Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Molti virus? Opzioni
ruby88
Inviato: Sunday, December 05, 2010 10:35:43 PM
Rank: AiutAmico

Iscritto dal : 8/17/2010
Posts: 50
premetto che ho scarsissime conoscenze di computer.
Mi trovo in questa situazione: window 7 internet explorer 8
Ho Norton internet Security: facendo la scansione completa del sistema, noto che rallenta in corrispondenza con alcuni programmi. Ne riporto alcuni:
infostealer.snifula.b
backdoor.tidserv
backdoor.rustock.a
backdoor.rustock.b
trojan.peacom
trojan.gpcoder.e
trojan.fake av
spyware.actualism
spyware.pcacme
malaware wipe
spylocked

Sono solo alcuni: stamattina mi è apparso un messaggio in inglese che segnalava l'installazione di programmi ostili (inviato da symertec).
Alla fine della scansione, Norton non mi segnala però alcun problema.
Ho installato oggi Malwarebytes' Anti-malaware, Spybot e Ccleaner: ho effettuato con tutti e tre scansioni complete e nessuno rileva nulla di anomalo.
1) è possibile che nessuno dei 4 programmi segnali il problema alla fine della scansione?
2) è possibile che siano tutti falsi positivi?
3) cosa si può fare per eliminarli tutti?
4) che tipo di rischi si corrono se questi virus sono realmente presenti?

Scusate se le domande sono forse un pò banali, ma non so quasi niente sull'argomento.
Grazie.
Sponsor
Inviato: Sunday, December 05, 2010 10:35:43 PM

 
cbbusto
Inviato: Monday, December 06, 2010 2:53:30 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Posta un log di HJT QUI e controlliamo.
ruby88
Inviato: Monday, December 06, 2010 5:28:58 PM
Rank: AiutAmico

Iscritto dal : 8/17/2010
Posts: 50
cbbusto ha scritto:
Posta un log di HJT QUI e controlliamo.


Ho eseguito il log di HJT ma non riesco a fare il copia e incolla: se punto il mouse e premo, si evidenzia la prima riga e si spunta la casella corrispondente (in effetti nell'immagine dell'esempio nel link le caselle non ci sono, nel mio sì).
Devo aver sbagliato qualcosa, ma non saprei dire cosa.
Ho disinstallato HJT e ho ripetuto la procedura indicata, ma il risultato è lo stesso.
Che si può fare?
r16
Inviato: Monday, December 06, 2010 6:18:11 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
è possibile che siano tutti falsi positivi?

Non scherziamo.
Quelle (da come sono scritte) sono TUTTE infezioni molto gravi.

Prova questo Antivirus: (non entra in conflitto con il Norton )
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm

lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).

Poi fai anche una scansione in Modalità normale.
Posta anche i log. (li trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
ruby88
Inviato: Monday, December 06, 2010 7:38:34 PM
Rank: AiutAmico

Iscritto dal : 8/17/2010
Posts: 50
r16 ha scritto:
Commenta:
è possibile che siano tutti falsi positivi?

Non scherziamo.
Quelle (da come sono scritte) sono TUTTE infezioni molto gravi.

Prova questo Antivirus: (non entra in conflitto con il Norton )
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm

lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).

Poi fai anche una scansione in Modalità normale.
Posta anche i log. (li trovi sull'icona in alto, con raffigurato un block notes ,con una penna)



Ho scaricato VIRIT e l'ho aggiornato. Ho fatto credo la scansione normale, non so come fare quella Provvisoria.
il log:



06/12/2010 - 19:03:55

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1519.
Files Totali: 1519.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.


06/12/2010 - 19:04:55

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


[D:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


[E:]


[F:]
BOOT SECTOR: OK


[G:]
BOOT SECTOR: OK


[H:]
BOOT SECTOR: OK


[I:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 150799.
Files Totali: 150799.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

L'ho fatto con l'account amministratore.
r16
Inviato: Monday, December 06, 2010 10:42:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vedi se riesci a fare questa scansione con SYSTEM SCAN:
scaricalo sul desktop
http://www.zeusnews.it/zz_upload/PSV/sys36982.exe.zip
Aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now"
Finita la scansione verrà rilasciato (sempre sul desktop all'interno della cartella suspectfile)un report.
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB:
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così.
SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.
ruby88
Inviato: Monday, December 06, 2010 11:01:53 PM
Rank: AiutAmico

Iscritto dal : 8/17/2010
Posts: 50
r16 ha scritto:
Vedi se riesci a fare questa scansione con SYSTEM SCAN:
scaricalo sul desktop
http://www.zeusnews.it/zz_upload/PSV/sys36982.exe.zip
Aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now"
Finita la scansione verrà rilasciato (sempre sul desktop all'interno della cartella suspectfile)un report.
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB:
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così.
SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.



Credo d'aver capito le tue istruzioni eccetto un punto: antivirus disabilitato. In questo momento ho installati 6 programmi: Norton, Malawarebytes, Spybot, Ccleaner, HIJ, Virit. Vanno disabilitati tutti o solo Norton?
Per disabilitare si intende disinstallare?
Grazie
r16
Inviato: Monday, December 06, 2010 11:10:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Per disabilitare si intende disinstallare?

No: disistallare è una cosa Disabilitare è un'altra.
In ogni caso devi disabilitare il Norton. (e anche se lo disistalli, è meglio.)
ruby88
Inviato: Tuesday, December 07, 2010 1:15:20 PM
Rank: AiutAmico

Iscritto dal : 8/17/2010
Posts: 50
Credo sia questo:



SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows 7 (7600.6.1)
System directory: C:\Windows
SystemScan file: C:\Users\carlo\AppData\Local\Temp\Temp1_sys36982.exe[1].zip\sys36982.exe
Running in: User mode
Date: 07/12/2010
Time: 12:40:09

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Encrypted Files
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username

Yes | Administrator (Disabled)
Yes | carlo
| carlo2
| Guest (Disabled)

### users folders


### startup files in users folders


===================== RECENT FILES =====================
Listing files newer than 60 days

---- recent files in C:\
14/07/2009 04:20:08 -- 07/12/2010 12:22:08 (DIR) --R- 0 days old -- C:\Program Files (x86)
07/12/2010 12:21:57 -- 07/12/2010 12:21:57 (DIR) HS-- 0 days old -- C:\Config.Msi
05/12/2010 17:54:58 -- 07/12/2010 11:34:56 (DIR) HS-- 0 days old -- C:\System Volume Information
14/07/2009 04:20:08 -- 07/12/2010 03:33:46 (DIR) ---- 0 days old -- C:\Windows
14/07/2009 04:20:08 -- 07/12/2010 03:31:25 (DIR) --R- 0 days old -- C:\Program Files
14/07/2009 04:20:08 -- 07/12/2010 00:08:51 (DIR) H--- 0 days old -- C:\ProgramData
06/12/2010 18:23:47 -- 06/12/2010 22:04:45 (DIR) ---- 0 days old -- C:\VEXPLite
14/07/2009 04:18:56 -- 06/12/2010 12:43:26 (DIR) HS-- 0 days old -- C:\$Recycle.Bin
14/07/2009 04:20:08 -- 06/12/2010 12:43:21 (DIR) --R- 0 days old -- C:\Users
05/12/2010 21:52:42 -- 05/12/2010 21:52:42 (DIR) ---- 1 days old -- C:\Qoobox
22/12/2009 21:39:02 -- 05/12/2010 18:35:37 (DIR) H--- 1 days old -- C:\hp
05/12/2010 18:00:41 -- 05/12/2010 18:00:41 (DIR) HS-- 1 days old -- C:\Programmi
05/12/2010 17:54:58 -- 07/12/2010 11:34:24 -794624 HS-A 0 days old -- C:\pagefile.sys
05/12/2010 17:54:59 -- 07/12/2010 11:34:20-107433984 HS-A 0 days old -- C:\hiberfil.sys

---- recent files in C:\Users\carlo\AppData\Local\Temp\
07/12/2010 12:36:48 -- 07/12/2010 12:40:10 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\nss6AB5.tmp
07/12/2010 12:35:05 -- 07/12/2010 12:36:45 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\Temp1_sys36982.exe[1].zip
05/12/2010 18:07:20 -- 07/12/2010 12:31:56 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\Low
07/12/2010 03:30:45 -- 07/12/2010 12:22:08 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\BingBarInstallerLogs
07/12/2010 11:37:40 -- 07/12/2010 11:37:40 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\WPDNSE
05/12/2010 18:07:41 -- 07/12/2010 11:37:32 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\boost_interprocess
07/12/2010 03:37:48 -- 07/12/2010 03:37:48 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319
07/12/2010 03:36:03 -- 07/12/2010 03:36:03 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\{9B95A5E1-96FB-42B7-B62F-1B9E5D76B4E5}
07/12/2010 03:34:46 -- 07/12/2010 03:34:46 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319
07/12/2010 03:16:10 -- 07/12/2010 03:34:31 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\12070316-0000083c-uygolu9gk0
06/12/2010 22:24:31 -- 06/12/2010 22:26:40 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp\12062224-00001024-wn3ye3x10a
06/12/2010 00:04:52 -- 06/12/2010 00:04:52 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\FastPicsCron
05/12/2010 23:25:22 -- 05/12/2010 23:27:01 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\ge3828
05/12/2010 23:24:35 -- 05/12/2010 23:24:41 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\._msige60
05/12/2010 22:08:00 -- 05/12/2010 22:08:18 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\msdt
05/12/2010 21:05:21 -- 05/12/2010 21:07:23 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\is-EI2BG.tmp
05/12/2010 20:09:25 -- 05/12/2010 20:09:46 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\Windows Live Toolbar
05/12/2010 20:02:23 -- 05/12/2010 20:05:07 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Temp\lxea
07/12/2010 12:36:48 -- 07/12/2010 12:36:48 72 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\systemscan.ini
07/12/2010 12:36:48 -- 07/12/2010 12:36:48 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF82EEEE46745F16E9.TMP
07/12/2010 12:30:16 -- 07/12/2010 12:31:37 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF14D4AD95DE94A512.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DFC0B60DB558B6E589.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DFB5018E9FC6BDF25E.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF9DDF449C188554AA.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 32768 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DFE6B143858760494C.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 32768 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF2EE5590539402A58.TMP
07/12/2010 12:30:26 -- 07/12/2010 12:30:26 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DFB212AD598DCC9F49.TMP
05/12/2010 18:37:45 -- 07/12/2010 12:30:21 46193 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\StructuredQuery.log
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF2F5A849593C44E15.TMP
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF7EC952C713E87B57.TMP
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 32768 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF81AA010653D395F2.TMP
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 512 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DFE4BD8C36BFD069C0.TMP
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF5CB19374E89A8B4C.TMP
07/12/2010 12:30:19 -- 07/12/2010 12:30:19 32768 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF2DD0FCC94F9A882F.TMP
07/12/2010 12:30:16 -- 07/12/2010 12:30:16 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF95366086A4F4CFFB.TMP
07/12/2010 12:30:09 -- 07/12/2010 12:30:09 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF4276E71C5A1673E5.TMP
07/12/2010 12:30:09 -- 07/12/2010 12:30:09 16384 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF294AD72BDC44BEB1.TMP
07/12/2010 12:22:08 -- 07/12/2010 12:22:08 0 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\MSNFE3E.tmp
07/12/2010 12:22:08 -- 06/12/2010 22:25:49 469256 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\MSNFE3E.exe
07/12/2010 03:37:46 -- 07/12/2010 03:38:13 248478 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20101207_033747059.html
07/12/2010 03:37:51 -- 07/12/2010 03:38:13 2136440 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20101207_033747059-MSI_netfx_CoreLP_x64.msi.txt
07/12/2010 03:37:44 -- 07/12/2010 03:38:13 1822 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\dd_dotNetFx40LP_Client_x86_x64it_decompression_log.txt
07/12/2010 03:34:40 -- 07/12/2010 03:37:44 581842 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_20101207_033443278.html
07/12/2010 03:34:32 -- 07/12/2010 03:37:44 1832 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\dd_dotNetFx40_Client_x86_x64_decompression_log.txt
07/12/2010 03:34:55 -- 07/12/2010 03:37:41 660 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\dd_SetupUtility.txt
07/12/2010 03:34:58 -- 07/12/2010 03:37:41 7229146 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_20101207_033443278-MSI_netfx_Core_x64.msi.txt
07/12/2010 03:34:22 -- 07/12/2010 03:34:22 63 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\wlsAE0A.tmp
07/12/2010 03:34:22 -- 07/12/2010 03:34:22 97116 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\wlsAF33.tmp
07/12/2010 03:31:40 -- 07/12/2010 03:31:41 278528 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\~DF8683E6E231B6B73D.TMP
07/12/2010 03:30:45 -- 07/12/2010 03:30:45 3356 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\TFR5EF3.tmp
07/12/2010 03:30:13 -- 07/12/2010 03:30:37 1530616 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\SilverlightMSI.log
07/12/2010 03:30:13 -- 07/12/2010 03:30:37 1896 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Silverlight0.log
05/12/2010 18:07:30 -- 07/12/2010 03:06:31 1869 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\wmsetup.log
06/12/2010 22:17:10 -- 06/12/2010 22:17:22 12574 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\dd_ATL80SP1_KB973923UI5BB1.txt
06/12/2010 22:17:10 -- 06/12/2010 22:17:21 656222 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\dd_ATL80SP1_KB973923MSI5BB1.txt
06/12/2010 21:10:52 -- 06/12/2010 21:10:52 0 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\BROWSER_CLML_AGENT_LOG1.txt
06/12/2010 15:56:29 -- 06/12/2010 15:56:29 0 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\FXSTIFFDebugLogFile.txt
05/12/2010 18:07:22 -- 06/12/2010 12:41:27 49208 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\carlo.bmp
06/12/2010 12:39:53 -- 06/12/2010 12:41:27 49208 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\Guest.bmp
06/12/2010 12:41:27 -- 06/12/2010 12:41:27 31832 ---A 0 days old -- C:\Users\carlo\AppData\Local\Temp\carlo2.bmp
05/12/2010 23:25:19 -- 05/12/2010 23:25:19 0 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\geIconCacheLock
05/12/2010 23:25:19 -- 05/12/2010 23:25:19 0 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\geColladaModelCacheLock
05/12/2010 23:25:02 -- 05/12/2010 23:25:12 318 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\chrome_installer.log
05/12/2010 23:24:43 -- 05/12/2010 23:24:43 0 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\isB272.tmp
05/12/2010 22:08:00 -- 05/12/2010 22:08:00 0 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\PCW75BF.tmp
05/12/2010 22:08:00 -- 05/12/2010 22:08:00 850 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\PCW75BF.xml
05/12/2010 20:02:21 -- 05/12/2010 20:09:29 19064 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\S300-S400 Series_app.log
05/12/2010 20:06:09 -- 05/12/2010 20:06:09 34326 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\lexmarktoolbar.pull.default
05/12/2010 20:04:25 -- 05/12/2010 20:04:48 5716 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\AbbyyMsiLog.txt
05/12/2010 20:03:07 -- 05/12/2010 20:03:07 171 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\install.isf
05/12/2010 20:02:32 -- 05/12/2010 20:02:39 725 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\LxProxy.log
05/12/2010 18:45:53 -- 05/12/2010 18:48:43 7974 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\SYMEVENT.LOG
05/12/2010 18:36:31 -- 05/12/2010 18:36:35 15408 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\vmrolling.log
05/12/2010 18:36:30 -- 05/12/2010 18:36:30 8 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\atishoukati.txt
05/12/2010 18:30:58 -- 05/12/2010 18:32:01 495774 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\MSIf5e93.LOG
05/12/2010 18:07:49 -- 05/12/2010 18:07:49 0 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\FXSAPIDebugLogFile.txt
05/12/2010 18:01:11 -- 05/12/2010 18:01:15 27 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\MainFrame.Log.txt
05/12/2010 18:01:13 -- 05/12/2010 18:01:13 54868 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\sym_eula.html
05/12/2010 18:01:13 -- 05/12/2010 18:01:13 6413 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\prodkey.htm
05/12/2010 18:01:13 -- 05/12/2010 18:01:13 366 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\sym_info.xml
05/12/2010 18:01:01 -- 05/12/2010 18:01:01 509 ---A 1 days old -- C:\Users\carlo\AppData\Local\Temp\CPCRDMI.ini

---- recent files in C:\Windows\
14/07/2009 04:20:14 -- 07/12/2010 12:27:24 (DIR) ---- 0 days old -- C:\Windows\winsxs
22/12/2009 12:52:08 -- 07/12/2010 12:21:59 (DIR) HS-- 0 days old -- C:\Windows\Installer
14/07/2009 04:20:10 -- 07/12/2010 11:39:32 (DIR) ---- 0 days old -- C:\Windows\inf
14/07/2009 04:20:10 -- 07/12/2010 11:39:32 (DIR) ---- 0 days old -- C:\Windows\System32
14/07/2009 04:20:14 -- 07/12/2010 11:37:27 (DIR) ---- 0 days old -- C:\Windows\Temp
14/07/2009 04:20:08 -- 07/12/2010 03:38:12 (DIR) -SR- 0 days old -- C:\Windows\assembly
14/07/2009 04:20:10 -- 07/12/2010 03:35:30 (DIR) ---- 0 days old -- C:\Windows\Microsoft.NET
14/07/2009 04:20:14 -- 07/12/2010 03:35:14 (DIR) ---- 0 days old -- C:\Windows\SysWOW64
07/12/2010 03:33:46 -- 07/12/2010 03:33:46 (DIR) ---- 0 days old -- C:\Windows\it
14/07/2009 04:20:10 -- 07/12/2010 03:30:38 (DIR) ---- 0 days old -- C:\Windows\Logs
05/12/2010 18:00:37 -- 07/12/2010 03:30:00 (DIR) ---- 0 days old -- C:\Windows\SoftwareDistribution
14/07/2009 08:45:02 -- 07/12/2010 03:03:01 (DIR) ---- 0 days old -- C:\Windows\ehome
14/07/2009 04:20:08 -- 07/12/2010 03:02:58 (DIR) ---- 0 days old -- C:\Windows\AppPatch
14/07/2009 05:45:54 -- 06/12/2010 22:18:56 (DIR) ---- 0 days old -- C:\Windows\debug
22/12/2009 12:46:18 -- 06/12/2010 21:16:43 (DIR) ---- 0 days old -- C:\Windows\Prefetch
14/07/2009 04:20:14 -- 06/12/2010 18:30:18 (DIR) ---- 0 days old -- C:\Windows\Tasks
14/07/2009 06:32:38 -- 05/12/2010 19:59:11 (DIR) ---- 1 days old -- C:\Windows\twain_32
05/12/2010 18:32:16 -- 05/12/2010 18:32:16 (DIR) ---- 1 days old -- C:\Windows\Roaming
14/07/2009 04:20:09 -- 05/12/2010 18:03:15 (DIR) -SR- 1 days old -- C:\Windows\Fonts
22/12/2009 21:39:01 -- 05/12/2010 18:00:43 (DIR) ---- 1 days old -- C:\Windows\Panther
14/07/2009 04:20:10 -- 05/12/2010 17:59:56 (DIR) ---- 1 days old -- C:\Windows\rescache
05/12/2010 18:00:37 -- 07/12/2010 11:38:08 1199507 ---A 0 days old -- C:\Windows\WindowsUpdate.log
06/12/2010 00:03:03 -- 07/12/2010 11:34:37 448 ---A 0 days old -- C:\Windows\setupact.log
14/07/2009 06:38:36 -- 07/12/2010 11:34:28 67584 -S-A 0 days old -- C:\Windows\bootstat.dat
07/12/2010 03:30:40 -- 07/12/2010 03:30:40 360 ---A 0 days old -- C:\Windows\DirectX.log
06/12/2010 21:26:36 -- 07/12/2010 03:12:24 288658 ---A 0 days old -- C:\Windows\msxml4-KB973688-enu.LOG
06/12/2010 21:24:24 -- 07/12/2010 03:12:16 289712 ---A 0 days old -- C:\Windows\msxml4-KB954430-enu.LOG
06/12/2010 18:24:56 -- 06/12/2010 22:04:47 5688 ---A 0 days old -- C:\Windows\PFRO.log
06/12/2010 18:40:36 -- 06/12/2010 19:21:23 55040 ---A 0 days old -- C:\Windows\listcmd.bin
06/12/2010 11:58:36 -- 31/10/2009 07:34:59 2870272 ---A 1 days old -- C:\Windows\explorer.exe
06/12/2010 00:03:03 -- 06/12/2010 00:03:03 0 ---A 1 days old -- C:\Windows\setuperr.log

---- recent files in C:\Windows\system\

---- recent files in C:\Windows\system32\
14/07/2009 04:20:14 -- 07/12/2010 03:37:55 (DIR) ---- 0 days old -- C:\Windows\system32\it-IT
14/07/2009 04:20:14 -- 07/12/2010 03:35:13 (DIR) ---- 0 days old -- C:\Windows\system32\en-US
07/12/2010 03:15:52 -- 07/12/2010 03:15:52 (DIR) ---- 0 days old -- C:\Windows\system32\Wat
14/07/2009 04:20:14 -- 07/12/2010 03:02:49 (DIR) ---- 0 days old -- C:\Windows\system32\migration
14/07/2009 04:20:14 -- 06/12/2010 18:33:18 (DIR) ---- 0 days old -- C:\Windows\system32\drivers
07/12/2010 03:30:43 -- 04/09/2009 17:44:40 69464 ---A 0 days old -- C:\Windows\system32\XAPOFX1_3.dll
07/12/2010 03:30:43 -- 04/09/2009 17:29:34 453456 ---A 0 days old -- C:\Windows\system32\d3dx10_42.dll
07/12/2010 03:30:43 -- 04/09/2009 17:44:40 515416 ---A 0 days old -- C:\Windows\system32\XAudio2_5.dll
06/12/2010 22:23:59 -- 23/05/2010 11:11:50 196608 ---A 0 days old -- C:\Windows\system32\mfreadwrite.dll
06/12/2010 22:23:59 -- 23/05/2010 11:11:48 3181568 ---A 0 days old -- C:\Windows\system32\mf.dll
06/12/2010 22:23:59 -- 23/05/2010 11:15:36 1619456 ---A 0 days old -- C:\Windows\system32\WMVDECOD.DLL
06/12/2010 21:22:35 -- 25/11/2009 12:47:34 49472 ---A 0 days old -- C:\Windows\system32\netfxperf.dll
06/12/2010 21:22:35 -- 25/11/2009 12:47:34 99176 ---A 0 days old -- C:\Windows\system32\PresentationHostProxy.dll
06/12/2010 21:22:35 -- 25/11/2009 12:47:34 295264 ---A 0 days old -- C:\Windows\system32\PresentationHost.exe
06/12/2010 21:22:35 -- 25/11/2009 12:47:34 1130824 ---A 0 days old -- C:\Windows\system32\dfshim.dll
06/12/2010 21:22:35 -- 25/11/2009 12:47:34 297808 ---A 0 days old -- C:\Windows\system32\mscoree.dll
06/12/2010 11:59:09 -- 05/03/2010 08:42:42 67584 ---A 1 days old -- C:\Windows\system32\asycfilt.dll
06/12/2010 11:59:07 -- 24/03/2010 07:37:04 1289528 ---A 1 days old -- C:\Windows\system32\ntdll.dll
06/12/2010 11:59:06 -- 08/03/2010 22:33:56 427520 ---A 1 days old -- C:\Windows\system32\vbscript.dll
06/12/2010 11:59:05 -- 26/08/2010 05:39:58 109056 ---A 1 days old -- C:\Windows\system32\t2embed.dll
06/12/2010 11:59:03 -- 29/06/2010 06:02:02 1413632 ---A 1 days old -- C:\Windows\system32\ole32.dll
06/12/2010 11:59:01 -- 05/05/2010 07:46:55 363520 ---A 1 days old -- C:\Windows\system32\StructuredQuery.dll
06/12/2010 11:58:52 -- 19/01/2010 00:29:31 85504 ---A 1 days old -- C:\Windows\system32\secproc_ssp_isv.dll
06/12/2010 11:58:52 -- 19/01/2010 00:29:31 365568 ---A 1 days old -- C:\Windows\system32\secproc_isv.dll
06/12/2010 11:58:52 -- 19/01/2010 00:28:30 320512 ---A 1 days old -- C:\Windows\system32\RMActivate.exe
06/12/2010 11:58:52 -- 19/01/2010 00:29:30 369152 ---A 1 days old -- C:\Windows\system32\secproc.dll
06/12/2010 11:58:52 -- 19/01/2010 00:28:33 324608 ---A 1 days old -- C:\Windows\system32\RMActivate_isv.exe
06/12/2010 11:58:51 -- 19/01/2010 00:28:30 280064 ---A 1 days old -- C:\Windows\system32\RMActivate_ssp.exe
06/12/2010 11:58:51 -- 19/01/2010 00:28:33 277504 ---A 1 days old -- C:\Windows\system32\RMActivate_ssp_isv.exe
06/12/2010 11:58:51 -- 19/01/2010 00:29:31 85504 ---A 1 days old -- C:\Windows\system32\secproc_ssp.dll
06/12/2010 11:58:49 -- 27/07/2010 15:03:24 12867584 ---A 1 days old -- C:\Windows\system32\shell32.dll
06/12/2010 11:58:47 -- 04/03/2010 08:33:23 740864 ---A 1 days old -- C:\Windows\system32\inetcomm.dll
06/12/2010 11:58:46 -- 04/08/2010 07:15:03 204288 ---A 1 days old -- C:\Windows\system32\MSNP.ax
06/12/2010 11:58:46 -- 13/12/2009 10:30:50 465408 ---A 1 days old -- C:\Windows\system32\psisdecd.dll
06/12/2010 11:58:46 -- 04/08/2010 07:15:03 199680 ---A 1 days old -- C:\Windows\system32\mpg2splt.ax
06/12/2010 11:58:46 -- 04/08/2010 07:18:45 641536 ---A 1 days old -- C:\Windows\system32\CPFilters.dll
06/12/2010 11:58:43 -- 19/06/2010 07:33:29 3899784 ---A 1 days old -- C:\Windows\system32\ntoskrnl.exe
06/12/2010 11:58:43 -- 19/06/2010 07:33:29 3955080 ---A 1 days old -- C:\Windows\system32\ntkrnlpa.exe
06/12/2010 11:58:38 -- 21/08/2010 06:36:24 224256 ---A 1 days old -- C:\Windows\system32\schannel.dll
06/12/2010 11:58:37 -- 07/04/2010 08:10:36 571904 ---A 1 days old -- C:\Windows\system32\oleaut32.dll
06/12/2010 11:58:37 -- 21/08/2010 06:33:24 530432 ---A 1 days old -- C:\Windows\system32\comctl32.dll
06/12/2010 11:58:35 -- 31/10/2009 06:45:39 2614272 ---A 1 days old -- C:\Windows\system32\explorer.exe
06/12/2010 11:58:34 -- 22/12/2009 09:22:10 5120 ---A 1 days old -- C:\Windows\system32\wow32.dll
06/12/2010 11:58:34 -- 22/12/2009 09:24:35 14336 ---A 1 days old -- C:\Windows\system32\ntvdm64.dll
06/12/2010 11:58:34 -- 22/12/2009 05:28:10 7680 ---A 1 days old -- C:\Windows\system32\instnm.exe
06/12/2010 11:58:34 -- 22/12/2009 09:23:35 25600 ---A 1 days old -- C:\Windows\system32\setup16.exe
06/12/2010 11:58:34 -- 22/12/2009 05:28:08 2048 ---A 1 days old -- C:\Windows\system32\user.exe
06/12/2010 11:58:33 -- 19/06/2010 07:23:50 37376 ---A 1 days old -- C:\Windows\system32\rtutils.dll
06/12/2010 11:58:07 -- 19/06/2010 07:15:54 2048 ---A 1 days old -- C:\Windows\system32\tzres.dll
06/12/2010 11:58:00 -- 29/07/2010 07:30:34 82944 ---A 1 days old -- C:\Windows\system32\iccvid.dll
06/12/2010 11:57:53 -- 21/08/2010 06:36:33 738816 ---A 1 days old -- C:\Windows\system32\wmpmde.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:45 13312 ---A 1 days old -- C:\Windows\system32\msrle32.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:01 91648 ---A 1 days old -- C:\Windows\system32\avifil32.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:39 50176 ---A 1 days old -- C:\Windows\system32\iyuv_32.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:46 22016 ---A 1 days old -- C:\Windows\system32\msyuv.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:45 31744 ---A 1 days old -- C:\Windows\system32\msvidc32.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:52 12288 ---A 1 days old -- C:\Windows\system32\tsbyuv.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:48 1328640 ---A 1 days old -- C:\Windows\system32\quartz.dll
06/12/2010 11:57:52 -- 19/12/2009 10:02:40 84480 ---A 1 days old -- C:\Windows\system32\mciavi32.dll
06/12/2010 11:57:46 -- 08/06/2010 07:02:06 1233920 ---A 1 days old -- C:\Windows\system32\msxml3.dll
06/12/2010 11:57:43 -- 11/12/2009 08:39:06 22016 ---A 1 days old -- C:\Windows\system32\secur32.dll
06/12/2010 11:57:43 -- 11/12/2009 08:36:33 96768 ---A 1 days old -- C:\Windows\system32\sspicli.dll
06/12/2010 11:57:42 -- 31/08/2010 05:32:30 954752 ---A 1 days old -- C:\Windows\system32\mfc40.dll
06/12/2010 11:57:42 -- 31/08/2010 05:32:30 954288 ---A 1 days old -- C:\Windows\system32\mfc40u.dll
06/12/2010 11:57:40 -- 02/12/2009 09:17:14 716800 ---A 1 days old -- C:\Windows\system32\jscript.dll
06/12/2010 11:57:39 -- 27/05/2010 08:24:13 34304 ---A 1 days old -- C:\Windows\system32\atmlib.dll
06/12/2010 11:57:39 -- 27/05/2010 04:49:37 293888 ---A 1 days old -- C:\Windows\system32\atmfd.dll
06/12/2010 11:57:39 -- 19/10/2009 15:10:06 70656 ---A 1 days old -- C:\Windows\system32\fontsub.dll
06/12/2010 11:57:37 -- 08/09/2010 05:28:44 5977600 ---A 1 days old -- C:\Windows\system32\mshtml.dll
06/12/2010 11:57:36 -- 08/09/2010 05:28:01 10988544 ---A 1 days old -- C:\Windows\system32\ieframe.dll
06/12/2010 11:57:36 -- 08/09/2010 05:28:01 2058752 ---A 1 days old -- C:\Windows\system32\iertutil.dll
06/12/2010 11:57:35 -- 08/09/2010 05:27:56 381440 ---A 1 days old -- C:\Windows\system32\iedkcs32.dll
06/12/2010 11:57:35 -- 08/09/2010 05:28:01 185856 ---A 1 days old -- C:\Windows\system32\iepeers.dll
06/12/2010 11:57:35 -- 08/09/2010 05:30:04 978432 ---A 1 days old -- C:\Windows\system32\wininet.dll
06/12/2010 11:57:35 -- 08/09/2010 05:30:01 1226752 ---A 1 days old -- C:\Windows\system32\urlmon.dll
06/12/2010 11:57:35 -- 08/09/2010 04:22:31 386048 ---A 1 days old -- C:\Windows\system32\html.iec
06/12/2010 11:57:35 -- 08/09/2010 05:28:01 176640 ---A 1 days old -- C:\Windows\system32\ieui.dll
06/12/2010 11:57:35 -- 08/09/2010 05:28:42 64512 ---A 1 days old -- C:\Windows\system32\msfeedsbs.dll
06/12/2010 11:57:35 -- 08/09/2010 05:25:58 12800 ---A 1 days old -- C:\Windows\system32\msfeedssync.exe
06/12/2010 11:57:35 -- 08/09/2010 05:28:15 44544 ---A 1 days old -- C:\Windows\system32\licmgr10.dll
06/12/2010 11:57:35 -- 08/09/2010 05:28:42 599040 ---A 1 days old -- C:\Windows\system32\msfeeds.dll
06/12/2010 11:57:35 -- 08/09/2010 05:28:53 606208 ---A 1 days old -- C:\Windows\system32\mstime.dll
06/12/2010 11:57:35 -- 08/09/2010 03:48:16 1638912 ---A 1 days old -- C:\Windows\system32\mshtml.tlb
06/12/2010 11:57:35 -- 08/09/2010 05:28:11 48128 ---A 1 days old -- C:\Windows\system32\jsproxy.dll
06/12/2010 11:57:35 -- 08/09/2010 05:28:44 67072 ---A 1 days old -- C:\Windows\system32\mshtmled.dll
06/12/2010 11:57:32 -- 01/09/2010 05:29:28 11406848 ---A 1 days old -- C:\Windows\system32\wmp.dll
06/12/2010 11:57:32 -- 01/09/2010 05:23:49 12625408 ---A 1 days old -- C:\Windows\system32\wmploc.DLL
06/12/2010 11:57:30 -- 27/08/2010 06:46:48 9728 ---A 1 days old -- C:\Windows\system32\sscore.dll
05/12/2010 23:31:10 -- 09/01/2010 07:52:59 132608 ---A 1 days old -- C:\Windows\system32\cabview.dll
05/12/2010 23:31:10 -- 29/12/2009 07:55:34 172032 ---A 1 days old -- C:\Windows\system32\wintrust.dll
05/12/2010 20:03:29 -- 08/06/2009 01:42:05 110592 ---A 1 days old -- C:\Windows\system32\lxeainsr.dll
05/12/2010 20:03:29 -- 08/06/2009 01:41:42 57344 ---A 1 days old -- C:\Windows\system32\lxeajswr.dll
05/12/2010 20:03:29 -- 08/06/2009 01:42:02 36864 ---A 1 days old -- C:\Windows\system32\lxeacur.dll
05/12/2010 20:03:29 -- 01/07/2009 09:34:58 344064 ---A 1 days old -- C:\Windows\system32\lxeacomx.dll
05/12/2010 20:03:29 -- 14/05/2009 15:15:36 364544 ---A 1 days old -- C:\Windows\system32\lxeainpa.dll
05/12/2010 20:03:29 -- 14/05/2009 15:15:46 344064 ---A 1 days old -- C:\Windows\system32\lxeaiesc.dll
05/12/2010 20:03:29 -- 07/12/2006 04:28:00 126976 ---A 1 days old -- C:\Windows\system32\lxealnks.dll
05/12/2010 20:03:29 -- 14/05/2009 15:14:35 385024 ---A 1 days old -- C:\Windows\system32\LXEAinst.dll
05/12/2010 20:03:28 -- 29/07/2009 15:47:33 328360 ---A 1 days old -- C:\Windows\system32\lxeaih.exe
05/12/2010 20:03:28 -- 22/05/2009 07:58:07 253952 ---A 1 days old -- C:\Windows\system32\lxeacu.dll
05/12/2010 20:03:28 -- 22/05/2009 07:58:40 90112 ---A 1 days old -- C:\Windows\system32\lxeacub.dll
05/12/2010 20:03:28 -- 14/05/2009 15:22:01 1056768 ---A 1 days old -- C:\Windows\system32\lxeaserv.dll
05/12/2010 20:03:28 -- 14/05/2009 15:18:52 851968 ---A 1 days old -- C:\Windows\system32\lxeausb1.dll
05/12/2010 20:03:28 -- 14/05/2009 15:27:11 651264 ---A 1 days old -- C:\Windows\system32\lxeapmui.dll
05/12/2010 20:03:28 -- 14/05/2009 15:16:18 581632 ---A 1 days old -- C:\Windows\system32\lxealmpm.dll
05/12/2010 20:03:28 -- 22/05/2009 07:57:47 323584 ---A 1 days old -- C:\Windows\system32\lxeains.dll
05/12/2010 20:03:28 -- 22/05/2009 07:58:44 262144 ---A 1 days old -- C:\Windows\system32\lxeainsb.dll
05/12/2010 20:03:27 -- 29/07/2009 15:47:32 602792 ---A 1 days old -- C:\Windows\system32\lxeacoms.exe
05/12/2010 20:03:27 -- 29/07/2009 15:25:34 2055 ---A 1 days old -- C:\Windows\system32\lxea.loc
05/12/2010 20:03:27 -- 14/05/2009 15:16:44 376832 ---A 1 days old -- C:\Windows\system32\lxeacomm.dll
05/12/2010 20:03:27 -- 14/05/2009 15:15:34 802816 ---A 1 days old -- C:\Windows\system32\lxeacomc.dll
05/12/2010 20:03:27 -- 26/05/2009 21:18:48 86124 ---A 1 days old -- C:\Windows\system32\LXEAcfg.dll
05/12/2010 20:03:27 -- 14/05/2009 15:19:50 688128 ---A 1 days old -- C:\Windows\system32\lxeahbn3.dll
05/12/2010 20:03:27 -- 29/07/2009 15:47:30 369320 ---A 1 days old -- C:\Windows\system32\lxeacfg.exe
22/12/2009 13:25:06 -- 05/12/2010 18:35:14 588472 ---A 1 days old -- C:\Windows\system32\ezsvc7x.dll
14/07/2009 06:01:34 -- 05/12/2010 18:00:20 50139 ---A 1 days old -- C:\Windows\system32\license.rtf

---- recent files in C:\Windows\system32\drivers\
06/12/2010 18:33:18 -- 06/12/2010 18:33:12 54520 ---A 0 days old -- C:\Windows\system32\drivers\viragtlt.sys
05/12/2010 19:23:40 -- 29/11/2010 17:42:18 38224 ---A 1 days old -- C:\Windows\system32\drivers\mbamswissarmy.sys
05/12/2010 18:00:57 -- 05/12/2010 18:00:59 1798 HSRA 1 days old -- C:\Windows\system32\drivers\103C_HP_CPC_WC941AA-ABZ p6307it_YC_0Pavi_QCZH953_EA1CEv6PrA1_49_IEVANS_SPEGATRON CORPORATION_V1.02_B5.05_T091009_WUH0_L410_M4096_J640_7Intel_8Pentium Dual-Core E5300_92.6_#100605_N10EC8136_Z_G1002954F.MRK

---- recent files in C:\Windows\temp\
05/12/2010 20:14:33 -- 05/12/2010 20:14:34 (DIR) HS-- 1 days old -- C:\Windows\temp\History
05/12/2010 20:14:33 -- 05/12/2010 20:14:33 (DIR) HS-- 1 days old -- C:\Windows\temp\Temporary Internet Files
05/12/2010 20:14:33 -- 05/12/2010 20:14:33 (DIR) HS-- 1 days old -- C:\Windows\temp\Cookies
07/12/2010 03:16:00 -- 07/12/2010 03:16:03 327680 ---A 0 days old -- C:\Windows\temp\TS_DE1E.tmp
07/12/2010 03:11:55 -- 07/12/2010 03:12:00 11668 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923UI3D49.txt
07/12/2010 03:11:57 -- 07/12/2010 03:12:00 524830 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923MSI3D49.txt
07/12/2010 03:11:35 -- 07/12/2010 03:11:54 11620 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923UI3D07.txt
07/12/2010 03:11:36 -- 07/12/2010 03:11:54 539382 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923MSI3D07.txt
07/12/2010 02:55:42 -- 07/12/2010 02:58:46 13926 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923UI30DF.txt
07/12/2010 02:55:45 -- 07/12/2010 02:58:45 654250 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923MSI30DF.txt
06/12/2010 22:05:18 -- 13/05/2010 03:40:07 786800 --RA 0 days old -- C:\Windows\temp\coFB46F.tmp
06/12/2010 21:17:21 -- 06/12/2010 21:17:33 32006 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923UI2DE9.txt
06/12/2010 21:17:25 -- 06/12/2010 21:17:32 654808 ---A 0 days old -- C:\Windows\temp\dd_ATL80SP1_KB973923MSI2DE9.txt
06/12/2010 18:25:42 -- 26/03/2010 00:29:43 786800 --RA 0 days old -- C:\Windows\temp\coFE4E1.tmp
06/12/2010 11:58:30 -- 21/09/2010 00:43:57 831076 ---A 1 days old -- C:\Windows\temp\patch.js
05/12/2010 17:57:18 -- 05/12/2010 17:57:18 509 ---A 1 days old -- C:\Windows\temp\CPCRDMI.ini

---- recent files in C:\Program Files (x86)\
07/12/2010 03:35:10 -- 07/12/2010 03:35:10 (DIR) ---- 0 days old -- C:\Program Files (x86)\Microsoft.NET
22/12/2009 13:25:29 -- 07/12/2010 03:33:51 (DIR) ---- 0 days old -- C:\Program Files (x86)\Windows Live
07/12/2010 03:30:18 -- 07/12/2010 03:30:18 (DIR) ---- 0 days old -- C:\Program Files (x86)\Microsoft Silverlight
07/12/2010 03:12:04 -- 07/12/2010 03:12:04 (DIR) ---- 0 days old -- C:\Program Files (x86)\MSXML 4.0
14/07/2009 04:20:08 -- 07/12/2010 03:03:03 (DIR) ---- 0 days old -- C:\Program Files (x86)\Internet Explorer
14/07/2009 04:20:08 -- 07/12/2010 03:03:01 (DIR) ---- 0 days old -- C:\Program Files (x86)\Windows Mail
14/07/2009 06:32:38 -- 07/12/2010 03:02:49 (DIR) ---- 0 days old -- C:\Program Files (x86)\Windows Media Player
05/12/2010 18:03:13 -- 06/12/2010 21:29:28 (DIR) ---- 0 days old -- C:\Program Files (x86)\Microsoft Works
06/12/2010 16:51:23 -- 06/12/2010 16:51:23 (DIR) ---- 0 days old -- C:\Program Files (x86)\Trend Micro
05/12/2010 23:23:35 -- 05/12/2010 23:25:06 (DIR) ---- 1 days old -- C:\Program Files (x86)\Google
05/12/2010 21:07:07 -- 05/12/2010 22:04:58 (DIR) ---- 1 days old -- C:\Program Files (x86)\Spybot - Search & Destroy
05/12/2010 20:04:31 -- 05/12/2010 20:04:49 (DIR) ---- 1 days old -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
05/12/2010 20:03:14 -- 05/12/2010 20:04:20 (DIR) ---- 1 days old -- C:\Program Files (x86)\Lexmark S300-S400 Series
05/12/2010 20:03:42 -- 05/12/2010 20:03:42 (DIR) ---- 1 days old -- C:\Program Files (x86)\Lexmark Toolbar
05/12/2010 19:23:37 -- 05/12/2010 19:23:42 (DIR) ---- 1 days old -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
14/07/2009 04:20:08 -- 05/12/2010 18:49:56 (DIR) ---- 1 days old -- C:\Program Files (x86)\Common Files
22/12/2009 13:31:50 -- 05/12/2010 18:48:50 (DIR) ---- 1 days old -- C:\Program Files (x86)\NortonInstaller
05/12/2010 18:47:34 -- 05/12/2010 18:47:42 (DIR) ---- 1 days old -- C:\Program Files (x86)\Norton Internet Security
05/12/2010 18:32:15 -- 05/12/2010 18:32:24 (DIR) ---- 1 days old -- C:\Program Files (x86)\Alice ti aiuta
05/12/2010 18:31:46 -- 05/12/2010 18:31:57 (DIR) ---- 1 days old -- C:\Program Files (x86)\Alice Messenger
22/12/2009 12:58:36 -- 05/12/2010 18:30:32 (DIR) H--- 1 days old -- C:\Program Files (x86)\InstallShield Installation Information
05/12/2010 18:30:09 -- 05/12/2010 18:30:09 (DIR) ---- 1 days old -- C:\Program Files (x86)\Telecom Italia
05/12/2010 18:03:39 -- 05/12/2010 18:03:39 (DIR) ---- 1 days old -- C:\Program Files (x86)\Microsoft Office
14/07/2009 06:32:38 -- 05/12/2010 18:01:04 (DIR) ---- 1 days old -- C:\Program Files (x86)\Windows Sidebar
22/12/2009 13:21:46 -- 05/12/2010 18:01:04 (DIR) --R- 1 days old -- C:\Program Files (x86)\Online Services

---- recent files in C:\Program Files (x86)\Common Files\
14/07/2009 04:20:08 -- 07/12/2010 03:31:18 (DIR) ---- 0 days old -- C:\Program Files (x86)\Common Files\microsoft shared
05/12/2010 18:49:56 -- 05/12/2010 18:49:56 (DIR) ---- 1 days old -- C:\Program Files (x86)\Common Files\Symantec Shared
05/12/2010 18:32:16 -- 05/12/2010 18:32:24 (DIR) ---- 1 days old -- C:\Program Files (x86)\Common Files\AliceRV
05/12/2010 18:32:15 -- 05/12/2010 18:32:17 (DIR) ---- 1 days old -- C:\Program Files (x86)\Common Files\Motive
22/12/2009 12:58:34 -- 05/12/2010 18:30:07 (DIR) ---- 1 days old -- C:\Program Files (x86)\Common Files\InstallShield

---- recent files in C:\Users\carlo\AppData\Roaming\
07/12/2010 03:39:51 -- 07/12/2010 03:39:51 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Roaming\Windows Live Writer
05/12/2010 18:00:47 -- 07/12/2010 03:34:21 (DIR) -S-- 0 days old -- C:\Users\carlo\AppData\Roaming\Microsoft
06/12/2010 21:10:52 -- 06/12/2010 21:10:52 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Roaming\CyberLink
06/12/2010 15:56:29 -- 06/12/2010 15:56:29 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Roaming\Template
05/12/2010 19:23:54 -- 05/12/2010 19:23:54 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Malwarebytes
05/12/2010 18:36:33 -- 05/12/2010 18:36:33 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Macromedia
05/12/2010 18:36:28 -- 05/12/2010 18:36:28 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Adobe
05/12/2010 18:08:41 -- 05/12/2010 18:08:41 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\ATI
05/12/2010 18:01:11 -- 05/12/2010 18:07:41 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Hewlett-Packard
05/12/2010 18:07:24 -- 05/12/2010 18:07:24 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Identities
05/12/2010 18:00:47 -- 14/07/2009 08:44:38 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Roaming\Media Center Programs
05/12/2010 23:19:16 -- 05/12/2010 23:19:16 0 ---A 1 days old -- C:\Users\carlo\AppData\Roaming\wklnhst.dat

---- recent files in C:\Users\carlo\AppData\Local\
05/12/2010 18:00:47 -- 07/12/2010 12:36:48 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Temp
05/12/2010 18:00:47 -- 07/12/2010 12:21:51 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Microsoft
07/12/2010 03:39:51 -- 07/12/2010 03:39:59 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Windows Live Writer
06/12/2010 22:24:38 -- 07/12/2010 03:39:36 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\Windows Live
06/12/2010 21:10:52 -- 06/12/2010 21:10:52 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\CyberLink
06/12/2010 21:10:51 -- 06/12/2010 21:10:51 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\PowerCinema
06/12/2010 18:22:32 -- 06/12/2010 18:22:32 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\PackageAware
05/12/2010 18:07:21 -- 06/12/2010 15:13:49 (DIR) ---- 0 days old -- C:\Users\carlo\AppData\Local\VirtualStore
05/12/2010 23:23:29 -- 05/12/2010 23:27:10 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Google
05/12/2010 23:16:51 -- 05/12/2010 23:19:28 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Microsoft Games
05/12/2010 22:08:18 -- 05/12/2010 22:08:18 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Diagnostics
05/12/2010 18:08:41 -- 05/12/2010 18:08:41 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\ATI
05/12/2010 18:01:31 -- 05/12/2010 18:07:40 (DIR) ---- 1 days old -- C:\Users\carlo\AppData\Local\Hewlett-Packard
05/12/2010 18:00:47 -- 05/12/2010 18:00:47 (DIR) HS-- 1 days old -- C:\Users\carlo\AppData\Local\Dati applicazioni
05/12/2010 18:00:47 -- 05/12/2010 18:00:47 (DIR) HS-- 1 days old -- C:\Users\carlo\AppData\Local\Temporary Internet Files
05/12/2010 18:00:47 -- 05/12/2010 18:00:47 (DIR) HS-- 1 days old -- C:\Users\carlo\AppData\Local\Cronologia
05/12/2010 18:33:08 -- 07/12/2010 03:41:18 1746280 H--A 0 days old -- C:\Users\carlo\AppData\Local\IconCache.db
05/12/2010 18:06:22 -- 05/12/2010 18:06:22 79864 ---A 1 days old -- C:\Users\carlo\AppData\Local\GDIPFONTCACHEV1.DAT

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"HP Remote Solution"=expand:"%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"
"StartCCC"="\"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe\" MSRun"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
@=""
"NortonOnlineBackupReminder"="\"C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe\" UNATTENDED"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"AliceRV_McciTrayApp"="C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe"
"VIRIT LITE MONITOR"="C:\VEXPLite\MONLITE.EXE"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW"
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"="EasyBits Security Shield Hook - prevents launching insecure programs by kids"
#### HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32 @="C:\Windows\SysWow64\EZUPBH~1.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\Windows\system32\userinit.exe,"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Wireless Group Policy"
"DllName"=expand:"wlgpclnt.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"%SystemRoot%\System32\dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"

[Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"

[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"@="Security"
"DllName"=expand:"scecli.dll"

[Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
"@="Deployed Printer Connections"
"DllName"=expand:"%systemroot%\system32\gpprnext.dll"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"@="Internet Explorer Branding"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"

[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"

[Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
"@="TCPIP"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\Windows\SysWOW64\iedkcs32.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="IP Security"
"DllName"=expand:"%SystemRoot%\System32\polstore.dll"

[Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"@="Enterprise QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
"@="CP"
"DllName"=expand:"gptext.dll"

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db0
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[runonceex]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[runonce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
#### HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\InprocServer32 @="C:\Program Files\Lexmark Toolbar\toolband.dll"

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll"

[Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
#### HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\InprocServer32 @="C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll"
"NoExplorer"=dword:00000001
@="Symantec NCO BHO"

[Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
#### HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\InprocServer32 @="C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL"
"NoExplorer"=dword:00000001
@="Symantec Intrusion Prevention"

[Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
#### HKCR\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\InprocServer32 @="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll"
@="Search Helper"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
#### HKCR\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\InprocServer32 @="C:\Program Files (x86)\Windows Live\Companion\companioncore.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
#### HKCR\CLSID\{D2C5E510-BE6D-42CC-9F61-E4F939078474}\InprocServer32 @="C:\Program Files\Lexmark Printable Web\bho.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\Windows\SysWOW64\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\Colors]

[Desktop\LanguageConfiguration]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\Windows\SysWOW64\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"mosaic"="http://"
"www"="http://"
"home"="http://"
"ftp"="ftp://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\AuditPolicy]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Credssp]

[Lsa\Credssp\PolicyDefaults]

[Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]

[Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]

[Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly]

[Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain]

[Lsa\Credssp\PolicyDefaults\AllowFreshCredentials]

[Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]

[Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]

[Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]

[Lsa\Credssp\PolicyDefaults\AllowSavedCredentials]

[Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]

[Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]

[Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnlyDomain]

[Lsa\Credssp\PolicyDefaults\DenyDefaultCredentials]

[Lsa\Credssp\PolicyDefaults\DenyDefaultCredentialsDomain]

[Lsa\Credssp\PolicyDefaults\DenyFreshCredentials]

[Lsa\Credssp\PolicyDefaults\DenyFreshCredentialsDomain]

[Lsa\Credssp\PolicyDefaults\DenySavedCredentials]

[Lsa\Credssp\PolicyDefaults\DenySavedCredentialsDomain]

[Lsa\Data]

[Lsa\FipsAlgorithmPolicy]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\credssp.dll]
"Name"="CREDSSP"
"Comment"="Microsoft CredSSP Security Provider"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DisplayName"="@%SystemRoot%\system32\ipnathlp.dll,-106"
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"Description"="@%SystemRoot%\system32\ipnathlp.dll,-107"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000004
"Type"=dword:00000020
"DependOnService"=multi:"Netman\00WinMgmt\00RasMan\00BFE\00\00"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=multi:"SeChangeNotifyPrivilege\00SeCreateGlobalPrivilege\00SeImpersonatePrivilege\00SeLoadDriverPrivilege\00SeTakeOwnershipPrivilege\00\00"
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

[SharedAccess\Defaults]

[SharedAccess\Defaults\FirewallPolicy]
"IPSecExempt"=dword:00000009
"DisableStatefulFTP"=dword:00000000
"DisableStatefulPPTP"=dword:00000000
"PolicyVersion"=dword:0000020a

[SharedAccess\Defaults\FirewallPolicy\DomainProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"

[SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|xxxxx@xxxxxvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|"
"Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|xxxxx@xxxxxgon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|"
"SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"WMP-In-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31024|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-TCP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31025|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|xxxxx@xxxxxallAPI.dll,-31501|Desc=@FirewallAPI.dll,-31502|EmbedCtxt=@FirewallAPI.dll,-31500|Edge=TRUE|Defer=App|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|Defer=App|"
"PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
"RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|"
"Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
"FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|"
"CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|xxxxx@xxxxxallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|xxxxx@xxxxxallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|xxxxx@xxxxxallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|xxxxx@xxxxxallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|xxxxx@xxxxxallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|xxxxx@xxxxxallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|xxxxx@xxxxxallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|xxxxx@xxxxxallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|xxxxx@xxxxxallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|xxxxx@xxxxxallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|xxxxx@xxxxxallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|xxxxx@xxxxxallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|xxxxx@xxxxxallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|xxxxx@xxxxxallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|xxxxx@xxxxxallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|xxxxx@xxxxxallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|xxxxx@xxxxxallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|xxxxx@xxxxxallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|xxxxx@xxxxxallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
"PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|"
"MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|"
"WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|"
"RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|xxxxx@xxxxxallAPI.dll,-33769|Desc=@FirewallAPI.dll,-33772|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|xxxxx@xxxxxallAPI.dll,-33773|Desc=@FirewallAPI.dll,-33776|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33753|Desc=@FirewallAPI.dll,-33756|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33757|Desc=@FirewallAPI.dll,-33760|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|"
"MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|"
"WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|xxxxx@xxxxxallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|xxxxx@xxxxxallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcx2prov.exe|xxxxx@xxxxxallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30814|Desc=@FirewallAPI.dll,-30815|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-30816|Desc=@FirewallAPI.dll,-30817|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcrmgr.exe|xxxxx@xxxxxallAPI.dll,-30818|Desc=@FirewallAPI.dll,-30819|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-30822|Desc=@FirewallAPI.dll,-30823|EmbedCtxt=@FirewallAPI.dll,-30752|"
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-31769|Desc=@FirewallAPI.dll,-31770|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-31771|Desc=@FirewallAPI.dll,-31772|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-31775|Desc=@FirewallAPI.dll,-31776|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31753|Desc=@FirewallAPI.dll,-31756|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31757|Desc=@FirewallAPI.dll,-31760|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31769|Desc=@FirewallAPI.dll,-31770|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31771|Desc=@FirewallAPI.dll,-31772|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31775|Desc=@FirewallAPI.dll,-31776|EmbedCtxt=@FirewallAPI.dll,-31752|"
"WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30515|Desc=@FirewallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-30519|Desc=@FirewallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-30523|Desc=@FirewallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|"

[SharedAccess\Defaults\FirewallPolicy\PublicProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"

[SharedAccess\Defaults\FirewallPolicy\StandardProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"

[SharedAccess\Epoch]
"Epoch"=dword:0000009f

[SharedAccess\Epoch2]
"Epoch"=dword:00000035

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
"ServiceDllUnloadOnStop"=dword:00000001
"ScopeAddress"="192.168.137.1"
"ScopeAddressBackup"="192.168.137.1"
"SharedAutoDial"=dword:00000000
"StandaloneDhcpAddress"="192.168.173.1"

[SharedAccess\Parameters\FirewallPolicy]
"IPSecExempt"=dword:00000009
"DisableStatefulFTP"=dword:00000000
"DisableStatefulPPTP"=dword:00000000
"PolicyVersion"=dword:0000020a

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging]
"LogDroppedPackets"=dword:00000000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
"LogFileSize"=dword:00001000
"LogSuccessfulConnections"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|xxxxx@xxxxxvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|"
"Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|xxxxx@xxxxxgon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|"
"SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"WMP-In-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31024|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-TCP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31025|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|xxxxx@xxxxxallAPI.dll,-31501|Desc=@FirewallAPI.dll,-31502|EmbedCtxt=@FirewallAPI.dll,-31500|Edge=TRUE|Defer=App|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|"
"PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|Defer=App|"
"PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|"
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
"RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|"
"RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|"
"Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
"FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|xxxxx@xxxxxallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|xxxxx@xxxxxallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|"
"CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|xxxxx@xxxxxallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|xxxxx@xxxxxallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|xxxxx@xxxxxallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|xxxxx@xxxxxallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|xxxxx@xxxxxallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|xxxxx@xxxxxallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|xxxxx@xxxxxallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|xxxxx@xxxxxallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|xxxxx@xxxxxallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|xxxxx@xxxxxallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|xxxxx@xxxxxallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|xxxxx@xxxxxallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|xxxxx@xxxxxallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|xxxxx@xxxxxallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|xxxxx@xxxxxallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|xxxxx@xxxxxallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|xxxxx@xxxxxallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|xxxxx@xxxxxallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|xxxxx@xxxxxallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|xxxxx@xxxxxallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|xxxxx@xxxxxallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|xxxxx@xxxxxallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|xxxxx@xxxxxallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|xxxxx@xxxxxallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|xxxxx@xxxxxallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
"PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|"
"MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|"
"MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|"
"WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|xxxxx@xxxxxallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|"
"WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|xxxxx@xxxxxallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|"
"RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|xxxxx@xxxxxallAPI.dll,-33769|Desc=@FirewallAPI.dll,-33772|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|xxxxx@xxxxxallAPI.dll,-33773|Desc=@FirewallAPI.dll,-33776|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33753|Desc=@FirewallAPI.dll,-33756|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|xxxxx@xxxxxallAPI.dll,-33757|Desc=@FirewallAPI.dll,-33760|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|"
"RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|xxxxx@xxxxxallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|"
"NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|xxxxx@xxxxxallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdrespub|xxxxx@xxxxxallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|"
"NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|"
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|xxxxx@xxxxxallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|"
"RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=schedule|xxxxx@xxxxxallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|"
"RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|"
"MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|xxxxx@xxxxxallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|xxxxx@xxxxxallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|"
"MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|"
"RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|xxxxx@xxxxxallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|"
"RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|"
"WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|xxxxx@xxxxxallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|"
"WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|"
"RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|xxxxx@xxxxxallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|xxxxx@xxxxxallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\system32\msra.exe|xxxxx@xxxxxallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|xxxxx@xxxxxallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-TERMSRV-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-MCX2SVC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|xxxxx@xxxxxallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-Prov-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcx2prov.exe|xxxxx@xxxxxallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30814|Desc=@FirewallAPI.dll,-30815|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-30816|Desc=@FirewallAPI.dll,-30817|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-McrMgr-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcrmgr.exe|xxxxx@xxxxxallAPI.dll,-30818|Desc=@FirewallAPI.dll,-30819|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
"MCX-FDPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-30822|Desc=@FirewallAPI.dll,-30823|EmbedCtxt=@FirewallAPI.dll,-30752|"
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-31769|Desc=@FirewallAPI.dll,-31770|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|xxxxx@xxxxxallAPI.dll,-31771|Desc=@FirewallAPI.dll,-31772|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|xxxxx@xxxxxallAPI.dll,-31775|Desc=@FirewallAPI.dll,-31776|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31753|Desc=@FirewallAPI.dll,-31756|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31757|Desc=@FirewallAPI.dll,-31760|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|xxxxx@xxxxxallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31769|Desc=@FirewallAPI.dll,-31770|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31771|Desc=@FirewallAPI.dll,-31772|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|"
"NetPres-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31775|Desc=@FirewallAPI.dll,-31776|EmbedCtxt=@FirewallAPI.dll,-31752|"
"WPDMTP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|xxxxx@xxxxxallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30515|Desc=@FirewallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=fdphost|xxxxx@xxxxxallAPI.dll,-30519|Desc=@FirewallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|"
"WPDMTP-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-30523|Desc=@FirewallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|"
"{FFBF2151-5C5F-466D-8DCC-4991F09973C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|"
"{37163B8F-70A2-4570-A6D7-168206869563}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe|Name=HP TouchSmart Music|Desc=HP TouchSmart Music|"
"{F65203B2-DD45-4445-B5B2-F90E4FB715F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe|Name=HP TouchSmart Photo|Desc=HP TouchSmart Photo|"
"{B0EDFDF2-CBDB-43CB-9AAF-9AF823CAE0E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe|Name=HP TouchSmart Video|Desc=HP TouchSmart Video|"
"{726378B8-9383-47A0-AC34-B0A85F5AF94F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe|Name=HP TouchSmart Media Resident Program|Desc=HP TouchSmart Media Resident Program|"
"{3E83A9EA-501E-4220-BA5A-D346FD8429E4}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe|Name=CyberLink Media Service|Desc=CyberLink Media Service|"
"{1BD4C112-A97D-409C-8F14-2826BCD30F00}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe|Name=HP TouchSmart Music|Desc=HP TouchSmart Music|"
"{8F86A122-1035-438A-BF33-2BE6B433DC8F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe|Name=HP TouchSmart Photo|Desc=HP TouchSmart Photo|"
"{FA565EC3-5C37-4107-BDC4-5AD744D559C7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe|Name=HP TouchSmart Video|Desc=HP TouchSmart Video|"
"{C08A69AF-0271-420A-9A10-E54FA6027A45}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe|Name=HP TouchSmart Media Resident Program|Desc=HP TouchSmart Media Resident Program|"
"{D3022367-D29D-452A-8DFF-316C90C2865A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe|Name=CyberLink Media Service|Desc=CyberLink Media Service|"
"{2BDB8936-0AE9-42B7-A095-BE71C0F91975}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe|Name=HP MediaSmart DVD|Desc=HP MediaSmart DVD|"
"{C7943C4C-C41E-446F-93F3-5AEE48F58307}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe|Name=Windows Live Messenger|EmbedCtxt=@C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll,-4200|Edge=TRUE|"
"{FD26926D-65DB-4436-ABF5-DA08673FB57C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Live Messenger (UPnP-In)|EmbedCtxt=@C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll,-4200|"
"{8D980345-C0D8-4B15-A1FB-44A70E230383}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=svchost.exe|Svc=ssdpsrv|Name=Windows Live Messenger (SSDP-In)|EmbedCtxt=@C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll,-4200|"
"{1FAFCE1F-E7D5-4600-BC6C-C6DD65439DA8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe|Name=Windows Live Sync|"
"{5A214F59-1D33-482B-956C-5E00F39847CA}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\lxeacoms.exe|Name=S300-S400 Series Server|Desc=S300-S400 Series Server|"
"{A0F39871-350D-4473-A07D-7EEF2C0990B2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\LXEAcoms.exe|Name=Lexmark Communications System|Desc=Lexmark Communications System|"
"{9FC96108-7EBC-4128-8999-5D9C62B12618}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\LXEAcoms.exe|Name=Lexmark Communications System|Desc=Lexmark Communications System|"
"{534ADF4B-2C7C-4636-9626-CEF04522FB6B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe|Name=ABBYY FineReader|"
"{3FCC3263-8B2B-4C9A-9A23-5E483B8D6AD3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe|Name=ABBYY FineReader|"
"{C870ECF2-1CBE-49C4-B606-1A31DB7E6EA7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE|"
"{6B0EB08B-D253-4A74-A4A2-A8120429FA6E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|"
"{4D78435B-2B38-4B65-99B2-7931E9DC233B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
"{C8E47343-6F0B-4EAE-8843-87F089B23247}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Mesh\MOE.exe|Name=Windows Live Mesh|Edge=TRUE|"

[SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging]
"LogDroppedPackets"=dword:00000000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
"LogFileSize"=dword:00001000
"LogSuccessfulConnections"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable]
"PolicyVersion"=dword:0000020a

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"AxInstSV-1"="V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|"
"AxInstSV-2"="V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|"
"cb9c8d67-2a8f-4cff-b87b-367a63e02b6b"="v2.10|Action=Block|Active=TRUE|Dir=In|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Regola di restrizione del traffico in entrata nel servizio per wlcrasvc|Desc=Blocca tutto il traffico in entrata nel sevizio wlcrasvc|"
"997f9f57-1a4d-4648-ad49-71dd7cf9de80"="v2.10|Action=Block|Active=TRUE|Dir=Out|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Regola di restrizione del traffico in uscita dal servizio per wlcrasvc|Desc=Blocca tutto il traffico in uscita dal sevizio wlcrasvc|"
"{3A033D5E-587B-4256-9EE3-1D40769E9CE8}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=33701|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|xxxxx@xxxxxramFiles%\Windows Live\Mesh\WLRemoteServiceResource.dll,-103|Edge=TRUE|"
"{9365C049-4D6D-4AD0-BAE7-88D746338E78}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc|Name=Windows Live Devices (Remote) - Outbound|"
"{8BE8A952-F7C7-4BB1-A777-C0AEEA4B0DAB}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\System32\svchost.exe|Svc=wlcrasvc|Name=Windows Live Devices (Remote) - Outbound|"

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"PerfHost-1"="V2.0|Action=Block|Dir=In|app=%windir%\SysWow64\PerfHost.exe|Svc=PerfHost|Name=PerfHost_In_Block|Desc=Network rules for inbound traffic to PerfHost|"
"PerfHost-2"="V2.0|Action=Block|Dir=Out|app=%windir%\SysWow64\PerfHost.exe|Svc=PerfHost|Name=PerfHost_Out_Block|Desc=Network rules for outbound traffic from PerfHost|"
"HidServ-1"="V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic to HidServ|"
"HidServ-2"="V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=HidServ|Name=Block any traffic from HidServ|"
"Eventlog-1"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Allow RPC/TCP traffic to EventLog|"
"Eventlog-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic to EventLog|"
"Eventlog-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=EventLog|Name=Block any traffic from EventLog|"
"PolicyAgent-1"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23300|Desc=@FirewallAPI.dll,-23301|"
"PolicyAgent-2"="V2.0|Action=Allow|Dir=Out|RPort=389|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23302|Desc=@FirewallAPI.dll,-23303|"
"PolicyAgent-3"="V2.0|Action=Allow|Dir=In|LPort=RPC|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23312|Desc=@FirewallAPI.dll,-23313|"
"PolicyAgent-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23304|"
"PolicyAgent-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PolicyAgent|xxxxx@xxxxxallAPI.dll,-23305|"
"DPS-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"DPS-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DPS|Name=Block any other traffic to and from DPS|"
"WdiSystemHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"WdiSystemHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WdiSystemHost|Name=Block any other traffic to and from WdiSystemHost|"
"Netman-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all inbound traffic to Netman|"
"Netman-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Netman|Name=Block all outbound traffic from Netman|"
"BFE-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block inbound traffic to BFE|"
"BFE-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=BFE|Name=Block outbound traffic from BFE|"
"DHCP-1"="V2.0|Action=Allow|Dir=Out|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|Desc=@%SystemRoot%\system32\dhcpcore.dll,-102|"
"DHCP-1-1"="V2.0|Action=Allow|Dir=In|LPORT=68|RPort=67|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|Desc=@%SystemRoot%\system32\dhcpcore.dll,-102|"
"DHCP-2"="V2.0|Action=Allow|Dir=In|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|Desc=@%SystemRoot%\system32\dhcpcore.dll,-102|"
"DHCP-3"="V2.0|Action=Allow|Dir=Out|LPORT=546|RPort=547|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|Desc=@%SystemRoot%\system32\dhcpcore.dll,-102|"
"DHCP-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|"
"DHCP-5"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=DHCP|xxxxx@xxxxxemRoot%\system32\dhcpcore.dll,-102|"
"Trkwks-1"="V2.0|Action=Block|Dir=in|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic to TrkWks service|"
"Trkwks-2"="V2.0|Action=Block|Dir=out|App=%windir%\System32\svchost.exe|Svc=trkwks|Name=Block any traffic from TrkWks service|"
"AVEndpointBuilder-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any inbound traffic to AudioEndpointBuilder|"
"AVEndpointBuilder-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=AudioEndpointBuilder|Name=Block any outbound traffic from AudioEndpointBuilder|"
"Audiosrv-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=Audiosrv|Name=Block any inbound traffic to Audiosrv|"
"Audiosrv-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=Audiosrv|Name=Block any outbound traffic from Audiosrv|"
"LMHosts-1"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-2"="V2.0|Action=Allow|Dir=Out|RPort=53|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"LMHosts-4"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=lmhosts|xxxxx@xxxxxemRoot%\system32\lmhsvc.dll,-103|"
"MPSSVC-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|xxxxx@xxxxxallAPI.dll,-23306|"
"MPSSVC-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=Mpssvc|xxxxx@xxxxxallAPI.dll,-23307|"
"WerSvc-1"="V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_In_Block|Desc=Network rules for inbound traffic to WerSvc|"
"WerSvc-2"="V2.0|Action=Block|Dir=Out|app=%windir%\System32\svchost.exe|Svc=WerSvc|Name=WerSvc_Out_Block|Desc=Network rules for outbound traffic from WerSvc|"
"WudfSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
"WudfSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WudfSvc|Name=Block any traffic to and from WudfSvc|"
"SNMPTRAP-1"="V2.0|Action=Allow|Dir=In|Protocol=17|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-5|"
"SNMPTRAP-2"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-6|"
"SNMPTRAP-3"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|xxxxx@xxxxxemRoot%\system32\snmptrap.exe,-6|"
"clr_optimization_v2.0.50727_32-2"="V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|"
"clr_optimization_v2.0.50727_32-1"="V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_32|Name=Block traffic for clr_optimization_v2.0.50727_32|"
"clr_optimization_v2.0.50727_64-1"="V2.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_64|Name=Block traffic for clr_optimization_v2.0.50727_64|"
"clr_optimization_v2.0.50727_64-2"="V2.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe|Svc=clr_optimization_v2.0.50727_64|Name=Block traffic for clr_optimization_v2.0.50727_64|"
"UI0Detect-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"UI0Detect-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\UI0Detect.exe|Svc=UI0Detect|Name=Block any traffic to and from UI0Detect|"
"uxsms-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block inbound traffic to uxsms|"
"uxsms-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\System32\svchost.exe|Svc=uxsms|Name=Block outbound traffic from uxsms|"
"dot3svc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"dot3svc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\System32\svchost.exe|Svc=dot3svc|Name=Block any traffic to and from dot3svc|"
"IPBusEnum-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any inbound traffic to IPBusEnum|"
"IPBusEnum-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=IPBusEnum|Name=Block any outbound traffic from IPBusEnum|"
"PNRP Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"PnrpAuto Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
"Sysmain-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block outbound access to sysmain|"
"PnrpAuto Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPAutoReg|Name=Block PnrpAuto from all ports|"
"HomeGroup Allow Out (PRNP)"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|RPort=3540|Protocol=17|Name=Allow PNRP to send from port 3540|"
"PcaSvc-1"="V2.0|Action=Block|Dir=in|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|xxxxx@xxxxxc.dll,-3|Desc=@pcasvc.dll,-5|"
"PcaSvc-2"="V2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=PcaSvc|xxxxx@xxxxxc.dll,-4|Desc=@pcasvc.dll,-6|"
"HomeGroup Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup incoming|"
"SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
"Wlansvc-2"="V2.0|Dir=Out|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"P2P Grouping Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"Sysmain-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=sysmain|Name=Block inbound access to sysmain|"
"HomeGroup Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
"SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"
"Wlansvc-1"="V2.0|Dir=In|Action=Block|App=%SystemRoot%\System32\svchost.exe|Svc=Wlansvc|Name=Block any traffic to and from Wlansvc|"
"P2P Grouping Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
"SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
"HomeGroup Allow In (PRNP)"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|LPort=3540|Protocol=17|Name=Allow PNRP to receive from port 3540|"
"SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
"PNRP Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"WindowsDefender-Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic from WinDefend|"
"P2P Ident Block In"="v2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"P2P Grouping Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2psvc|Name=Block Grouping from all other ports|"
"P2P Ident Block Out"="v2.0|Action=Block|Dir=out|App=%SystemRoot%\system32\svchost.exe|Svc=p2pimsvc|Name=Block Idman from all other ports|"
"HomeGroup Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|Name=Block homegroup outgoing|"
"WcsPlugInService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|xxxxx@xxxxx.dll,-160|"
"TabletInputService-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic to TabletInputService|"
"PNRP Block Out"="v2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=Block PNRP from all other ports|"
"TabletInputService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=TabletInputService|Name=Block any traffic from TabletInputService|"
"WwanSvc-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WwanSvc|Name=Block any network traffic to WwanSvc|"
"HomeGroup Allow Out"="v2.0|Action=Allow|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupProvider|RPort=3587|Protocol=6|Name=Allow Grouping to send to port 3587|"
"HomeGroup Listener Block Out"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all outgoing|"
"HomeGroup Listener Block In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=HomeGroupListener|Name=Block all incoming|"
"PNRP Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|LPort=3540|Protocol=17|Name=Allow PNRP to send to port 3540|"
"WcsPlugInService-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WcsPlugInService|xxxxx@xxxxx.dll,-161|"
"WindowsDefender-In"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\svchost.exe|Svc=WinDefend|Name=Block any traffic to WinDefend|"
"WwanSvc-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WwanSvc|Name=Block any network traffic from WwanSvc|"
"WPDBUSENUM-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
"WPDBUSENUM-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WPDBusEnum|Name=Block all traffic to and from WPDBusEnum|"
"P2P Grouping Allow In"="v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|"
"clr_optimization_v4.0.30319_32-1"="V4.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|"
"clr_optimization_v4.0.30319_32-2"="V4.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_32|Name=Block traffic for clr_optimization_v4.0.30319_32|"
"clr_optimization_v4.0.30319_64-1"="V4.0|Action=Block|Dir=In|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_64|Name=Block traffic for clr_optimization_v4.0.30319_64|"
"clr_optimization_v4.0.30319_64-2"="V4.0|Action=Block|Dir=Out|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe|Svc=clr_optimization_v4.0.30319_64|Name=Block traffic for clr_optimization_v4.0.30319_64|"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]
"LogDroppedPackets"=dword:00000000
"LogFilePath"=expand:"%systemroot%\system32\LogFiles\Firewall\pfirewall.log"
"LogFileSize"=dword:00001000
"LogSuccessfulConnections"=dword:00000000

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"LegacyImpersonationLevel"=dword:00000002
"MachineAccessRestriction"=hex:01,00,04,80,74,00,00,00,84,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,78,00,00,00,88,00,00,00,00,00,00,00,\

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F}"="1"
"{835BEE60-8731-4159-8BFF-941301D76D05}"="1"
"{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368}"="1"
"{91BC037F-B58C-43cb-AD9C-1718ACA70E2F}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
"{9da0e0ea-86ce-11d1-8699-00c04fb98036}"="1"
"{CA6C8347-120F-4122-873F-F89138694AC8}"="1"
"{E8494122-79AD-11D2-909C-00A0C9AFE0AA}"="1"
"{A373F3DA-7A87-11D3-B1C1-00C04F68155C}"="1"
"{C7310557-AC80-11D1-8DF3-00C04FB6EF4F}"="1"

[Ole\Eventlog]
"SuppressDuplicateDuration"=dword:00015180

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"="($build.empty)"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\-----

[System]
"DisableRegistryTools"=dword:00000000

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]

[Security Center\Svc]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001

[SystemRestore\Setup]

[SystemRestore\Setup\Unattend]

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\Windows\SysWOW64\wmpdxm.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"StubPath"=expand:"%SystemRoot%\system32\unregmp2.exe /ShowWMP"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="\"C:\Windows\SysWOW64\rundll32.exe\" \"C:\Windows\SysWOW64\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\Windows\SysWOW64\wmpdxm.dll"
"@="Microsoft Windows Media Player 12.0"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles(x86)%\Windows Mail\WinMail.exe\" OCInstallUserConfigOE"
"@="Microsoft Windows"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5A604D2C-E968-429B-8327-62B5CE52126D}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"=expand:"%SystemRoot%\system32\msieftp.dll"
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @=expand:"%SystemRoot%\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=expand:"%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Address Book 7"

[Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
"@=".NET Framework"
"ComponentID"=".NETFramework"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4_SHELLID"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Web Platform Customizations"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings"

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

===================== Advanced startup entries analysis =====================

HKLM\SOFTWARE\Microsoft\windows\currentversion\run

hpsysdrv = c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe -- 20/11/2008 10:47:28 -- 20/11/2008 10:47:28 -- 62768
MD5: 554a50b5310e702029d3a675459108ff SHA1: d9e32a7bda99da0ec5b86034df4b0d1d9d7588d6
[1] .text [2] .rdata [3] .data [4] .rsrc

HP Remote Solution = %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe -- 25/08/2009 03:11:15 -- 25/08/2009 03:11:15 -- 656896
MD5: 47dce3a2fe0b34dd9f01eb4037303a3e SHA1: d7e5b2935e0911ecf19802936a7bf183d2466387
[1] .text [2] .data [3] .tls [4] .rdata [5] .idata [6] .edata [7] .rsrc [8] .reloc

StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- 08/09/2009 22:18:40 -- 08/09/2009 22:18:40 -- 98304
MD5: 870d7347421215722a5cbbb463db8377 SHA1: 35507f7ddc3a90843b13ab6d178e30942570b5f5
[1] .text [2] .rdata [3] .data [4] .rsrc

HP Software Update = c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe -- 08/12/2008 14:50:04 -- 08/12/2008 14:50:04 -- 54576
MD5: 5516c26a6af8eb4e2cab48ec98a74398 SHA1: 237532fe906b560c5563b65960490b66639084aa
[1] .text [2] .rdata [3] .data [4] .rsrc


HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run



HKCU\SOFTWARE\Microsoft\windows\currentversion\run

SpybotSD TeaTimer = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -- 05/12/2010 21:07:08 -- 26/01/2009 15:31:16 -- 2144088
MD5: 896a1db9a972ad2339c2e8569ec926d1 SHA1: 8182d70aa0c5f18cf5adc939a1dfe48518bc3c21
[1] .text [2] .itext [3] .data [4] .bss [5] .idata [6] .tls [7] .rdata [8] .reloc [9] .rsrc


HPADVISOR = C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW NOT FOUND

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun NOT FOUND


HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run



===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)


-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

### C:\hp\bin\MSOffice\autorun.inf
OPEN=SETUP.EXE

shell\configure=&Configure...
shell\configure\command=SETUP.EXE


### C:\Windows\winsxs\x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78\autorun.inf
action=BitLocker To Go Reader
ShellExecute=BitLockerToGo.exe
UseAutoPlay=1

### D:\hp\Apps\APP00119\src\Autorun.inf
OPEN=Setup.exe

### D:\hp\Apps\APP03388\src\AUTORUN.INF
OPEN=Setup.exe

### D:\hp\Apps\APP13248\src\AUTORUN.INF
OPEN=Setup.exe

===================== SCHEDULED JOBS =====================

jobs found in C:\Windows:

14/07/2009 06:08:49 4882 byte 511 days old -- C:\Windows\tasks\SCHEDLGU.TXT
22/12/2009 21:42:44 4 byte 350 days old -- C:\Windows\tasks\FOLDER.TSX
05/12/2010 18:46:54 544 byte 2 days old -- C:\Windows\tasks\PCDRScheduledMaintenance.job
07/12/2010 11:34:39 6 byte 0 days old -- C:\Windows\tasks\SA.DAT
07/12/2010 11:37:20 1142 byte 0 days old -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
07/12/2010 12:28:00 1146 byte 0 days old -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:


===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "1394ohci" - Controller host compatibile OHCI 1394
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\1394ohci.sys
---> TYPE = KERNEL_DRIVER

001) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

002) "AcpiPmi" - Driver misuratore alimentazione ACPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\acpipmi.sys
---> TYPE = KERNEL_DRIVER

003) "adp94xx"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\adp94xx.sys
---> TYPE = KERNEL_DRIVER

004) "adpahci"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\adpahci.sys
---> TYPE = KERNEL_DRIVER

005) "adpu320"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\adpu320.sys
---> TYPE = KERNEL_DRIVER

006) "AFD" - @C:\Windows\system32\drivers\afd.sys,-1000
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

007) "agp440" - Filtro bus Intel AGP
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\agp440.sys
---> TYPE = KERNEL_DRIVER

008) "aliide"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\aliide.sys
---> TYPE = KERNEL_DRIVER

009) "amdide"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\amdide.sys
---> TYPE = KERNEL_DRIVER

010) "AmdK8" - Driver del processore AMD K8
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\amdk8.sys
---> TYPE = KERNEL_DRIVER

011) "AmdPPM" - Driver processore AMD
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\amdppm.sys
---> TYPE = KERNEL_DRIVER

012) "amdsata"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\amdsata.sys
---> TYPE = KERNEL_DRIVER

013) "amdsbs"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\amdsbs.sys
---> TYPE = KERNEL_DRIVER

014) "amdxata"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\amdxata.sys
---> TYPE = KERNEL_DRIVER

015) "AppID" - @C:\Windows\system32\appidsvc.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\appid.sys
---> TYPE = KERNEL_DRIVER

016) "arc"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\arc.sys
---> TYPE = KERNEL_DRIVER

017) "arcsas"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\arcsas.sys
---> TYPE = KERNEL_DRIVER

018) "AsyncMac" - @C:\Windows\system32\rascfg.dll,-32000
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

019) "atapi" - Canale IDE
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

020) "AtiHdmiService" - ATI Function Driver for High Definition Audio Service
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\AtiHdmi.sys
---> TYPE = KERNEL_DRIVER

021) "atikmdag"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\atikmdag.sys
---> TYPE = KERNEL_DRIVER

022) "b06bdrv" - Broadcom NetXtreme II VBD
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\bxvbda.sys
---> TYPE = KERNEL_DRIVER

023) "b57nd60a" - Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\b57nd60a.sys
---> TYPE = KERNEL_DRIVER

024) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

025) "BHDrvx64" - BHDrvx64
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
---> TYPE = KERNEL_DRIVER

026) "blbdrive"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\DRIVERS\blbdrive.sys
---> TYPE = KERNEL_DRIVER

027) "bowser" - @C:\Windows\system32\browser.dll,-102
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bowser.sys
---> TYPE = FILE_SYSTEM_DRIVER

028) "BrFiltLo" - Driver filtro inferiore per memoria di massa Brother USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\BrFiltLo.sys
---> TYPE = KERNEL_DRIVER

029) "BrFiltUp" - Driver filtro superiore per memoria di massa Brother USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\BrFiltUp.sys
---> TYPE = KERNEL_DRIVER

030) "Brserid" - Driver interfaccia porta seriale (WDM) Brother MFC
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\Brserid.sys
---> TYPE = KERNEL_DRIVER

031) "BrSerWdm" - Driver seriale Brother WDM
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\BrSerWdm.sys
---> TYPE = KERNEL_DRIVER

032) "BrUsbMdm" - Modem Brother MFC USB Fax Only
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\BrUsbMdm.sys
---> TYPE = KERNEL_DRIVER

033) "BrUsbSer" - Driver WDM seriale USB Brother MFC
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\BrUsbSer.sys
---> TYPE = KERNEL_DRIVER

034) "BTHMODEM" - Driver comunicazioni seriali Bluetooth
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\bthmodem.sys
---> TYPE = KERNEL_DRIVER

035) "ccHP" - Symantec Hash Provider
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\drivers\NISx64\1108000.005\ccHPx64.sys
---> TYPE = KERNEL_DRIVER

036) "cdfs" - CD/DVD File System Reader
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\cdfs.sys
---> TYPE = FILE_SYSTEM_DRIVER

037) "cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

038) "circlass" - Dispositivi IR utente
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\circlass.sys
---> TYPE = KERNEL_DRIVER

039) "CLFS" - @C:\Windows\system32\clfs.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\CLFS.sys
---> TYPE = KERNEL_DRIVER

040) "CmBatt" - Driver batteria a metodo di controllo ACPI Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\CmBatt.sys
---> TYPE = KERNEL_DRIVER

041) "cmdide"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\cmdide.sys
---> TYPE = KERNEL_DRIVER

042) "CNG" -
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\cng.sys
---> TYPE = KERNEL_DRIVER

043) "Compbatt"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\compbatt.sys
---> TYPE = KERNEL_DRIVER

044) "CompositeBus" - Driver enumeratore bus composito
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\CompositeBus.sys
---> TYPE = KERNEL_DRIVER

045) "crcdisk" - Driver di filtro Crcdisk
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\DRIVERS\crcdisk.sys
---> TYPE = KERNEL_DRIVER

046) "DfsC" - @C:\Windows\system32\drivers\dfsc.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\Drivers\dfsc.sys
---> TYPE = FILE_SYSTEM_DRIVER

047) "discache" - @C:\Windows\system32\drivers\discache.sys,-102
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\drivers\discache.sys
---> TYPE = KERNEL_DRIVER

048) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

049) "drmkaud" - Driver audio considerati attendibili da Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

050) "DXGKrnl" - LDDM Graphics Subsystem
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\drivers\dxgkrnl.sys
---> TYPE = KERNEL_DRIVER

051) "ebdrv" - Broadcom NetXtreme II 10 GigE VBD
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\evbda.sys
---> TYPE = KERNEL_DRIVER

052) "eeCtrl" - Symantec Eraser Control driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
---> TYPE = KERNEL_DRIVER

053) "elxstor"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\elxstor.sys
---> TYPE = KERNEL_DRIVER

054) "EraserUtilRebootDrv" - EraserUtilRebootDrv
---> STAT = (RUNNING) Started manually
---> FILE = C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
---> TYPE = KERNEL_DRIVER

055) "ErrDev" - Driver dispositivo errore hardware Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\errdev.sys
---> TYPE = KERNEL_DRIVER

056) "exfat" - exFAT File System Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER

057) "fastfat" - FAT12/16/32 File System Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER

058) "fdc" - Driver controller disco floppy
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

059) "FileInfo" - @C:\Windows\system32\drivers\fileinfo.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fileinfo.sys
---> TYPE = FILE_SYSTEM_DRIVER

060) "Filetrace" - @C:\Windows\system32\drivers\filetrace.sys,-10001
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\filetrace.sys
---> TYPE = FILE_SYSTEM_DRIVER

061) "flpydisk" - Driver disco floppy
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER

062) "FltMgr" - @C:\Windows\system32\drivers\fltmgr.sys,-10001
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

063) "FsDepends" - @C:\Windows\system32\drivers\fsdepends.sys,-10001
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\FsDepends.sys
---> TYPE = FILE_SYSTEM_DRIVER

064) "fssfltr" - FssFltr
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\fssfltr.sys
---> TYPE = KERNEL_DRIVER

065) "fvevol" - @C:\Windows\system32\drivers\fvevol.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\fvevol.sys
---> TYPE = KERNEL_DRIVER

066) "gagp30kx" - Filtro Microsoft AGPv3.0 generico per piattaforme processore K8
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\gagp30kx.sys
---> TYPE = KERNEL_DRIVER

067) "hcw85cir" - Hauppauge Consumer Infrared Receiver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\hcw85cir.sys
---> TYPE = KERNEL_DRIVER

068) "HDAudBus" - Driver bus Microsoft UAA per High Definition Audio
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\HDAudBus.sys
---> TYPE = KERNEL_DRIVER

069) "HidBatt" - Driver batteria UPS HID
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\HidBatt.sys
---> TYPE = KERNEL_DRIVER

070) "HidBth" - Miniport HID Bluetooth Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\hidbth.sys
---> TYPE = KERNEL_DRIVER

071) "HidIr" - Driver HID infrarossi Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\hidir.sys
---> TYPE = KERNEL_DRIVER

072) "HidUsb" - Driver di classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER

073) "HpSAMD"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\HpSAMD.sys
---> TYPE = KERNEL_DRIVER

074) "HTTP" - @C:\Windows\system32\drivers\http.sys,-1
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

075) "hwpolicy" - @C:\Windows\system32\drivers\hwpolicy.sys,-101
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\hwpolicy.sys
---> TYPE = KERNEL_DRIVER

076) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER

077) "iaStorV"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\iaStorV.sys
---> TYPE = KERNEL_DRIVER

078) "IDSVia64" - IDSVia64
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101201.001\IDSvia64.sys
---> TYPE = KERNEL_DRIVER

079) "iirsp"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\iirsp.sys
---> TYPE = KERNEL_DRIVER

080) "IntcAzAudAddService" - Service for Realtek HD Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\RTKVHD64.sys
---> TYPE = KERNEL_DRIVER

081) "intelide"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\intelide.sys
---> TYPE = KERNEL_DRIVER

082) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER

083) "IpFilterDriver" - @C:\Windows\system32\rascfg.dll,-32013
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

084) "IPMIDRV"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\IPMIDrv.sys
---> TYPE = KERNEL_DRIVER

085) "IPNAT" - IP Network Address Translator
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\drivers\ipnat.sys
---> TYPE = KERNEL_DRIVER

086) "IRENUM" - @C:\Windows\system32\drivers\irenum.sys,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\irenum.sys
---> TYPE = KERNEL_DRIVER

087) "isapnp"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

088) "iScsiPrt" - Driver porta iSCSI
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\msiscsi.sys
---> TYPE = KERNEL_DRIVER

089) "kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

090) "kbdhid" - Driver di tastiera HID
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER

091) "KSecDD" -
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\ksecdd.sys
---> TYPE = KERNEL_DRIVER

092) "KSecPkg" -
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\ksecpkg.sys
---> TYPE = KERNEL_DRIVER

093) "ksthunk" - Kernel Streaming Thunks
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\ksthunk.sys
---> TYPE = KERNEL_DRIVER

094) "lltdio" - Link-Layer Topology Discovery Mapper I/O Driver
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\lltdio.sys
---> TYPE = KERNEL_DRIVER

095) "LSI_FC"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\lsi_fc.sys
---> TYPE = KERNEL_DRIVER

096) "LSI_SAS"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\lsi_sas.sys
---> TYPE = KERNEL_DRIVER

097) "LSI_SAS2"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\lsi_sas2.sys
---> TYPE = KERNEL_DRIVER

098) "LSI_SCSI"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\lsi_scsi.sys
---> TYPE = KERNEL_DRIVER

099) "luafv" - @C:\Windows\system32\drivers\luafv.sys,-100
---> STAT = (RUNNING) Started automatically
---> FILE = \SystemRoot\system32\drivers\luafv.sys
---> TYPE = FILE_SYSTEM_DRIVER

100) "megasas"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\megasas.sys
---> TYPE = KERNEL_DRIVER

101) "MegaSR"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\MegaSR.sys
---> TYPE = KERNEL_DRIVER

102) "Modem" -
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\modem.sys
---> TYPE = KERNEL_DRIVER

103) "monitor" - Servizio driver funzioni di classe monitor Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\monitor.sys
---> TYPE = KERNEL_DRIVER

104) "mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

105) "mouhid" - Driver di mouse HID
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mouhid.sys
---> TYPE = KERNEL_DRIVER

106) "mountmgr" - @C:\Windows\system32\drivers\mountmgr.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\mountmgr.sys
---> TYPE = KERNEL_DRIVER

107) "mpio"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\mpio.sys
---> TYPE = KERNEL_DRIVER

108) "mpsdrv" - @C:\Windows\system32\FirewallAPI.dll,-23092
---> STAT = (RUNNING) Started manually
---> FILE = System32\drivers\mpsdrv.sys
---> TYPE = KERNEL_DRIVER

109) "MRxDAV" - @C:\Windows\system32\webclnt.dll,-104
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

110) "mrxsmb" - @C:\Windows\system32\wkssvc.dll,-1002
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

111) "mrxsmb10" - @C:\Windows\system32\wkssvc.dll,-1004
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb10.sys
---> TYPE = FILE_SYSTEM_DRIVER

112) "mrxsmb20" - @C:\Windows\system32\wkssvc.dll,-1006
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxsmb20.sys
---> TYPE = FILE_SYSTEM_DRIVER

113) "msahci"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\msahci.sys
---> TYPE = KERNEL_DRIVER

114) "msdsm"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\msdsm.sys
---> TYPE = KERNEL_DRIVER

115) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

116) "mshidkmdf" - @C:\Windows\system32\drivers\mshidkmdf.sys,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\drivers\mshidkmdf.sys
---> TYPE = KERNEL_DRIVER

117) "msisadrv"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\msisadrv.sys
---> TYPE = KERNEL_DRIVER

118) "MSKSSRV" - Proxy di servizio di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

119) "MSPCLOCK" - Proxy clock di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

120) "MSPQM" - Proxy di gestione qualità di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

121) "MsRPC"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

122) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

123) "MSTEE" - Convertitore a T/Sito a sito per flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER

124) "MTConfig" - Microsoft Input Configuration Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\MTConfig.sys
---> TYPE = KERNEL_DRIVER

125) "Mup" - @C:\Windows\system32\drivers\mup.sys,-101
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\Drivers\mup.sys
---> TYPE = FILE_SYSTEM_DRIVER

126) "NativeWifiP" - NativeWiFi Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwifi.sys
---> TYPE = KERNEL_DRIVER

127) "NAVENG" - NAVENG
---> STAT = (RUNNING) Started manually
---> FILE = C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101206.049\ENG64.SYS
---> TYPE = KERNEL_DRIVER

128) "NAVEX15" - NAVEX15
---> STAT = (RUNNING) Started manually
---> FILE = C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101206.049\EX64.SYS
---> TYPE = KERNEL_DRIVER

129) "NDIS" - @C:\Windows\system32\drivers\ndis.sys,-200
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\ndis.sys
---> TYPE = KERNEL_DRIVER

130) "NdisCap" - NDIS Capture LightWeight Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiscap.sys
---> TYPE = KERNEL_DRIVER

131) "NdisTapi" - @C:\Windows\system32\rascfg.dll,-32001
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

132) "Ndisuio" - NDIS Usermode I/O Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

133) "NdisWan" - @C:\Windows\system32\rascfg.dll,-32002
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

134) "NDProxy" - multi:NDIS Proxy\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

135) "NetBIOS" - NetBIOS Interface
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

136) "NetBT" - @C:\Windows\system32\drivers\netbt.sys,-2
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

137) "nfrd960"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\nfrd960.sys
---> TYPE = KERNEL_DRIVER

138) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

139) "nsiproxy" - @C:\Windows\system32\drivers\nsiproxy.sys,-2
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\nsiproxy.sys
---> TYPE = KERNEL_DRIVER

140) "Ntfs" -
---> STAT = (RUNNING) Started manually
---> TYPE = FILE_SYSTEM_DRIVER

141) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

142) "nvraid"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\nvraid.sys
---> TYPE = KERNEL_DRIVER

143) "nvstor"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\nvstor.sys
---> TYPE = KERNEL_DRIVER

144) "nv_agp" - Filtro bus NVIDIA nForce AGP
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\nv_agp.sys
---> TYPE = KERNEL_DRIVER

145) "ohci1394" - Controller host compatibile OHCI 1394 (legacy)
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\ohci1394.sys
---> TYPE = KERNEL_DRIVER

146) "Parport" - Driver porta parallela
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

147) "partmgr" - @C:\Windows\system32\drivers\partmgr.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\partmgr.sys
---> TYPE = KERNEL_DRIVER

148) "PCDSRVC{F36B3A4C-F95654BD-06000000}_0" - PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
---> TYPE = KERNEL_DRIVER

149) "pci" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

150) "pciide"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

151) "pcmcia"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\pcmcia.sys
---> TYPE = KERNEL_DRIVER

152) "pcw" - Performance Counters for Windows Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\pcw.sys
---> TYPE = KERNEL_DRIVER

153) "PEAUTH" - PEAUTH
---> STAT = (RUNNING) Started automatically
---> FILE = system32\drivers\peauth.sys
---> TYPE = KERNEL_DRIVER

154) "PptpMiniport" - @C:\Windows\system32\rascfg.dll,-32006
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER

155) "Processor" - Driver processore
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\processr.sys
---> TYPE = KERNEL_DRIVER

156) "Psched" - @C:\Windows\System32\drivers\pacer.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\pacer.sys
---> TYPE = KERNEL_DRIVER

157) "ql2300"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\ql2300.sys
---> TYPE = KERNEL_DRIVER

158) "ql40xx"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\ql40xx.sys
---> TYPE = KERNEL_DRIVER

159) "QWAVEdrv" - @C:\Windows\system32\drivers\qwavedrv.sys,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\drivers\qwavedrv.sys
---> TYPE = KERNEL_DRIVER

160) "RasAcd" - Remote Access Auto Connection Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER

161) "RasAgileVpn" - WAN Miniport (IKEv2)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\AgileVpn.sys
---> TYPE = KERNEL_DRIVER

162) "Rasl2tp" - @C:\Windows\system32\rascfg.dll,-32005
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER

163) "RasPppoe" - @C:\Windows\system32\rascfg.dll,-32007
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER

164) "RasSstp" - @C:\Windows\system32\sstpsvc.dll,-202
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rassstp.sys
---> TYPE = KERNEL_DRIVER

165) "rdbss" - @C:\Windows\system32\wkssvc.dll,-1000
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER

166) "rdpbus" - Remote Desktop Device Redirector Bus Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\rdpbus.sys
---> TYPE = KERNEL_DRIVER

167) "RDPCDD" - @C:\Windows\system32\DRIVERS\RDPCDD.sys,-100
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER

168) "RDPENCDD" - @C:\Windows\system32\drivers\RDPENCDD.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\rdpencdd.sys
---> TYPE = KERNEL_DRIVER

169) "RDPREFMP" - @C:\Windows\system32\drivers\RdpRefMp.sys,-101
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\drivers\rdprefmp.sys
---> TYPE = KERNEL_DRIVER

170) "RDPWD" - RDP Winstation Driver
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

171) "rdyboost" - ReadyBoost
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\rdyboost.sys
---> TYPE = KERNEL_DRIVER

172) "rspndr" - Link-Layer Topology Discovery Responder
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\rspndr.sys
---> TYPE = KERNEL_DRIVER

173) "RTL8167" - Realtek 8167 NT Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\Rt64win7.sys
---> TYPE = KERNEL_DRIVER

174) "sbp2port"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sbp2port.sys
---> TYPE = KERNEL_DRIVER

175) "scfilter" - @C:\Windows\System32\drivers\scfilter.sys,-11
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\scfilter.sys
---> TYPE = KERNEL_DRIVER

176) "secdrv" - Security Driver
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

177) "Serenum" - Driver filtro Serenum
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER

178) "Serial"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER

179) "sermouse" - Driver del mouse seriale
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sermouse.sys
---> TYPE = KERNEL_DRIVER

180) "sffdisk" - Driver classe memorie SFF
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sffdisk.sys
---> TYPE = KERNEL_DRIVER

181) "sffp_mmc" - Driver protocollo memorie SFF per MMC
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sffp_mmc.sys
---> TYPE = KERNEL_DRIVER

182) "sffp_sd" - Driver protocollo memorie SFF per SDBus
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sffp_sd.sys
---> TYPE = KERNEL_DRIVER

183) "sfloppy" - Unità disco floppy ad alta capacità
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sfloppy.sys
---> TYPE = KERNEL_DRIVER

184) "SiSRaid2"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\SiSRaid2.sys
---> TYPE = KERNEL_DRIVER

185) "SiSRaid4"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\sisraid4.sys
---> TYPE = KERNEL_DRIVER

186) "Smb" - @C:\Windows\system32\tcpipcfg.dll,-50005
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\smb.sys
---> TYPE = KERNEL_DRIVER

187) "spldr" - Security Processor Loader Driver
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

188) "SRTSP" - Symantec Real Time Storage Protection x64
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
---> TYPE = FILE_SYSTEM_DRIVER

189) "SRTSPX" - Symantec Real Time Storage Protection (PEL) x64
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
---> TYPE = KERNEL_DRIVER

190) "srv" - @C:\Windows\system32\srvsvc.dll,-102
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER

191) "srv2" - @C:\Windows\system32\srvsvc.dll,-104
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv2.sys
---> TYPE = FILE_SYSTEM_DRIVER

192) "srvnet" -
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srvnet.sys
---> TYPE = FILE_SYSTEM_DRIVER

193) "stexstor"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\stexstor.sys
---> TYPE = KERNEL_DRIVER

194) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER

195) "SymDS" - Symantec Data Store
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\NISx64\1108000.005\SYMDS64.SYS
---> TYPE = KERNEL_DRIVER

196) "SymEFA" - Symantec Extended File Attributes
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
---> TYPE = FILE_SYSTEM_DRIVER

197) "SymEvent"
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
---> TYPE = KERNEL_DRIVER

198) "SymIRON" - Symantec Iron Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\drivers\NISx64\1108000.005\Ironx64.SYS
---> TYPE = KERNEL_DRIVER

199) "SYMTDIv" - Symantec Vista Network Dispatch Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
---> TYPE = KERNEL_DRIVER

200) "Tcpip" - @C:\Windows\system32\tcpipcfg.dll,-50003
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\tcpip.sys
---> TYPE = KERNEL_DRIVER

201) "TCPIP6" - Microsoft IPv6 Protocol Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER

202) "tcpipreg" - TCP/IP Registry Compatibility
---> STAT = (RUNNING) Started automatically
---> FILE = System32\drivers\tcpipreg.sys
---> TYPE = KERNEL_DRIVER

203) "TDPIPE" - TDPIPE
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\tdpipe.sys
---> TYPE = KERNEL_DRIVER

204) "TDTCP" - TDTCP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\tdtcp.sys
---> TYPE = KERNEL_DRIVER

205) "tdx" - @C:\Windows\system32\tcpipcfg.dll,-50004
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tdx.sys
---> TYPE = KERNEL_DRIVER

206) "TermDD" - Driver di dispositivo terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER

207) "tssecsrv" - @C:\Windows\System32\DRIVERS\tssecsrv.sys,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\tssecsrv.sys
---> TYPE = KERNEL_DRIVER

208) "tunnel" - Driver scheda Microsoft Tunnel Miniport
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\tunnel.sys
---> TYPE = KERNEL_DRIVER

209) "uagp35" - Filtro Microsoft AGPv3.5
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\uagp35.sys
---> TYPE = KERNEL_DRIVER

210) "udfs" - udfs
---> STAT = (NOT RUNNING) Disabled
---> FILE = system32\DRIVERS\udfs.sys
---> TYPE = FILE_SYSTEM_DRIVER

211) "uliagpkx" - Uli AGP Bus Filter
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\uliagpkx.sys
---> TYPE = KERNEL_DRIVER

212) "umbus" - Driver enumeratore UMBus
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\umbus.sys
---> TYPE = KERNEL_DRIVER

213) "UmPass" - Driver Microsoft UMPass
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\umpass.sys
---> TYPE = KERNEL_DRIVER

214) "usbccgp" - Driver principale generico USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbccgp.sys
---> TYPE = KERNEL_DRIVER

215) "usbcir" - Ricevitore infrarossi eHome (USBCIR)
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\usbcir.sys
---> TYPE = KERNEL_DRIVER

216) "usbehci" - Driver Miniport Controller Enhanced Host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER

217) "usbhub" - Driver hub USB standard Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER

218) "usbohci" - Driver miniport per controller open host USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\usbohci.sys
---> TYPE = KERNEL_DRIVER

219) "usbprint" - Classe stampanti USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = KERNEL_DRIVER

220) "usbscan" - Driver scanner USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbscan.sys
---> TYPE = KERNEL_DRIVER

221) "USBSTOR" - Driver archiviazione di massa USB
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER

222) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER

223) "vdrvroot" - Driver enumeratore unità virtuale Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\vdrvroot.sys
---> TYPE = KERNEL_DRIVER

224) "vga"
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\vgapnp.sys
---> TYPE = KERNEL_DRIVER

225) "VgaSave" -
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER

226) "vhdmp"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\vhdmp.sys
---> TYPE = KERNEL_DRIVER

227) "viaide"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\viaide.sys
---> TYPE = KERNEL_DRIVER

228) "volmgr" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\volmgr.sys
---> TYPE = KERNEL_DRIVER

229) "volmgrx" - @C:\Windows\system32\drivers\volmgrx.sys,-100
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\volmgrx.sys
---> TYPE = KERNEL_DRIVER

230) "volsnap" - Volumi di archiviazione
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\volsnap.sys
---> TYPE = KERNEL_DRIVER

231) "vsmraid"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\vsmraid.sys
---> TYPE = KERNEL_DRIVER

232) "vwifibus" - @C:\Windows\System32\drivers\vwifibus.sys,-257
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\System32\drivers\vwifibus.sys
---> TYPE = KERNEL_DRIVER

233) "WacomPen" - Driver HID penna interfaccia seriale Wacom
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\wacompen.sys
---> TYPE = KERNEL_DRIVER

234) "WANARP" - @C:\Windows\system32\rascfg.dll,-32011
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER

235) "Wanarpv6" - @C:\Windows\system32\rascfg.dll,-32012
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER

236) "Wd"
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\wd.sys
---> TYPE = KERNEL_DRIVER

237) "Wdf01000" - Kernel Mode Driver Frameworks service
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\Wdf01000.sys
---> TYPE = KERNEL_DRIVER

238) "WfpLwf" - WFP Lightweight Filter
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\wfplwf.sys
---> TYPE = KERNEL_DRIVER

239) "WIMMount" - WIMMount
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\wimmount.sys
---> TYPE = FILE_SYSTEM_DRIVER

240) "WmiAcpi" - Microsoft Windows Management Interface for ACPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = \SystemRoot\system32\DRIVERS\wmiacpi.sys
---> TYPE = KERNEL_DRIVER

241) "ws2ifsl" - @C:\Windows\System32\drivers\ws2ifsl.sys,-1000
---> STAT = (NOT RUNNING) Disabled
---> FILE = \SystemRoot\system32\drivers\ws2ifsl.sys
---> TYPE = KERNEL_DRIVER

242) "WudfPf" - User Mode Driver Frameworks Platform Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\WudfPf.sys
---> TYPE = KERNEL_DRIVER

243) "WUDFRd"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\WUDFRd.sys
---> TYPE = KERNEL_DRIVER

-----HKLM\system\currentcontrolset\services-----

000) "AeLookupSvc" - @C:\Windows\system32\aelupsvc.dll,-1
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

001) "ALG" - @C:\Windows\system32\Alg.exe,-112
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\alg.exe
---> TYPE = OWN_SERVICE

002) "AMD External Events Utility"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\atiesrxx.exe
---> TYPE = OWN_SERVICE

003) "AppIDSvc" - @C:\Windows\system32\appidsvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

004) "Appinfo" - @C:\Windows\system32\appinfo.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

005) "AudioEndpointBuilder" - @C:\Windows\system32\audiosrv.dll,-204
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

006) "AudioSrv" - @C:\Windows\system32\audiosrv.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

007) "AxInstSV" - @C:\Windows\system32\AxInstSV.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k AxInstSVGroup
---> TYPE = SHARE_SERVICE

008) "BDESVC" - @C:\Windows\system32\bdesvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

009) "BFE" - @C:\Windows\system32\bfe.dll,-1001
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE

010) "BITS" - @C:\Windows\system32\qmgr.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

011) "Browser" - @C:\Windows\system32\browser.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

012) "bthserv" - @C:\Windows\System32\bthserv.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k bthsvcs
---> TYPE = SHARE_SERVICE

013) "CertPropSvc" - @C:\Windows\System32\certprop.dll,-11
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

014) "clr_optimization_v2.0.50727_32" - Microsoft .NET Framework NGEN v2.0.50727_X86
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE

015) "clr_optimization_v2.0.50727_64" - Microsoft .NET Framework NGEN v2.0.50727_X64
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE

016) "clr_optimization_v4.0.30319_32" - Microsoft .NET Framework NGEN v4.0.30319_X86
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
---> TYPE = OWN_SERVICE

017) "clr_optimization_v4.0.30319_64" - Microsoft .NET Framework NGEN v4.0.30319_X64
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
---> TYPE = OWN_SERVICE

018) "COMSysApp" - @comres.dll,-947
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE

019) "CryptSvc" - @C:\Windows\system32\cryptsvc.dll,-1001
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

020) "DcomLaunch" - @oleres.dll,-5012
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k DcomLaunch
---> TYPE = SHARE_SERVICE

021) "defragsvc" - @C:\Windows\system32\defragsvc.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k defragsvc
---> TYPE = OWN_SERVICE

022) "Dhcp" - @C:\Windows\system32\dhcpcore.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

023) "Dnscache" - @C:\Windows\System32\dnsapi.dll,-101
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

024) "dot3svc" - @C:\Windows\system32\dot3svc.dll,-1102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

025) "DPS" - @C:\Windows\system32\dps.dll,-500
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE

026) "EapHost" - @C:\Windows\system32\eapsvc.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

027) "EFS" - @C:\Windows\system32\efssvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\lsass.exe
---> TYPE = SHARE_SERVICE

028) "ehRecvr" - @C:\Windows\ehome\ehrecvr.exe,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\ehome\ehRecvr.exe
---> TYPE = OWN_SERVICE

029) "ehSched" - @C:\Windows\ehome\ehsched.exe,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\ehome\ehsched.exe
---> TYPE = OWN_SERVICE

030) "eventlog" - @C:\Windows\system32\wevtsvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

031) "EventSystem" - @comres.dll,-2450
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

032) "ezSharedSvc" - Easybits Shared Services for Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

033) "Fax" - @C:\Windows\system32\fxsresm.dll,-118
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\fxssvc.exe
---> TYPE = OWN_SERVICE

034) "fdPHost" - @C:\Windows\system32\fdPHost.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

035) "FDResPub" - @C:\Windows\system32\fdrespub.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

036) "FontCache" - @C:\Windows\system32\FntCache.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

037) "FontCache3.0.0.0" - @C:\Windows\system32\PresentationHost.exe,-3309
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE

038) "fsssvc" - Windows Live Family Safety Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe\
---> TYPE = OWN_SERVICE

039) "GameConsoleService" - GameConsoleService
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe\
---> TYPE = OWN_SERVICE

040) "gpsvc" - @gpapi.dll,-112
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

041) "gupdate" - Servizio di Google Update (gupdate)
---> STAT = (NOT RUNNING) Started automatically
---> FILE = \C:\Program Files (x86)\Google\Update\GoogleUpdate.exe\ /svc
---> TYPE = OWN_SERVICE

042) "hidserv" - @C:\Windows\System32\hidserv.dll,-101
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

043) "hkmsvc" - @C:\Windows\system32\kmsvc.dll,-6
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

044) "HomeGroupListener" - @C:\Windows\System32\ListSvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

045) "HomeGroupProvider" - @C:\Windows\System32\provsvc.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

046) "HP Health Check Service" - HP Health Check Service
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\
---> TYPE = OWN_SERVICE

047) "hpqwmiex" - hpqwmiex
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\
---> TYPE = OWN_SERVICE

048) "idsvc" - @C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE

049) "IKEEXT" - @C:\Windows\system32\ikeext.dll,-501
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

050) "IPBusEnum" - @C:\Windows\system32\IPBusEnum.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

051) "iphlpsvc" - @C:\Windows\system32\iphlpsvc.dll,-500
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k NetSvcs
---> TYPE = SHARE_SERVICE

052) "KeyIso" - @keyiso.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE

053) "KtmRm" - @comres.dll,-2946
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

054) "LanmanServer" - @C:\Windows\system32\srvsvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

055) "LanmanWorkstation" - @C:\Windows\system32\wkssvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

056) "LightScribeService" - LightScribeService Direct Disc Labeling Service
---> STAT = (RUNNING) Started automatically
---> FILE = \c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe\
---> TYPE = OWN_SERVICE

057) "lltdsvc" - @C:\Windows\system32\lltdres.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

058) "lmhosts" - @C:\Windows\system32\lmhsvc.dll,-101
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

059) "lxeaCATSCustConnectService" - lxeaCATSCustConnectService
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
---> TYPE = OWN_SERVICE

060) "lxea_device" - lxea_device
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\lxeacoms.exe -service
---> TYPE = OWN_SERVICE

061) "Mcx2Svc" - @C:\Windows\ehome\ehres.dll,-15501
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

062) "MMCSS" - @C:\Windows\system32\mmcss.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

063) "MpsSvc" - @C:\Windows\system32\FirewallAPI.dll,-23090
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE

064) "MSDTC" - @comres.dll,-2797
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\msdtc.exe
---> TYPE = OWN_SERVICE

065) "MSiSCSI" - @C:\Windows\system32\iscsidsc.dll,-5000
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

066) "msiserver" - @C:\Windows\system32\msimsg.dll,-27
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\msiexec.exe /V
---> TYPE = OWN_SERVICE

067) "napagent" - @C:\Windows\system32\qagentrt.dll,-6
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

068) "Netlogon" - @C:\Windows\System32\netlogon.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE

069) "Netman" - @C:\Windows\system32\netman.dll,-109
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

070) "netprofm" - @C:\Windows\system32\netprofm.dll,-202
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

071) "NetTcpPortSharing" - @C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE

072) "NIS" - Norton Internet Security
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\ /s \NIS\ /m \C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\ /prefetch:1
---> TYPE = OWN_SERVICE

073) "NlaSvc" - @C:\Windows\System32\nlasvc.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

074) "nsi" - @C:\Windows\system32\nsisvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

075) "p2pimsvc" - @C:\Windows\system32\pnrpsvc.dll,-8004
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
---> TYPE = SHARE_SERVICE

076) "p2psvc" - @C:\Windows\system32\p2psvc.dll,-8006
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
---> TYPE = SHARE_SERVICE

077) "PcaSvc" - @C:\Windows\system32\pcasvc.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

078) "PerfHost" - @C:\Windows\sysWow64\perfhost.exe,-2
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\SysWow64\perfhost.exe
---> TYPE = OWN_SERVICE

079) "pla" - @C:\Windows\system32\pla.dll,-500
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE

080) "PlugPlay" - @C:\Windows\system32\umpnpmgr.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k DcomLaunch
---> TYPE = SHARE_SERVICE

081) "PNRPAutoReg" - @C:\Windows\system32\pnrpauto.dll,-8002
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
---> TYPE = SHARE_SERVICE

082) "PNRPsvc" - @C:\Windows\system32\pnrpsvc.dll,-8000
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServicePeerNet
---> TYPE = SHARE_SERVICE

083) "PolicyAgent" - @C:\Windows\System32\polstore.dll,-5010
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

084) "Power" - @C:\Windows\system32\umpo.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k DcomLaunch
---> TYPE = SHARE_SERVICE

085) "ProfSvc" - @C:\Windows\system32\profsvc.dll,-300
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

086) "ProtectedStorage" - @C:\Windows\system32\psbase.dll,-300
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE

087) "QWAVE" - @C:\Windows\system32\qwave.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

088) "RasAuto" - @%Systemroot%\system32\rasauto.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

089) "RasMan" - @%Systemroot%\system32\rasmans.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

090) "RemoteAccess" - @%Systemroot%\system32\mprdim.dll,-200
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

091) "RemoteRegistry" - @regsvc.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k regsvc
---> TYPE = SHARE_SERVICE

092) "RpcEptMapper" - @%windir%\system32\RpcEpMap.dll,-1001
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k RPCSS
---> TYPE = SHARE_SERVICE

093) "RpcLocator" - @C:\Windows\system32\Locator.exe,-2
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\locator.exe
---> TYPE = OWN_SERVICE

094) "RpcSs" - @oleres.dll,-5010
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k rpcss
---> TYPE = SHARE_SERVICE

095) "SamSs" - @C:\Windows\system32\samsrv.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE

096) "SBSDWSCService" - SBSD Security Center Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
---> TYPE = OWN_SERVICE

097) "SCardSvr" - @C:\Windows\System32\SCardSvr.dll,-1
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

098) "Schedule" - @C:\Windows\system32\schedsvc.dll,-100
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

099) "SCPolicySvc" - @C:\Windows\System32\certprop.dll,-13
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

100) "SDRSVC" - @C:\Windows\system32\sdrsvc.dll,-107
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k SDRSVC
---> TYPE = OWN_SERVICE

101) "SeaPort" - SeaPort
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\
---> TYPE = OWN_SERVICE

102) "seclogon" - @C:\Windows\system32\seclogon.dll,-7001
---> STAT = (NOT RUNNING) Started manually
---> FILE = %windir%\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

103) "SENS" - @C:\Windows\system32\Sens.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

104) "SensrSvc" - @C:\Windows\System32\sensrsvc.dll,-1000
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

105) "SessionEnv" - @C:\Windows\System32\SessEnv.dll,-1026
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

106) "SharedAccess" - @C:\Windows\system32\ipnathlp.dll,-106
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

107) "ShellHWDetection" - @C:\Windows\System32\shsvcs.dll,-12288
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

108) "SNMPTRAP" - @C:\Windows\system32\snmptrap.exe,-3
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\snmptrap.exe
---> TYPE = OWN_SERVICE

109) "Spooler" - @C:\Windows\system32\spoolsv.exe,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\spoolsv.exe
---> TYPE = OWN_SERVICE

110) "sppsvc" - @C:\Windows\system32\sppsvc.exe,-101
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\Windows\system32\sppsvc.exe
---> TYPE = OWN_SERVICE

111) "sppuinotify" - @C:\Windows\system32\sppuinotify.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

112) "SSDPSRV" - @C:\Windows\system32\ssdpsrv.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

113) "SstpSvc" - @C:\Windows\system32\sstpsvc.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

114) "stisvc" - @C:\Windows\system32\wiaservc.dll,-9
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k imgsvc
---> TYPE = OWN_SERVICE

115) "swprv" - @C:\Windows\System32\swprv.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k swprv
---> TYPE = OWN_SERVICE

116) "SysMain" - @C:\Windows\system32\sysmain.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

117) "TabletInputService" - @C:\Windows\system32\TabSvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

118) "TapiSrv" - @C:\Windows\system32\tapisrv.dll,-10100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

119) "TBS" - @C:\Windows\system32\tbssvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

120) "TermService" - @C:\Windows\System32\termsrv.dll,-268
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

121) "Themes" - @C:\Windows\System32\themeservice.dll,-8192
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

122) "THREADORDER" - @C:\Windows\system32\mmcss.dll,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

123) "TrkWks" - @C:\Windows\system32\trkwks.dll,-1
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

124) "TrustedInstaller" - @C:\Windows\servicing\TrustedInstaller.exe,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\servicing\TrustedInstaller.exe
---> TYPE = OWN_SERVICE

125) "UI0Detect" - @C:\Windows\system32\ui0detect.exe,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\UI0Detect.exe
---> TYPE = OWN_SERVICE

126) "upnphost" - @C:\Windows\system32\upnphost.dll,-213
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

127) "UxSms" - @C:\Windows\system32\dwm.exe,-2000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

128) "VaultSvc" - @C:\Windows\system32\vaultsvc.dll,-1003
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\lsass.exe
---> TYPE = SHARE_SERVICE

129) "vds" - @C:\Windows\system32\vds.exe,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\vds.exe
---> TYPE = OWN_SERVICE

130) "viritsvclite" - VirIT eXplorer Lite
---> STAT = (RUNNING) Started automatically
---> FILE = C:\VEXPLite\viritsvc.exe
---> TYPE = OWN_SERVICE

131) "VSS" - @C:\Windows\system32\vssvc.exe,-102
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\vssvc.exe
---> TYPE = OWN_SERVICE

132) "W32Time" - @C:\Windows\system32\w32time.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

133) "WatAdminSvc" - @C:\Windows\system32\Wat\WatUX.exe,-601
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\Wat\WatAdminSvc.exe
---> TYPE = OWN_SERVICE

134) "wbengine" - @C:\Windows\system32\wbengine.exe,-104
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Windows\system32\wbengine.exe\
---> TYPE = OWN_SERVICE

135) "WbioSrvc" - @C:\Windows\system32\wbiosrvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k WbioSvcGroup
---> TYPE = SHARE_SERVICE

136) "wcncsvc" - @C:\Windows\system32\wcncsvc.dll,-3
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
---> TYPE = SHARE_SERVICE

137) "WcsPlugInService" - @C:\Windows\system32\WcsPlugInService.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k wcssvc
---> TYPE = SHARE_SERVICE

138) "WdiServiceHost" - @C:\Windows\system32\wdi.dll,-502
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

139) "WdiSystemHost" - @C:\Windows\system32\wdi.dll,-500
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

140) "WebClient" - @C:\Windows\system32\webclnt.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

141) "Wecsvc" - @C:\Windows\system32\wecsvc.dll,-200
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

142) "wercplsupport" - @C:\Windows\System32\wercplsupport.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

143) "WerSvc" - @C:\Windows\System32\wersvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k WerSvcGroup
---> TYPE = SHARE_SERVICE

144) "WinDefend" - @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k secsvcs
---> TYPE = SHARE_SERVICE

145) "WinHttpAutoProxySvc" - @C:\Windows\system32\winhttp.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE

146) "Winmgmt" - @%Systemroot%\system32\wbem\wmisvc.dll,-205
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

147) "WinRM" - @%Systemroot%\system32\wsmsvc.dll,-101
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\System32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE

148) "Winsock"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = ADAPTER

149) "Wlansvc" - @C:\Windows\System32\wlansvc.dll,-257
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

150) "wlcrasvc" - Windows Live Mesh remote connections service
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\Program Files\Windows Live\Mesh\wlcrasvc.exe\
---> TYPE = OWN_SERVICE

151) "wlidsvc" - Windows Live ID Sign-in Assistant
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\
---> TYPE = OWN_SERVICE

152) "wmiApSrv" - @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\wbem\WmiApSrv.exe
---> TYPE = OWN_SERVICE

153) "WMPNetworkSvc" - @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
---> STAT = (RUNNING) Started manually
---> FILE = \%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\
---> TYPE = OWN_SERVICE

154) "WPCSvc" - @C:\Windows\system32\wpcsvc.dll,-100
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

155) "WPDBusEnum" - @C:\Windows\system32\wpdbusenum.dll,-100
---> STAT = (RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

156) "wscsvc" - @C:\Windows\System32\wscsvc.dll,-200
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
---> TYPE = SHARE_SERVICE

157) "WSearch" - @C:\Windows\system32\SearchIndexer.exe,-103
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\SearchIndexer.exe /Embedding
---> TYPE = OWN_SERVICE

158) "wuauserv" - @C:\Windows\system32\wuaueng.dll,-105
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE

159) "wudfsvc" - @C:\Windows\system32\wudfsvc.dll,-1000
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
---> TYPE = SHARE_SERVICE

160) "WwanSvc" - @C:\Windows\System32\wwansvc.dll,-257
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
---> TYPE = SHARE_SERVICE

===================== SVCHOST INSTANCES =====================

netsvcs

LocalService

LocalSystemNetworkRestricted

LocalServiceNoNetwork

rpcss

LocalServiceNetworkRestricted

LocalServiceAndNoImpersonation

DcomLaunch

NetworkService

imgsvc

wcssvc

===================== LOADED MODULES =====================

*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown


System pid: 4
Command line: <unable to retrieve>

smss.exe pid: 276
Command line: <no command line>

csrss.exe pid: 404
Command line: <no command line>

wininit.exe pid: 464
Command line: <no command line>

csrss.exe pid: 472
Command line: <no command line>

services.exe pid: 516
Command line: <no command line>

lsass.exe pid: 548
Command line: <no command line>

winlogon.exe pid: 560
Command line: <no command line>

lsm.exe pid: 572
Command line: <no command line>

svchost.exe pid: 696
Command line: <no command line>

svchost.exe pid: 776
Command line: <no command line>

atiesrxx.exe pid: 824
Command line: <no command line>

svchost.exe pid: 896
Command line: <no command line>

svchost.exe pid: 936
Command line: <no command line>

svchost.exe pid: 972
Command line: <no command line>

audiodg.exe pid: 292
Command line: <unable to retrieve>

svchost.exe pid: 552
Command line: <no command line>

svchost.exe pid: 1080
Command line: <no command line>

atieclxx.exe pid: 1200
Command line: <no command line>

spoolsv.exe pid: 1284
Command line: <no command line>

svchost.exe pid: 1312
Command line: <no command line>

svchost.exe pid: 1420
Command line: C:\Windows\SysWOW64\svchost.exe -k netsvcs

Base Size Version Path
0x00090000 0x8000 6.01.7600.16385 C:\Windows\SysWOW64\svchost.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x01b60000 0x23000 3.00.0000.0001 c:\windows\system32\ezsvc7.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\oleaut32.dll
0x74210000 0x21000 6.01.7600.16385 C:\Windows\SysWOW64\ntmarta.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x01600000 0x95000 4.02.0002.0066 c:\windows\system32\ezsvc7x.dll
0x74180000 0x84000 5.82.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\wininet.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll

LSSrvc.exe pid: 1492
Command line: "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

Base Size Version Path
0x00400000 0x12000 1.18.0008.0001 c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x67000000 0x1b000 1.18.0008.0001 c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x76640000 0x5000 6.01.7600.16385 C:\Windows\syswow64\PSAPI.DLL
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x68000000 0xb000 1.18.0008.0001 c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
0x740e0000 0x9b000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x74050000 0x87000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll

lxeacoms.exe pid: 1536
Command line: <no command line>

ccsvchst.exe pid: 1580
Command line: "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1


SeaPort.exe pid: 1648
Command line: "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"

Base Size Version Path
0x00ba0000 0x40000 3.00.0133.0000 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\WS2_32.dll
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x73b90000 0x4f000 6.01.7600.16385 C:\Windows\system32\webio.dll
0x73b80000 0x6000 6.01.7600.16385 C:\Windows\system32\SensApi.dll
0x77120000 0x2d000 6.01.7600.16493 C:\Windows\syswow64\WINTRUST.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x739f0000 0x157000 6.30.7600.16385 C:\Windows\System32\msxml6.dll
0x739d0000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x73d80000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x722d0000 0x38000 6.01.7600.16385 C:\Windows\system32\ncrypt.dll
0x722b0000 0x17000 6.01.7600.16385 C:\Windows\system32\bcrypt.dll
0x72270000 0x3d000 6.01.7600.16385 C:\Windows\SysWOW64\bcryptprimitives.dll
0x72250000 0x16000 6.01.7600.16385 C:\Windows\system32\GPAPI.dll
0x73fb0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x73f00000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\Comctl32.dll
0x6ae10000 0xa0000 109.00.0003.0004 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccL90U.dll
0x721b0000 0x1c000 6.01.7600.16385 C:\Windows\system32\cryptnet.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x73060000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x721a0000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x72ac0000 0x8000 6.01.7600.16385 C:\Windows\system32\credssp.dll
0x72320000 0x3c000 6.01.7600.16385 C:\Windows\system32\mswsock.dll
0x72380000 0x44000 6.01.7600.16385 C:\Windows\system32\DNSAPI.dll
0x73d10000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL

svchost.exe pid: 1708
Command line: <no command line>

VIRITSVC.EXE pid: 1832
Command line: C:\VEXPLite\viritsvc.exe

Base Size Version Path
0x00400000 0x5a000 1.08.0000.0011 C:\VEXPLite\viritsvc.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x10000000 0x21000 1.00.0000.0033 C:\VEXPLite\VIRITUPG.DLL
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\WININET.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x00260000 0x11000 1.01.0004.0000 C:\VEXPLite\zlib.dll
0x6c240000 0x27000 4.00.1183.0001 C:\Windows\system32\CRTDLL.dll

WLIDSVC.EXE pid: 1856
Command line: <no command line>

SDWinSec.exe pid: 1932
Command line: "C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"

Base Size Version Path
0x00400000 0x123000 1.00.0000.0012 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\oleaut32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\shell32.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\crypt32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x73c40000 0x5000 6.01.7600.16385 C:\Windows\system32\msimg32.dll
0x73500000 0x60000 6.01.7600.16385 C:\Windows\system32\wer.dll
0x734a0000 0x52000 6.01.7600.16385 C:\Windows\system32\faultrep.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x73390000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x76640000 0x5000 6.01.7600.16385 C:\Windows\syswow64\psapi.dll
0x732f0000 0x31000 6.01.7600.16385 C:\Windows\system32\wbem\wbemdisp.dll
0x73290000 0x5c000 6.01.7600.16385 C:\Windows\system32\wbemcomn.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\WS2_32.dll
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x73490000 0xa000 6.01.7600.16385 C:\Windows\system32\wbem\wbemprox.dll
0x739d0000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x73d80000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x73200000 0xf000 6.01.7600.16385 C:\Windows\system32\wbem\wbemsvc.dll
0x73110000 0x18000 6.01.7600.16385 C:\Windows\system32\NTDSAPI.dll

WLIDSVCM.EXE pid: 1180
Command line: <no command line>

svchost.exe pid: 2696
Command line: <no command line>

WUDFHost.exe pid: 2920
Command line: <no command line>

svchost.exe pid: 3020
Command line: <no command line>

mscorsvw.exe pid: 1104
Command line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Base Size Version Path
0x0f480000 0x22000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x71e80000 0xbe000 10.00.30319.0001 C:\Windows\system32\MSVCR100_CLR0400.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x72750000 0x4a000 4.00.31106.0000 C:\Windows\system32\mscoree.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x71e20000 0x54000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
0x72900000 0xc000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
0x71db0000 0x66000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll

mscorsvw.exe pid: 320
Command line: <no command line>

HPHC_Service.exe pid: 1960
Command line: <no command line>

SearchIndexer.exe pid: 2568
Command line: <no command line>

taskhost.exe pid: 1040
Command line: <no command line>

ccsvchst.exe pid: 2864
Command line: "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /c /a /s UserSession


dwm.exe pid: 652
Command line: <no command line>

explorer.exe pid: 2900
Command line: <no command line>

SmartMenu.exe pid: 3200
Command line: <no command line>

lxeamon.exe pid: 3220
Command line: "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"

Base Size Version Path
0x00400000 0xc1000 0.01.0025.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x10000000 0x15000 1.00.0000.0001 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacfg.dll
0x00730000 0x61000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x003d0000 0x30000 99.99.0099.0099 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
0x02710000 0x11f000 0.01.0025.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\WS2_32.dll
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x6f970000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x007a0000 0x2a000 0.01.0025.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
0x77120000 0x2d000 6.01.7600.16493 C:\Windows\syswow64\WINTRUST.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x728b0000 0x1b000 0.00.0000.0001 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacnv4.dll
0x02b20000 0xed000 0.01.0025.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamonr.dll
0x65000000 0xcf000 9.02.0014.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacomc.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x02420000 0x4c000 1.28.0000.0000 C:\Windows\system32\lxeasm.dll
0x00900000 0x8000 1.54.0000.0000 C:\Windows\system32\lxeasmr.dll

ezprint.exe pid: 3248
Command line: "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"

Base Size Version Path
0x00400000 0x22000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x10000000 0xaf000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
0x001c0000 0x27000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
0x00020000 0x1d000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x00290000 0x22000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
0x004a0000 0x224000 15.00.0000.0007 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltwvc215u.dll
0x006d0000 0x76000 15.00.0000.0008 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltkrn15u.dll
0x740e0000 0x9b000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x74050000 0x87000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll
0x00750000 0x40000 15.00.0000.0003 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltdis15u.dll
0x00790000 0x2f000 15.00.0000.0015 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltfil15u.dll
0x007c0000 0x33000 15.00.0000.0001 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltimgclr15u.dll
0x00800000 0x1c000 15.00.0000.0002 C:\Program Files (x86)\Lexmark S300-S400 Series\Ltimgutl15u.dll
0x73c40000 0x5000 6.01.7600.16385 C:\Windows\system32\MSIMG32.dll
0x00820000 0xf000 3.207.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x02340000 0x21a000 0.00.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
0x00930000 0xc000 1.267.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
0x00950000 0x17000 1.267.0000.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
0x020a0000 0x56000 15.00.0000.0006 C:\Program Files (x86)\Lexmark S300-S400 Series\LTIMGCOR15U.DLL
0x02560000 0x6c000 15.00.0000.0002 C:\Program Files (x86)\Lexmark S300-S400 Series\LTIMGSFX15U.DLL
0x025d0000 0x35000 15.00.0000.0001 C:\Program Files (x86)\Lexmark S300-S400 Series\LTIMGEFX15U.DLL
0x02620000 0x3e000 15.00.0000.0002 C:\Program Files (x86)\Lexmark S300-S400 Series\LTEFX15U.DLL
0x02670000 0x66000 C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
0x55300000 0x88000 4.00.0001.0002 C:\Program Files (x86)\Lexmark S300-S400 Series\PdfLib.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x739d0000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x73d80000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x02930000 0x25000 2.03.0004.0000 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
0x6e050000 0x66000 7.00.7600.16385 C:\Windows\system32\MSVCP60.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6f380000 0x33000 6.01.7600.16385 C:\Windows\SysWOW64\sti.dll
0x6f8a0000 0x7000 6.01.7600.16385 C:\Windows\system32\wiatrace.dll

HPAdvisor.exe pid: 3256
Command line: "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW

Base Size Version Path
0x01120000 0x19e000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x72750000 0x4a000 4.00.31106.0000 C:\Windows\SYSTEM32\MSCOREE.DLL
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\KERNEL32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x71db0000 0x66000 4.00.30319.0001 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x750c0000 0x591000 2.00.50727.4952 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x740e0000 0x9b000 8.00.50727.4927 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\shell32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x74480000 0xaf8000 2.00.50727.4952 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
0x64020000 0x13000 2.00.50727.4927 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
0x77120000 0x2d000 6.01.7600.16493 C:\Windows\syswow64\WINTRUST.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x74180000 0x84000 5.82.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
0x739d0000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x759c0000 0x2a000 6.01.7600.16385 C:\Windows\syswow64\imagehlp.dll
0x722d0000 0x38000 6.01.7600.16385 C:\Windows\system32\ncrypt.dll
0x722b0000 0x17000 6.01.7600.16385 C:\Windows\system32\bcrypt.dll
0x72270000 0x3d000 6.01.7600.16385 C:\Windows\SysWOW64\bcryptprimitives.dll
0x72250000 0x16000 6.01.7600.16385 C:\Windows\system32\GPAPI.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x73fb0000 0x8e000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
0x73f00000 0xa3000 9.00.30729.4926 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\Comctl32.dll
0x6ae10000 0xa0000 109.00.0003.0004 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccL90U.dll
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x721b0000 0x1c000 6.01.7600.16385 C:\Windows\system32\cryptnet.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x73b80000 0x6000 6.01.7600.16385 C:\Windows\system32\SensApi.dll
0x73060000 0x15000 6.01.7600.16385 C:\Windows\system32\Cabinet.dll
0x721a0000 0xe000 6.01.7600.16385 C:\Windows\system32\DEVRTL.dll
0x6e810000 0x799000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
0x6e4e0000 0x32f000 3.00.6920.5001 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
0x6d280000 0xbaa000 3.00.6920.5001 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
0x6c4d0000 0xdac000 3.00.6920.5001 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
0x73d80000 0xe000 6.01.7600.16385 C:\Windows\system32\RpcRtRemote.dll
0x74320000 0xc000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
0x72920000 0x28000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll
0x71f40000 0x1ac000 3.00.6920.4902 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
0x727d0000 0x5b000 2.00.50727.4927 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x6bf90000 0x536000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
0x6f7e0000 0x36000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll
0x6fb60000 0x28000 3.01.0000.0000 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Common.dll
0x6e0c0000 0xf1000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
0x74300000 0x12000 1.00.51206.0000 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.ObjectBuilder.dll
0x6e000000 0x4e000 2.00.50727.4927 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
0x6be90000 0xf7000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll
0x6be40000 0x42000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
0x6f890000 0xc000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll
0x6dec0000 0x26000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll
0x6b210000 0x12000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
0x6afc0000 0x244000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
0x6dfd0000 0x24000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
0x05bc0000 0x187000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
0x743b0000 0x31000 3.00.6920.4902 C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f050ef6d97c0102333ded4d8d58ffa4e\UIAutomationTypes.ni.dll
0x6efb0000 0x1c3000 6.01.7600.16385 C:\Windows\system32\d3d9.dll
0x750b0000 0x6000 6.01.7600.16385 C:\Windows\system32\d3d8thk.dll
0x6a9a0000 0x371000 8.14.0010.0697 C:\Windows\system32\atiumdag.dll
0x6a6d0000 0x2ca000 8.14.0010.0233 C:\Windows\system32\atiumdva.dll
0x6af60000 0x5e000 3.00.6920.4902 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
0x6def0000 0x3e000 3.00.6920.4902 C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_it_31bf3856ad364e35\PresentationFramework.resources.dll
0x75040000 0xe000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CeeWriter.dll
0x75000000 0x1e000 3.00.6920.4902 C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_it_31bf3856ad364e35\PresentationCore.resources.dll
0x6a290000 0xc0000 3.00.6920.4902 C:\Windows\system32\PresentationNative_v0300.dll
0x6a190000 0xfb000 6.01.7600.16385 C:\Windows\system32\WindowsCodecs.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x74fe0000 0x17000 6.01.7600.16385 C:\Windows\system32\msctfui.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x6aee0000 0x79000 6.01.7600.16385 C:\Windows\system32\mscms.dll
0x74fa0000 0x33000 6.01.7600.16385 C:\Windows\system32\WindowsCodecsExt.dll
0x6a690000 0x38000 6.01.7600.16385 C:\Windows\system32\icm32.dll
0x727c0000 0xe000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
0x6f8b0000 0x8000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
0x67eb0000 0xc000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
0x67850000 0x653000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
0x64e70000 0x2d4000 2.00.50727.4927 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
0x67830000 0xc000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
0x67810000 0x14000 3.01.0000.0000 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
0x67840000 0xa000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
0x5e3a0000 0x8d000 8.00.50727.4927 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
0x67770000 0x8000 3.03.9512.3162 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
0x676a0000 0xc1000 2.00.50727.4927 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll
0x71d60000 0x22000 2.00.0000.0002 C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

TeaTimer.exe pid: 3264
Command line: "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

Base Size Version Path
0x00400000 0x215000 1.06.0004.0026 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\oleaut32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\shell32.dll
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\wininet.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x73c40000 0x5000 6.01.7600.16385 C:\Windows\system32\msimg32.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x6a590000 0x84000 6.01.7600.16385 C:\Windows\system32\hhctrl.ocx
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x73390000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x75090000 0xf000 8.00.7600.16671 C:\Windows\system32\jsproxy.dll
0x76640000 0x5000 6.01.7600.16385 C:\Windows\syswow64\psapi.dll
0x07980000 0x141000 1.06.0002.0015 C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll
0x759c0000 0x2a000 6.01.7600.16385 C:\Windows\syswow64\IMAGEHLP.DLL

sidebar.exe pid: 3280
Command line: <no command line>

hpsysdrv.exe pid: 3376
Command line: "C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"

Base Size Version Path
0x00400000 0x14000 2.10.0000.0000 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll

HP_Remote_Solution.exe pid: 3400
Command line: "C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"

Base Size Version Path
0x00400000 0xaf000 1.00.0001.0000 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.DLL
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x74180000 0x84000 5.82.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.DLL
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.DLL
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x77120000 0x2d000 6.01.7600.16493 C:\Windows\syswow64\WINTRUST.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll

hpwuschd2.exe pid: 3660
Command line: "C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe"

Base Size Version Path
0x00400000 0xd000 80.01.0000.0000 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll

taskeng.exe pid: 4028
Command line: <no command line>

CLMLSvc.exe pid: 4068
Command line: "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

Base Size Version Path
0x00400000 0x32000 4.03.3318.0000 c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x6f970000 0x190000 6.01.7600.16385 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Windows\system32\MSVCP71.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Windows\system32\MSVCR71.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x10000000 0xe3000 4.03.3318.0000 c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x686d0000 0x132000 8.110.7600.16605 C:\Windows\System32\msxml3.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\WININET.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\ws2_32.DLL
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x72380000 0x44000 6.01.7600.16385 C:\Windows\system32\dnsapi.DLL
0x73d10000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x73390000 0xf5000 7.00.7600.16385 C:\Windows\system32\PROPSYS.dll
0x686a0000 0x2f000 1.03.1000.0000 C:\Windows\system32\XmlLite.dll
0x6fea0000 0x9000 6.01.7600.16385 C:\Windows\system32\LINKINFO.dll
0x68670000 0x8000 6.01.7600.16385 C:\Windows\System32\drprov.dll
0x68650000 0x14000 6.01.7600.16385 C:\Windows\System32\ntlanman.dll
0x68630000 0x16000 6.01.7600.16385 C:\Windows\System32\davclnt.dll
0x68620000 0x8000 6.01.7600.16385 C:\Windows\System32\DAVHLPR.dll
0x73c50000 0xf000 6.01.7600.16385 C:\Windows\system32\wkscli.dll
0x6fbb0000 0xb000 6.01.7600.16385 C:\Windows\system32\cscapi.dll
0x73c80000 0x9000 6.01.7600.16385 C:\Windows\system32\netutils.dll
0x77120000 0x2d000 6.01.7600.16493 C:\Windows\syswow64\WINTRUST.dll

McciTrayApp.exe pid: 4088
Command line: "C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe"

Base Size Version Path
0x00400000 0xfa000 5.99.0000.0002 C:\Program Files (x86)\Alice ti aiuta\McciTrayApp.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x73390000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll

MONLITE.EXE pid: 408
Command line: "C:\VEXPLite\MONLITE.EXE"

Base Size Version Path
0x00400000 0x3c9000 6.00.0028.0000 C:\VEXPLite\MONLITE.EXE
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76cc0000 0x7b000 6.01.7600.16385 C:\Windows\syswow64\comdlg32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x74180000 0x84000 5.82.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x10000000 0x21000 1.00.0000.0033 C:\VEXPLite\viritupg.dll
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\WININET.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x00020000 0x11000 1.01.0004.0000 C:\VEXPLite\zlib.dll
0x6c240000 0x27000 4.00.1183.0001 C:\Windows\system32\CRTDLL.dll
0x00840000 0xae000 6.05.0000.0049 C:\VEXPLite\Scan.dll
0x729a0000 0x2d000 5.00.2195.0001 C:\VEXPLite\dbghelp.dll
0x001b0000 0xd000 1.00.0000.0003 C:\VEXPLite\tgdlg.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x02080000 0x71000 1.00.0000.0000 C:\VEXPLite\TGRES.DLL
0x6df30000 0xa0000 6.01.7600.16385 C:\VEXPLite\myreg.qwe
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\ws2_32.DLL
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x72380000 0x44000 6.01.7600.16385 C:\Windows\system32\dnsapi.DLL
0x73d10000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x73b80000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x72200000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x72320000 0x3c000 6.01.7600.16385 C:\Windows\System32\mswsock.dll
0x68570000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x68550000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x68340000 0x27000 7.250.4225.0000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x76640000 0x5000 6.01.7600.16385 C:\Windows\syswow64\PSAPI.DLL
0x72cf0000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x72310000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x68300000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll

wmpnetwk.exe pid: 3488
Command line: <no command line>

PresentationFontCache.exe pid: 108
Command line: <no command line>

MOM.exe pid: 3180
Command line: <unable to retrieve>

CCC.exe pid: 3212
Command line: <no command line>

wuauclt.exe pid: 3704
Command line: <no command line>

iexplore.exe pid: 3152
Command line: <no command line>

iexplore.exe pid: 2916
Command line: <no command line>

iexplore.exe pid: 1348
Command line: <no command line>

iexplore.exe pid: 4904
Command line: <no command line>

sys36982.exe pid: 3004
Command line: "C:\Users\carlo\AppData\Local\Temp\Temp1_sys36982.exe[1].zip\sys36982.exe"

Base Size Version Path
0x00400000 0x39000 C:\Users\carlo\AppData\Local\Temp\Temp1_sys36982.exe[1].zip\sys36982.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x74180000 0x84000 5.82.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x6fd90000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x73390000 0xf5000 7.00.7600.16385 C:\Windows\system32\propsys.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll

runme.exe pid: 3308
Command line: runme.exe

Base Size Version Path
0x00400000 0x5e000 3.06.0000.0007 C:\Users\carlo\AppData\Local\Temp\nss6AB5.tmp\runme.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x72940000 0x153000 6.00.0098.0015 C:\Windows\system32\MSVBVM60.DLL
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x6fd90000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll
0x739d0000 0x16000 6.01.7600.16385 C:\Windows\system32\CRYPTSP.dll
0x735c0000 0x19e000 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.DLL
0x76e90000 0x83000 2001.12.8530.16385 C:\Windows\syswow64\CLBCatQ.DLL
0x67fa0000 0x2a000 5.08.7600.16385 C:\Windows\SysWOW64\scrrun.dll
0x76ff0000 0xf4000 8.00.7600.16671 C:\Windows\syswow64\wininet.dll
0x77280000 0x3000 6.01.7600.16385 C:\Windows\syswow64\Normaliz.dll
0x773f0000 0x35000 6.01.7600.16385 C:\Windows\syswow64\ws2_32.DLL
0x77c90000 0x6000 6.01.7600.16385 C:\Windows\syswow64\NSI.dll
0x72380000 0x44000 6.01.7600.16385 C:\Windows\system32\dnsapi.DLL
0x73d10000 0x7000 6.01.7600.16385 C:\Windows\system32\WINNSI.DLL
0x73b80000 0x6000 6.01.7600.16385 C:\Windows\system32\sensapi.dll
0x72200000 0x10000 6.01.7600.16385 C:\Windows\system32\NLAapi.dll
0x72320000 0x3c000 6.01.7600.16385 C:\Windows\System32\mswsock.dll
0x68570000 0x10000 6.01.7600.16385 C:\Windows\system32\napinsp.dll
0x68550000 0x12000 6.01.7600.16385 C:\Windows\system32\pnrpnsp.dll
0x68340000 0x27000 7.250.4225.0000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x76640000 0x5000 6.01.7600.16385 C:\Windows\syswow64\PSAPI.DLL
0x72cf0000 0x5000 6.01.7600.16385 C:\Windows\System32\wshtcpip.dll
0x72310000 0x6000 6.01.7600.16385 C:\Windows\System32\wship6.dll
0x68300000 0x38000 6.01.7600.16385 C:\Windows\System32\fwpuclnt.dll
0x77870000 0x45000 6.01.7600.16385 C:\Windows\syswow64\WLDAP32.dll

WmiPrvSE.exe pid: 960
Command line: <no command line>

cmd.exe pid: 2844
Command line: cmd /c uuoywfrygn.exe > tempd.txt

Base Size Version Path
0x4ab90000 0x4c000 6.01.7600.16385 C:\Windows\SysWOW64\cmd.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x684b0000 0x7000 6.01.7600.16385 C:\Windows\system32\WINBRAND.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x6fd90000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll

conhost.exe pid: 3940
Command line: <no command line>

uuoywfrygn.exe pid: 4648
Command line: uuoywfrygn.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\Users\carlo\AppData\Local\Temp\nss6AB5.tmp\uuoywfrygn.exe
0x77cc0000 0x180000 6.01.7600.16559 C:\Windows\SysWOW64\ntdll.dll
0x76a00000 0x100000 6.01.7600.16385 C:\Windows\syswow64\kernel32.dll
0x76b00000 0x46000 6.01.7600.16385 C:\Windows\syswow64\KERNELBASE.dll
0x77430000 0xa0000 6.01.7600.16385 C:\Windows\syswow64\ADVAPI32.dll
0x768c0000 0xac000 7.00.7600.16385 C:\Windows\syswow64\msvcrt.dll
0x77260000 0x19000 6.01.7600.16385 C:\Windows\SysWOW64\sechost.dll
0x76da0000 0xf0000 6.01.7600.16385 C:\Windows\syswow64\RPCRT4.dll
0x75830000 0x60000 6.01.7600.16484 C:\Windows\syswow64\SspiCli.dll
0x75820000 0xc000 6.01.7600.16385 C:\Windows\syswow64\CRYPTBASE.dll
0x759c0000 0x2a000 6.01.7600.16385 C:\Windows\syswow64\imagehlp.dll
0x76c50000 0x57000 6.01.7600.16385 C:\Windows\syswow64\SHLWAPI.dll
0x771d0000 0x90000 6.01.7600.16385 C:\Windows\syswow64\GDI32.dll
0x76b50000 0x100000 6.01.7600.16385 C:\Windows\syswow64\USER32.dll
0x76cb0000 0xa000 6.01.7600.16385 C:\Windows\syswow64\LPK.dll
0x75920000 0x9d000 1.626.7600.16385 C:\Windows\syswow64\USP10.dll
0x6fd90000 0xf000 6.01.7600.16385 C:\Windows\system32\samcli.dll
0x77290000 0x15c000 6.01.7600.16624 C:\Windows\syswow64\ole32.dll
0x75890000 0x8f000 6.01.7600.16567 C:\Windows\syswow64\OLEAUT32.dll
0x759f0000 0xc49000 6.01.7600.16644 C:\Windows\syswow64\SHELL32.dll
0x74040000 0xb000 6.01.7600.16385 C:\Windows\system32\profapi.dll
0x6ff10000 0x13000 6.01.7600.16385 C:\Windows\system32\dwmapi.dll
0x776d0000 0x19d000 6.01.7600.16385 C:\Windows\syswow64\SETUPAPI.dll
0x770f0000 0x27000 6.01.7600.16385 C:\Windows\syswow64\CFGMGR32.dll
0x77150000 0x12000 6.01.7600.16385 C:\Windows\syswow64\DEVOBJ.dll
0x76660000 0x135000 8.00.7600.16671 C:\Windows\syswow64\urlmon.dll
0x767a0000 0x11c000 6.01.7600.16385 C:\Windows\syswow64\CRYPT32.dll
0x76650000 0xc000 6.01.7600.16415 C:\Windows\syswow64\MSASN1.dll
0x774d0000 0x1f9000 8.00.7600.16671 C:\Windows\syswow64\iertutil.dll
0x76f20000 0xcc000 6.01.7600.16385 C:\Windows\syswow64\MSCTF.dll

===================== ENCRYPTED FILES =====================


===================== MASTER BOOT RECORD =====================


device: opened successfully
user: MBR read successfully
kernel: error reading MBR

===================== NETWORK SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\-----

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\system32\NLAapi.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\system32\napinsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"

[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008]
"LibraryPath"="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="%SystemRoot%\system32\NLAapi.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\system32\napinsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\system32\pnrpnsp.dll"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"

[Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008]
"LibraryPath"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

[Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll

~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~

Nome host . . . . . . . . . . . . . . : carlo-PC
Suffisso DNS primario . . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Proxy WINS abilitato . . . . . . . . : No
Scheda Ethernet Connessione alla rete locale (LAN):
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione: homenet.telecomitalia.it
Descrizione . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
DHCP abilitato. . . . . . . . . . . . : S
Configurazione automatica abilitata : S
Scheda Tunnel isatap.homenet.telecomitalia.it:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S
Scheda Tunnel Teredo Tunneling Pseudo-Interface:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S

-----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~

Connessioni attive
Proto Indirizzo locale Indirizzo esterno Stato
TCP 0.0.0.0:135 carlo-PC:0 LISTENING
RpcSs
[Sistema]
TCP 0.0.0.0:445 carlo-PC:0 LISTENING
Impossibile ottenere informazioni sulla proprietà
TCP 0.0.0.0:5357 carlo-PC:0 LISTENING
Impossibile ottenere informazioni sulla proprietà
TCP 0.0.0.0:49152 carlo-PC:0 LISTENING
[Sistema]
TCP 0.0.0.0:49153 carlo-PC:0 LISTENING
eventlog
[Sistema]
TCP 0.0.0.0:49154 carlo-PC:0 LISTENING
Schedule
[Sistema]
TCP 0.0.0.0:49155 carlo-PC:0 LISTENING
[Sistema]
TCP 0.0.0.0:49156 carlo-PC:0 LISTENING
[Sistema]
TCP 127.0.0.1:49157 carlo-PC:0 LISTENING
[ccSvcHst.exe]
TCP 192.168.1.2:49396 62.149.131.20:http ESTABLISHED
[MONLITE.EXE]
TCP [::]:135 carlo-PC:0 LISTENING
RpcSs
[Sistema]
TCP [::]:445 carlo-PC:0 LISTENING
Impossibile ottenere informazioni sulla proprietà
TCP [::]:5357 carlo-PC:0 LISTENING
Impossibile ottenere informazioni sulla proprietà
TCP [::]:49152 carlo-PC:0 LISTENING
[Sistema]
TCP [::]:49153 carlo-PC:0 LISTENING
eventlog
[Sistema]
TCP [::]:49154 carlo-PC:0 LISTENING
Schedule
[Sistema]
TCP [::]:49155 carlo-PC:0 LISTENING
[Sistema]
TCP [::]:49156 carlo-PC:0 LISTENING
[Sistema]
TCP [::1]:49158 carlo-PC:0 LISTENING
[ccSvcHst.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[Sistema]
UDP 0.0.0.0:3702 *:*
FDResPub
[Sistema]
UDP 0.0.0.0:3702 *:*
FDResPub
[Sistema]
UDP 0.0.0.0:4500 *:*
IKEEXT
[Sistema]
UDP 0.0.0.0:53104 *:*
FDResPub
[Sistema]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[Sistema]
UDP 127.0.0.1:51533 *:*
[Sistema]
UDP 127.0.0.1:60146 *:*
SSDPSRV
[Sistema]
UDP 127.0.0.1:61486 *:*
[Sistema]
UDP 127.0.0.1:63186 *:*
[Sistema]
UDP [::]:500 *:*
IKEEXT
[Sistema]
UDP [::]:3702 *:*
FDResPub
[Sistema]
UDP [::]:3702 *:*
FDResPub
[Sistema]
UDP [::]:4500 *:*
IKEEXT
[Sistema]
UDP [::]:53105 *:*
FDResPub
[Sistema]
UDP [::1]:1900 *:*
SSDPSRV
[Sistema]
UDP [::1]:60145 *:*
SSDPSRV
[Sistema]

~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~

Nome cond. Risorsa Nota
C$ C:\ Condivisione predefinita
D$ D:\ Condivisione predefinita
IPC$ IPC remoto
ADMIN$ C:\Windows Amministrazione remota

~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~

-----C:\ProgramData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk


===================== HOSTS FILE =====================



===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\Windows\; C:\Windows\system32\


===================== UNINSTALL LIST =====================


-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

[Uninstall]

[Uninstall\AddressBook]

[Uninstall\Adobe Flash Player ActiveX]
"DisplayName"="Adobe Flash Player 10 ActiveX"
"DisplayIcon"="C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe"
"UninstallString"="C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe"

[Uninstall\AliceRV]
"UninstallString"="\"C:\Program Files (x86)\Common Files\AliceRV\uninstall.exe\""
"DisplayName"="Alice ti aiuta"

[Uninstall\Connection Manager]

[Uninstall\DirectDrawEx]

[Uninstall\EasyBits Magic Desktop]
"DisplayName"="Magic Desktop"
"UninstallString"="C:\Windows\system32\ezMDUninstall.exe"
"DisplayIcon"="C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe,0"

[Uninstall\Fontcore]

[Uninstall\Google Chrome]
"DisplayName"="Google Chrome"
"UninstallString"="\"C:\Program Files (x86)\Google\Chrome\Application\8.0.552.215\Installer\setup.exe\" --uninstall --system-level"
"DisplayIcon"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

[Uninstall\HP Remote Solution]
"DisplayIcon"="C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe"
"DisplayName"="HP Remote Solution"
"UninstallString"="\"C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe\" REMOVE=TRUE MODIFY=FALSE"

[Uninstall\IE40]

[Uninstall\IE4Data]

[Uninstall\IE5BAKEX]

[Uninstall\IEData]

[Uninstall\InstallShield Uninstall Information]

[Uninstall\InstallShield Uninstall Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]

[Uninstall\InstallShield Uninstall Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}]

[Uninstall\InstallShield Uninstall Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}]

[Uninstall\InstallShield Uninstall Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}]

[Uninstall\InstallShield Uninstall Information\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}]

[Uninstall\InstallShield Uninstall Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}]

[Uninstall\InstallShield Uninstall Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}]

[Uninstall\InstallShield Uninstall Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}]

[Uninstall\InstallShield Uninstall Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}]

[Uninstall\InstallShield Uninstall Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}]

[Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
"DisplayIcon"=expand:"c:\Windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe"
"DisplayName"="CyberLink DVD Suite Deluxe"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe\" /z-uninstall"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}]
"DisplayIcon"=expand:"c:\Windows\Installer\{3023EBDA-BF1B-4831-B347-E5018555F26E}\ARPPRODUCTICON.exe"
"DisplayName"="Movie Theme Pack for HP MediaSmart Video"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe\" /z-uninstall /zMS"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}]
"DisplayIcon"=expand:"c:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe"
"DisplayName"="Power2Go"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe\" /z-uninstall"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}]
"DisplayIcon"=expand:"C:\Windows\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ARPPRODUCTICON.exe"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe\" /z-uninstall"
"InstallSource"="C:\hp\tmp\Files\Install\64\"

[Uninstall\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}]
"DisplayIcon"=expand:"c:\Windows\Installer\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\ARPPRODUCTICON.exe"
"DisplayName"="HP MediaSmart Music/Photo/Video"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe\" /z-uninstall /zMS"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
"DisplayIcon"=expand:"c:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe"
"DisplayName"="LabelPrint"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe\" /z-uninstall"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}]
"DisplayIcon"=expand:"c:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe"
"DisplayName"="PowerDirector"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe\" /z-uninstall"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}]
"DisplayIcon"=expand:"c:\Windows\Installer\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\ARPPRODUCTICON.exe"
"DisplayName"="HP MediaSmart DVD"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe\" /z-uninstall"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}]
"DisplayIcon"=expand:"c:\Windows\Installer\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\ARPPRODUCTICON.exe"
"DisplayName"="DVD Menu Pack for HP MediaSmart Video"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe\" /z-uninstall /zMS"
"InstallSource"="c:\hp\tmp\src\"

[Uninstall\Malwarebytes' Anti-Malware_is1]
"DisplayName"="Malwarebytes' Anti-Malware"
"DisplayIcon"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"UninstallString"="\"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe\""

[Uninstall\MobileOptionPack]

[Uninstall\My HP Game Console]
"DisplayIcon"="C:\Program Files (x86)\HP Games\HP Game Console\GameConsole.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe\""

[Uninstall\NIS]
"UninstallString"="C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.8.0.5\InstStub.exe /X"
"DisplayIcon"="C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.8.0.5\InstStub.exe,0"
"DisplayName"="Norton Internet Security"
"InstallSource"="C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.6.0.32\"

[Uninstall\SchedulingAgent]

[Uninstall\VirIT eXplorer Lite]
"DisplayIcon"="C:\ProgramData\{E9C6C412-C82A-47A9-884D-52AF077C58B5}\vnlt6787.exe"
"DisplayName"="VirIT eXplorer Lite"
"UninstallString"="\"C:\ProgramData\{E9C6C412-C82A-47A9-884D-52AF077C58B5}\vnlt6787.exe\" REMOVE=TRUE MODIFY=FALSE"

[Uninstall\WIC]

[Uninstall\WildTangent hp Master Uninstall]
"DisplayName"="HP Games"
"DisplayIcon"="C:\Program Files (x86)\HP Games\Uninstall.exe"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Uninstall.exe\""

[Uninstall\WildTangentGameProvider-hp-genres]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe\""

[Uninstall\WildTangentGameProvider-hp-main]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe\""

[Uninstall\WinLiveSuite]
"DisplayName"="Windows Live Essentials"
"DisplayName_Localized"="@C:\Program Files (x86)\Windows Live\Installer\wlsres.dll,-3002"
"DisplayIcon"="C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
"UninstallString"="C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"

[Uninstall\WT065226]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe\""

[Uninstall\WT065277]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\fb65380e-3812-44f7-bbec-128e82369adf.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe\""

[Uninstall\WT065290]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Mah Jong Medley\e551d534-a4ef-4dac-9c20-c80b2c806ad8.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe\""

[Uninstall\WT065295]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Polar Bowler\Polar.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe\""

[Uninstall\WT065296]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Polar Golfer\golf.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe\""

[Uninstall\WT065297]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Super Collapse 3\4bae280a-b121-48bd-9d2c-ec5f3103c761.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Super Collapse 3\Uninstall.exe\""

[Uninstall\WT065305]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\7c599483-924b-4639-bf41-5308bc517100.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe\""

[Uninstall\WT065307]
"DisplayIcon"="C:\Program Files (x86)\HP Games\World of Goo\6e41fe57-1e36-4f26-9b0c-cc7c2417a7d9.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe\""

[Uninstall\WT065308]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\396dddb2-e59d-44c3-9321-6a2dc7f717a3.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe\""

[Uninstall\WT065414]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe\""

[Uninstall\WT065426]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe\""

[Uninstall\WT065446]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Peggle\Peggle.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe\""

[Uninstall\WT065454]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Slingo Deluxe\Slingo.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe\""

[Uninstall\WT065459]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe\""

[Uninstall\WT074389]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Diner Dash\Diner Dash.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe\""

[Uninstall\WT074421]
"DisplayIcon"="C:\Program Files (x86)\HP Games\FATE\fate.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe\""

[Uninstall\WT074441]
"DisplayIcon"="C:\Program Files (x86)\HP Games\THE GAME OF LIFE\704a6f6e-ca20-4e4a-8c72-e4ad7aec251b.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe\""

[Uninstall\WT074442]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Virtual Families\bba80652-58a7-4320-a64f-475fdbda4363.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Virtual Families\Uninstall.exe\""

[Uninstall\WT074585]
"DisplayIcon"="C:\Program Files (x86)\HP Games\Yahtzee\97c6c84d-af97-4b1c-8398-7e568c154911.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\Yahtzee\Uninstall.exe\""

[Uninstall\WT075046]
"DisplayIcon"="C:\Program Files (x86)\HP Games\StoneLoops of Jurassica\StoneLoops.ico"
"UninstallString"="\"C:\Program Files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe\""

[Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\_is6D43\"
"UninstallString"=expand:"MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}"
"DisplayName"="HP Customer Experience Enhancements"

[Uninstall\{0A0EA5EE-B154-B71F-8F19-38D8A7880A2D}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\fi\"
"DisplayName"="CCC Help Finnish"

[Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\ff8eac931cb958b03\"
"UninstallString"=expand:"MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}"
"DisplayName"="Windows Live Installer"

[Uninstall\{0F5BC8D3-3741-4542-AF00-51202A9FD357}]
"InstallSource"="C:\Users\carlo\AppData\Local\Temp\mia1\"
"DisplayName"="VirIT eXplorer Lite"
"UninstallString"="C:\ProgramData\{E9C6C412-C82A-47A9-884D-52AF077C58B5}\vnlt6787.exe"

[Uninstall\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
#### HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\InprocServer32 @="C:\Program Files\Lexmark Toolbar\toolband.dll"
"DisplayIcon"="C:\Program Files\Lexmark Toolbar\toolband.dll,-151"
"DisplayName"="Lexmark Barra degli strumenti"
"UnInstallString"="regsvr32.exe /s /u \"C:\Program Files\Lexmark Toolbar\toolband.dll\""

[Uninstall\{1305721F-9D11-28D6-4905-87C6E1C59483}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\es\"
"DisplayName"="CCC Help Spanish"

[Uninstall\{13D751B7-252D-B3CC-4BA4-E9BEB44E3E52}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\da\"
"DisplayName"="CCC Help Danish"

[Uninstall\{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\MOM-InstallProxy\"
"DisplayName"="Catalyst Control Center InstallProxy"

[Uninstall\{17B4760F-334B-475D-829F-1A3E94A6A4E6}]
"UninstallString"="RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe\" -l0x9 -removeonly"
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="HP Setup"
"DisplayIcon"="C:\Program Files (x86)\Hewlett-Packard\HP Setup\hp.ico"

[Uninstall\{1CC069FA-1A86-402E-9787-3F04E652C67A}]

[Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
"InstallSource"="c:\6842e5acb5c6ab3562\"
"UninstallString"=expand:"MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}"
"DisplayName"="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"

[Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\e3faac41cb958c13\"
"UninstallString"=expand:"MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}"
"DisplayName"="Junk Mail filter update"

[Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="CyberLink DVD Suite Deluxe"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe\" /z-uninstall"
"DisplayIcon"="c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe,0"

[Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\2ff69b81cb958c07\"
"UninstallString"=expand:"MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}"
"DisplayName"="Windows Live SOXE Definitions"

[Uninstall\{23F766D0-ED47-1CDB-43ED-4D796523EE04}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Graphics-Previews-Vista\"
"DisplayName"="Catalyst Control Center Graphics Previews Vista"

[Uninstall\{250C5899-57E3-9FCE-EC65-7D97EB26E801}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\th\"
"DisplayName"="CCC Help Thai"

[Uninstall\{251823D1-E0F5-CF28-9228-23BB9BFA331A}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\ja\"
"DisplayName"="CCC Help Japanese"

[Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\"
"UninstallString"=expand:"MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}"
"DisplayName"="ActiveCheck component for HP Active Support Library"

[Uninstall\{2C68C9C3-EBE9-6E0D-A1F8-2BAAA38BAB31}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\de\"
"DisplayName"="CCC Help German"

[Uninstall\{3023EBDA-BF1B-4831-B347-E5018555F26E}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="Movie Theme Pack for HP MediaSmart Video"
"DisplayIcon"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media Movie Theme Pack\HPTouchSmartVideo.exe,0"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe\" /z-uninstall"

[Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\163c68cf1cb958c1c\"
"UninstallString"=expand:"MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}"
"DisplayName"="Windows Live Photo Gallery"

[Uninstall\{34A08914-7A33-4040-A959-1577BF5AFF8A}]
"UninstallString"=expand:"MsiExec.exe /I{34A08914-7A33-4040-A959-1577BF5AFF8A}"
"DisplayName"="Microsoft Works"
"InstallSource"=""

[Uninstall\{363B792C-587F-FC44-52ED-CC96C40189DD}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Graphics-Full-New\"
"DisplayName"="Catalyst Control Center Graphics Full New"

[Uninstall\{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\ceda75d1cb958c12\"
"UninstallString"=expand:"MsiExec.exe /X{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}"
"DisplayName"="Windows Live Messenger"

[Uninstall\{3F461172-D41D-D4DC-C5FF-DD55047BFB62}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Localization\All\"
"DisplayName"="Catalyst Control Center Localization All"

[Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="Power2Go"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe\" /z-uninstall"
"DisplayIcon"="c:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe,0"

[Uninstall\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\Advisor\{558AE8B0-CE1F-4325-AE75-84A00D7376BF}\"
"UninstallString"=expand:"MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}"
"DisplayName"="HP Advisor"

[Uninstall\{43C93F31-8A0A-D660-1EA8-A50AFC3AF08E}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\pt-BR\"
"DisplayName"="CCC Help Portuguese"

[Uninstall\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}]
"InstallSource"="C:\hp\tmp\Files\Install\64\"
"DisplayName"="Recovery Manager"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe\" /z-uninstall"
"DisplayIcon"="C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe,0"

[Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}]
"InstallSource"="C:\Users\carlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZSE0MBF\"
"UninstallString"=expand:"MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}"
"DisplayName"="HiJackThis"

[Uninstall\{46872828-6453-4138-BE1C-CE35FBF67978}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\248249141cb958c2b\"
"UninstallString"=expand:"MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}"
"DisplayName"="Windows Live Mesh"

[Uninstall\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\548fc3c1cb958c0b\"
"UninstallString"=expand:"MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}"
"DisplayName"="Windows Live PIMT Platform"

[Uninstall\{5585CB69-5BD3-7BCB-C8E9-8801153AEA7E}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Graphics-Previews-Common\"
"DisplayName"="Catalyst Control Center Graphics Previews Common"

[Uninstall\{57A67EC6-0652-4C0A-B8D4-20CD437AD033}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Branding\"
"UninstallString"=expand:"MsiExec.exe /I{57A67EC6-0652-4C0A-B8D4-20CD437AD033}"
"DisplayName"="Catalyst Control Center - Branding"

[Uninstall\{5BABB201-7E5C-4C94-A4D0-E2AF0DB2CCBC}]
"DisplayIcon"="C:\Program Files (x86)\Alice Messenger\icons\alice.ico,0"
"InstallSource"="E:\sw_update\am\"
"UninstallString"=expand:"MsiExec.exe /I{5BABB201-7E5C-4C94-A4D0-E2AF0DB2CCBC}"
"DisplayName"="Alice Messenger"

[Uninstall\{5C7C6A1A-472A-6A71-B76B-6362E7D754C1}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\el\"
"DisplayName"="CCC Help Greek"

[Uninstall\{60A01572-96E0-0992-7D46-A14DE39DF744}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\hu\"
"DisplayName"="CCC Help Hungarian"

[Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\"
"UninstallString"=expand:"MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}"
"DisplayName"="HPAsset component for HP Active Support Library"

[Uninstall\{66A7B066-7B5A-D0C8-CD4A-3956F28D0F19}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Core-Implementation\"
"DisplayName"="Catalyst Control Center Core Implementation"

[Uninstall\{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\138c7b201cb958c19\"
"UninstallString"=expand:"MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}"
"DisplayName"="Windows Live Mail"

[Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\3551b421cb958c08\"
"UninstallString"=expand:"MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}"
"DisplayName"="Windows Live SOXE"

[Uninstall\{6DB7AD00-F781-11DF-9EEF-001279CD8240}]
"InstallSource"="C:\Users\carlo\AppData\Local\Temp\._msige60\"
"UninstallString"=expand:"MsiExec.exe /X{6DB7AD00-F781-11DF-9EEF-001279CD8240}"
"DisplayName"="Google Earth"

[Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\IXP001.TMP\"
"UninstallString"=expand:"MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}"
"DisplayName"="Microsoft Visual C++ 2005 Redistributable"

[Uninstall\{72C13C57-30D0-A4F2-0152-93497B41B4D1}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\it\"
"DisplayName"="CCC Help Italian"

[Uninstall\{73FC3510-6421-40F7-9503-EDAE4D0CF70D}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\c7dc6b01cb958c11\"
"UninstallString"=expand:"MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}"
"DisplayName"="Windows Live Photo Common"

[Uninstall\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}]
"InstallSource"="C:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}\"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}\setup.exe\" -runfromtemp -l0x0409 -removeonly"
"DisplayName"="HP Support Assistant"
"DisplayIcon"=expand:"C:\Windows\Installer\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}\ARPPRODUCTICON.exe"

[Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]
"InstallSource"="c:\e3dc79da7ad7474347e237be\"
"UninstallString"=expand:"MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}"
"DisplayName"="Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"

[Uninstall\{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\27f5679a1cb958c2f\"
"UninstallString"=expand:"MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}"
"DisplayName"="Windows Live Messenger Companion Core"

[Uninstall\{82507042-E161-7BC4-C0F8-2CC89FA78B08}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\en-us\"
"DisplayName"="CCC Help English"

[Uninstall\{82FC3904-4B76-4A96-B62B-2BEDAA03949B}]
"UninstallString"="RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files (x86)\InstallShield Installation Information\{82FC3904-4B76-4A96-B62B-2BEDAA03949B}\setup.exe\" -l0x10 -uninst"
"DisplayName"="Installazione Guidata Alice"
"DisplayIcon"="C:\Program Files (x86)\Telecom Italia\ADSL Wizzy\alice.ico"

[Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
"InstallSource"="c:\91eb51d96b1dbe271a68\"
"UninstallString"=expand:"MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
"DisplayName"="MSXML 4.0 SP2 (KB954430)"

[Uninstall\{882CB5E3-A35E-64EA-502B-B5ACBCDB0E10}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\zh-CHS\"
"DisplayName"="CCC Help Chinese Standard"

[Uninstall\{88B9E14A-8D6F-1C30-4058-3874FDC8EB2C}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\HydraVision\"
"UninstallString"=expand:"MsiExec.exe /X{88B9E14A-8D6F-1C30-4058-3874FDC8EB2C}"
"DisplayName"="HydraVision"

[Uninstall\{89BF497F-006C-8EDF-D631-DD571B5F34AD}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\fr\"
"DisplayName"="CCC Help French"

[Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
"InstallSource"="c:\118410abcb1bc345a45c\"
"UninstallString"=expand:"MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
"DisplayName"="Microsoft Silverlight"

[Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1e6661001cb958c24\"
"UninstallString"=expand:"MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}"
"DisplayName"="Mesh Runtime"

[Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1a8a3911cb958c05\"
"UninstallString"=expand:"MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}"
"DisplayName"="MSVCRT"

[Uninstall\{900CD40F-16D4-0823-9CC5-13C400292E70}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Core-Static\"
"DisplayName"="ccc-core-static"

[Uninstall\{90120000-0020-0410-0000-0000000FF1CE}]
"InstallSource"="C:\hp\MsWorks\it\MSWorks\redist\ocp\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0020-0410-0000-0000000FF1CE}"
"DisplayName"="Pacchetto di compatibilità per Office System 2007"

[Uninstall\{92CB7642-7B94-0386-712C-B56625BEE89F}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\zh-CHT\"
"DisplayName"="CCC Help Chinese Traditional"

[Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1a6df56b1cb958c1f\"
"UninstallString"=expand:"MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}"
"DisplayName"="Windows Live Movie Maker"

[Uninstall\{93E464B3-D075-4989-87FD-A828B5C308B1}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\119d5ce71cb958c17\"
"UninstallString"=expand:"MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}"
"DisplayName"="Windows Live Writer Resources"

[Uninstall\{95120000-00AF-0410-0000-0000000FF1CE}]
"InstallSource"="C:\hp\MsWorks\it\MSWorks\redist\ppv\"
"UninstallString"=expand:"MsiExec.exe /X{95120000-00AF-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office PowerPoint Viewer 2007 (Italian)"

[Uninstall\{9A169679-3201-2C0C-9F31-D9ED7C2CF73A}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Graphics-Light\"
"DisplayName"="Catalyst Control Center Graphics Light"

[Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
"InstallSource"="c:\f1ff2645f6a425431043\"
"UninstallString"=expand:"MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
"DisplayName"="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"

[Uninstall\{9A3F79A0-6348-1AEC-C74E-D0839CF67E66}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\nl\"
"DisplayName"="CCC Help Dutch"

[Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\10338bbe1cb958c16\"
"UninstallString"=expand:"MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}"
"DisplayName"="Windows Live Mail"

[Uninstall\{9F6667C6-1653-9F63-C529-A46BDFB752C1}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\no\"
"DisplayName"="CCC Help Norwegian"

[Uninstall\{A447DD0F-CF77-8088-4A7E-E6EBA1AF288B}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\tr\"
"DisplayName"="CCC Help Turkish"

[Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1ca47cec1cb958c21\"
"UninstallString"=expand:"MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}"
"DisplayName"="Windows Live Writer"

[Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Program Files (x86)\Google\Update\1.2.183.39\"
"UninstallString"=expand:"MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"DisplayName"="Google Update Helper"

[Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\7bb06241cb958c0e\"
"UninstallString"=expand:"MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}"
"DisplayName"="Windows Live Photo Common"

[Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\126c749f1cb958c18\"
"UninstallString"=expand:"MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}"
"DisplayName"="Windows Live Writer"

[Uninstall\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}]
"InstallSource"="E:\OCR\Abbyy\"
"UninstallString"=expand:"MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"
"DisplayName"="ABBYY FineReader 6.0 Sprint"

[Uninstall\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="HP MediaSmart Music/Photo/Video"
"DisplayIcon"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe,0"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe\" /z-uninstall"

[Uninstall\{B34C21F4-19EF-226B-DFC6-CDE873D4765D}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\pl\"
"DisplayName"="CCC Help Polish"

[Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1]
"DisplayName"="Spybot - Search & Destroy"
"DisplayIcon"="C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
"UninstallString"="\"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe\""

[Uninstall\{B7DD783E-EE11-4B68-AF39-71AE2C457015}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\2c26bcff1ca8302\"
"UninstallString"=expand:"MsiExec.exe /X{B7DD783E-EE11-4B68-AF39-71AE2C457015}"
"DisplayName"="Windows Live Sync"

[Uninstall\{B8AC1A89-FFD1-4F97-8051-E505A160F562}]
"InstallSource"="C:\hp\tmp\"
"DisplayName"="HP Odometer"

[Uninstall\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}]
"InstallSource"="C:\hp\tmp\"
"DisplayName"="HP Support Information"

[Uninstall\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}]
"InstallSource"="C:\Users\Administrator\AppData\Local\Temp\7zSD2D8.tmp\"
"UninstallString"=expand:"MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}"
"DisplayName"="Norton Online Backup"

[Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="LabelPrint"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe\" /z-uninstall"
"DisplayIcon"="c:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe,0"

[Uninstall\{C611CF88-969D-43E6-A877-D6D6439DD081}]
"InstallSource"="C:\Users\ADMINI~1\AppData\Local\Temp\mia1\"
"DisplayName"="HP Remote Solution"
"UninstallString"="C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe"

[Uninstall\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\225c6b351cb958c28\"
"UninstallString"=expand:"MsiExec.exe /I{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}"
"DisplayName"="Windows Live Mesh ActiveX Control for Remote Connections"

[Uninstall\{C7DAD22D-29D4-438F-B986-03B9ED582EA4}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\28712f281cb958c30\"
"UninstallString"=expand:"MsiExec.exe /I{C7DAD22D-29D4-438F-B986-03B9ED582EA4}"
"DisplayName"="Messenger Companion"

[Uninstall\{CA68D835-CFBB-4140-310C-24E531EED00B}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\HydraVision-Full\"
"DisplayName"="Catalyst Control Center HydraVision Full"

[Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="PowerDirector"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe\" /z-uninstall"
"DisplayIcon"="c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe,0"

[Uninstall\{CC8E94A2-55C7-4460-953C-2A790180578C}]
"InstallSource"="c:\hp\bin\LSS\"
"UninstallString"=expand:"MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}"
"DisplayName"="LightScribe System Software"

[Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\fd82fdd71cb958b01\"
"UninstallString"=expand:"MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}"
"DisplayName"="Windows Live UX Platform"

[Uninstall\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}]
"DisplayIcon"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"InstallSource"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Installers\SearchEnhancementPack3.0.133\"
"UninstallString"=expand:"MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}"
"DisplayName"="Microsoft Search Enhancement Pack"

[Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\ee64b171cb958c14\"
"UninstallString"=expand:"MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}"
"DisplayName"="MSVCRT_amd64"

[Uninstall\{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\fe782b931cb958b02\"
"UninstallString"=expand:"MsiExec.exe /I{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}"
"DisplayName"="Windows Live UX Platform Language Pack"

[Uninstall\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
#### HKCR\CLSID\{D2C5E510-BE6D-42CC-9F61-E4F939078474}\InprocServer32 @="C:\Program Files\Lexmark Printable Web\bho.dll"
"DisplayIcon"="C:\Program Files\Lexmark Printable Web\bho.dll,-151"
"DisplayName"="Lexmark "
"UnInstallString"="regsvr32.exe /s /u \"C:\Program Files\Lexmark Printable Web\bho.dll\""

[Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\41d0ed91cb958c09\"
"UninstallString"=expand:"MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}"
"DisplayName"="Windows Live Communications Platform"

[Uninstall\{D46D081B-F60E-467E-A7C4-117B70D76731}]
"InstallSource"="c:\hp\Drivers\hpsu\"
"UninstallString"=expand:"MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}"
"DisplayName"="HP Update"

[Uninstall\{D5D1C55B-CF2E-6DF9-B7D1-7D459605E095}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\cs\"
"DisplayName"="CCC Help Czech"

[Uninstall\{DCCAD079-F92C-44DA-B258-624FC6517A5A}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="HP MediaSmart DVD"
"DisplayIcon"="c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe,0"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe\" /z-uninstall"

[Uninstall\{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1d22a5db1cb958c22\"
"UninstallString"=expand:"MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}"
"DisplayName"="Windows Live Writer"

[Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\21a782a01cb958c27\"
"UninstallString"=expand:"MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}"
"DisplayName"="Windows Live Mesh"

[Uninstall\{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\62870b1cb958c04\"
"UninstallString"=expand:"MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}"
"DisplayName"="Windows Live Essentials"

[Uninstall\{DF487E0B-8B2F-430B-A7F9-94DEF592555D}]
"InstallSource"="E:\sw_update\am\"
"UninstallString"=expand:"MsiExec.exe /I{DF487E0B-8B2F-430B-A7F9-94DEF592555D}"
"DisplayName"="RTC Client API v1.3 msm"

[Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\23052011cb958c06\"
"UninstallString"=expand:"MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}"
"DisplayName"="D3DX10"

[Uninstall\{E9E34215-82EF-4909-BE2F-F581F0DC9062}]
"InstallSource"="C:\hp\tmp\src\"
"DisplayName"="DirectX for Managed Code Update (Summer 2004)"

[Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\a50c4b01cb958c10\"
"UninstallString"=expand:"MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}"
"DisplayName"="Windows Live Messenger"

[Uninstall\{ED16B700-D91F-44B0-867C-7EB5253CA38D}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\188399f21cb958c1d\"
"UninstallString"=expand:"MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}"
"DisplayName"="Raccolta foto di Windows Live"

[Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\c3e8401ca8302\"
"UninstallString"=expand:"MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"
"DisplayName"="Microsoft SQL Server 2005 Compact Edition [ENU]"

[Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
"DisplayName"="Realtek High Definition Audio Driver"
"UninstallString"="RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe\" -removeonly"
"DisplayIcon"="C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe"
"InstallSource"="c:\hp\Drivers\Realtek_HDAudio\"

[Uninstall\{F580CD50-FEE4-BD23-6E92-06E097A62179}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Graphics-Full-Existing\"
"DisplayName"="Catalyst Control Center Graphics Full Existing"

[Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
"InstallSource"="c:\a7f04363f7a651e8988899250f6256f4\"
"UninstallString"=expand:"MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
"DisplayName"="MSXML 4.0 SP2 (KB973688)"

[Uninstall\{F739E726-0A18-D419-C1CF-9DD9164CB63C}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\ko\"
"DisplayName"="CCC Help Korean"

[Uninstall\{F8D69CD2-512F-2BA9-EE88-B24B3380851B}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\ru\"
"DisplayName"="CCC Help Russian"

[Uninstall\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}]
"InstallSource"="c:\hp\tmp\src\"
"DisplayName"="DVD Menu Pack for HP MediaSmart Video"
"DisplayIcon"="c:\Program Files (x86)\Hewlett-Packard\TouchSmart\DVD Menu Pack\HPTouchSmartVideo.exe,0"
"UninstallString"="\"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe\" /z-uninstall"

[Uninstall\{FEDF630C-92DC-3EC1-04A7-2F32B34DB801}]
"InstallSource"="C:\HP\DRIVERS\ATI_GRAPHICS\PACKAGES\APPS\CCC\Help\sv\"
"DisplayName"="CCC Help Swedish"

[Uninstall\{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}]
"InstallSource"="C:\Program Files (x86)\Common Files\Windows Live\.cache\1b67e5e81cb958c20\"
"UninstallString"=expand:"MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}"
"DisplayName"="Windows Live Movie Maker"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

==========================================
Scan completed in 5 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work



Ho postato quello giusto?
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.