05.2284.0002 C:\windows\system32\ATL.DLL
0x69830000 0xd9000 6.00.6002.18005 C:\windows\system32\wer.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\SensApi.dll
0x720d0000 0x2f000 8.00.6001.19019 C:\Windows\system32\iepeers.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
0x74e90000 0x9000 6.00.6000.16386 C:\windows\System32\LINKINFO.dll
0x74410000 0xbb000 7.00.6002.18005 C:\windows\System32\PROPSYS.dll
0x74f70000 0xb000 6.00.6002.18005 C:\windows\System32\cscapi.dll
0x756f0000 0x3a000 6.00.6002.18005 C:\windows\System32\slc.dll
0x743c0000 0x15000 6.00.6001.18000 C:\windows\System32\Cabinet.dll
0x69770000 0x57000 6.00.6002.18005 C:\windows\system32\zipfldr.dll
0x73fa0000 0xf4000 7.00.6002.18107 C:\windows\System32\WindowsCodecs.dll
0x73920000 0x1f000 5.02.3790.1830 C:\windows\system32\EhStorShell.dll
0x73e90000 0x4000 6.00.6000.16386 C:\windows\System32\ksuser.dll
0x743e0000 0x28000 6.00.6002.18005 C:\windows\System32\MMDevAPI.DLL
0x74520000 0x7000 6.00.6001.18000 C:\windows\System32\AVRT.dll
0x73de0000 0x21000 6.00.6002.18005 C:\windows\System32\AUDIOSES.DLL
0x73d30000 0x66000 6.00.6001.18000 C:\windows\System32\audioeng.dll
sys36982.exe pid: 3892
Command line: "C:\Users\maurizio\Desktop\sys36982.exe\sys36982.exe"
Base Size Version Path
0x00400000 0x39000 C:\Users\maurizio\Desktop\sys36982.exe\sys36982.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x73f10000 0x85000 5.82.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
runme.exe pid: 2016
Command line: runme.exe
Base Size Version Path
0x00400000 0x5e000 3.06.0000.0007 C:\Users\maurizio\AppData\Local\Temp\nsi5CB3.tmp\runme.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
0x726a0000 0x153000 6.00.0098.0002 C:\windows\system32\MSVBVM60.DLL
0x765f0000 0xc8000 6.00.6002.18005 C:\windows\system32\MSCTF.dll
0x767f0000 0x9000 6.00.6002.18051 C:\windows\system32\LPK.DLL
0x77400000 0x7d000 1.626.6002.18244 C:\windows\system32\USP10.dll
0x72100000 0x2a000 5.07.0000.18005 C:\windows\system32\scrrun.dll
0x767c0000 0x3000 6.00.6000.16386 C:\windows\system32\Normaliz.dll
0x76180000 0x1e9000 8.00.6001.19019 C:\windows\system32\iertutil.dll
0x74b80000 0x19e000 6.10.6002.18305 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x778c0000 0x6000 6.00.6001.18000 C:\windows\system32\NSI.dll
0x74710000 0x3d000 7.00.6002.18155 C:\windows\system32\OLEACC.dll
0x755b0000 0x7000 6.00.6001.18000 C:\windows\system32\credssp.dll
0x75210000 0x46000 6.00.6002.18290 C:\windows\system32\schannel.dll
0x747f0000 0x6000 6.00.6000.16386 C:\windows\system32\sensapi.dll
0x74700000 0xf000 6.00.6001.18000 C:\windows\system32\NLAapi.dll
0x758f0000 0x2c000 6.00.6002.18005 C:\windows\system32\DNSAPI.dll
0x75640000 0x7000 6.00.6001.18000 C:\windows\system32\WINNSI.DLL
0x75610000 0x22000 6.00.6002.18005 C:\windows\system32\dhcpcsvc6.DLL
0x75470000 0x3b000 6.00.6002.18005 C:\windows\system32\mswsock.dll
0x75170000 0x5000 6.00.6001.18000 C:\windows\System32\wshtcpip.dll
0x75530000 0x5000 6.00.6001.18000 C:\windows\System32\wship6.dll
0x73250000 0xf000 6.00.6001.18000 C:\windows\system32\napinsp.dll
0x73170000 0x12000 6.00.6001.18000 C:\windows\system32\pnrpnsp.dll
0x731e0000 0xc000 6.00.6002.18005 C:\windows\system32\wshbth.dll
cmd.exe pid: 3056
Command line: cmd /c uuoywfrygn.exe > tempd.txt
Base Size Version Path
0x4a160000 0x50000 6.00.6001.18000 C:\windows\system32\cmd.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
uuoywfrygn.exe pid: 2884
Command line: uuoywfrygn.exe
Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\Users\maurizio\AppData\Local\Temp\nsi5CB3.tmp\uuoywfrygn.exe
0x64d00000 0x31000 5.01.0889.0000 C:\Program Files\Alwil Software\Avast5\snxhk.dll
===================== NTFS A