[RESOLVED] Mysterious Pop Up When Opening Firefox - Refers to http://techblog4uonly.blogspot.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: [RESOLVED] Mysterious Pop Up When Opening Firefox - Refers to http://techblog4uonly.blogspot.com

  1. #1
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156

    Resolved [RESOLVED] Mysterious Pop Up When Opening Firefox - Refers to http://techblog4uonly.blogspot.com

    So, every time I open Firefox, this pop up comes up on my left screen, top. It protrudes off the screen, and all that is seen is pictured. Attachment 11127
    We run Trend Micro on a server here in the office, and it is currently online, and updated.
    I've ran Malware Bytes, as well as aswMBR. Here are their logs:
    Malware Bytes:
    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.26.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sean :: SEANNEW-PC [administrator]

    Protection: Enabled

    2/26/2013 9:25
    mbam-log-2013-02-26 (09-25-05).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 500483
    Time elapsed: 1 hour(s), 31 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    aswMBR:
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-26 09:23:17
    -----------------------------
    09:23:17.881 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:23:17.881 Number of processors: 4 586 0x2A07
    09:23:17.881 ComputerName: SEANNEW-PC UserName: Sean
    09:23:20.511 Initialize success
    09:23:23.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    09:23:23.891 Disk 0 Vendor: WDC_WD5000AAKX-753CA1 19.01H19 Size: 476940MB BusType: 3
    09:23:23.891 Disk 0 MBR read successfully
    09:23:23.901 Disk 0 MBR scan
    09:23:23.901 Disk 0 Windows VISTA default MBR code
    09:23:23.901 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    09:23:23.911 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12442 MB offset 81920
    09:23:23.911 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464457 MB offset 25563136
    09:23:23.911 Disk 0 scanning C:\Windows\system32\drivers
    09:23:28.071 Service scanning
    09:23:37.401 Modules scanning
    09:23:37.401 Disk 0 trace - called modules:
    09:23:37.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    09:23:37.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a94060]
    09:23:37.421 3 CLASSPNP.SYS[fffff880018c943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007542060]
    09:23:37.431 Scan finished successfully
    09:23:54.381 Disk 0 MBR has been saved successfully to "C:\Users\sean\Desktop\MBR.dat"
    09:23:54.391 The log file has been saved successfully to "C:\Users\sean\Desktop\aswMBR.txt"
    Here is what DDS had to say:
    1/9/2013 1:07 ----a-w- C:\Windows\System32\vbscript.dll
    1/9/2013 1:04 ----a-w- C:\Windows\System32\mshtml.tlb
    1/8/2013 22:11 ----a-w- C:\Windows\SysWow64\jscript9.dll
    1/8/2013 22:03 ----a-w- C:\Windows\SysWow64\wininet.dll
    1/8/2013 22:03 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    1/8/2013 21:59 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    1/8/2013 21:58 ----a-w- C:\Windows\SysWow64\vbscript.dll
    1/8/2013 21:56 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    1/4/2013 4:43 ----a-w- C:\Windows\apppatch\acwow64.dll
    12/16/2012 17:11 ----a-w- C:\Windows\System32\atmlib.dll
    12/16/2012 14:45 ----a-w- C:\Windows\System32\atmfd.dll
    12/16/2012 14:13 ----a-w- C:\Windows\SysWow64\atmfd.dll
    12/16/2012 14:13 ----a-w- C:\Windows\SysWow64\atmlib.dll
    12/7/2012 13:20 ----a-w- C:\Windows\System32\Wpc.dll
    12/7/2012 13:15 ----a-w- C:\Windows\System32\gameux.dll
    12/7/2012 12:26 ----a-w- C:\Windows\SysWow64\Wpc.dll
    12/7/2012 12:20 ----a-w- C:\Windows\SysWow64\gameux.dll
    12/7/2012 11:20 ----a-w- C:\Windows\System32\usk.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\csrr.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\oflc.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\oflc-nz.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\pegibbfc.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\pegi-fi.rs
    12/7/2012 11:20 ----a-w- C:\Windows\System32\pegi-pt.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\pegi.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\fpb.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\cob-au.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\grb.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\djctq.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\cero.rs
    12/7/2012 11:19 ----a-w- C:\Windows\System32\esrb.rs
    11/30/2012 5:45 ----a-w- C:\Windows\System32\wow64win.dll
    11/30/2012 5:45 ----a-w- C:\Windows\System32\wow64.dll
    11/30/2012 5:45 ----a-w- C:\Windows\System32\wow64cpu.dll
    11/30/2012 5:43 ----a-w- C:\Windows\System32\ntvdm64.dll
    11/30/2012 5:41 ----a-w- C:\Windows\System32\KernelBase.dll
    11/30/2012 4:53 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    11/30/2012 3:23 ----a-w- C:\Windows\System32\conhost.exe
    11/30/2012 2:38 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    11/30/2012 2:38 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    11/30/2012 2:38 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    11/30/2012 2:38 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 11:08:53.73 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/19/2011 11:59:53 AM
    System Uptime: 2/13/2013 9:09:22 PM (302 hours ago)
    .
    Motherboard: Dell Inc. | | 0M5DCD
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 273.46 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP171: 2/12/2013 2:04:15 AM - Windows Update
    RP172: 2/13/2013 9:00:13 PM - Windows Update
    RP173: 2/19/2013 2:33:10 AM - Windows Update
    RP174: 2/22/2013 3:43:52 AM - Windows Update
    RP175: 2/22/2013 1:00:03 PM - Installed Java 7 Update 15
    RP176: 2/22/2013 1:01:46 PM - Installed Java 7 Update 15 (64-bit)
    RP177: 2/26/2013 3:43:47 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ĶTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    BID
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Desktop
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Conexant HD Audio
    CyberLink PowerDVD 9.5
    D3DX10
    Dell Backup and Recovery Manager
    Dell Client System Update
    Dell Edoc Viewer
    Dell Laser MFP 1815 Software Uninstall
    FileZilla Client 3.5.2
    Google Chrome
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java 7 Update 15
    Java 7 Update 15 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MV200Z_PU
    Nero 7 Demo
    Octoshape add-in for Adobe Flash Player
    Order Manager PDF Writer
    PL-2303 USB-to-Serial
    PowerISO
    QBFC 7.0
    QuickBooks
    QuickBooks Pro 2009
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skypeô 5.5
    Stone Edge Order Manager
    SupportSoft Assisted Service
    Trend Micro Client/Server Security Agent
    Trend Micro Worry-Free Business Security Agent
    Uninstall Dell PC Fax
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== End Of File ===========================
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  2. #2
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    Image didn't load last time.. Maybe this time?
    Capture.JPG
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  3. #3
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    12,606
    Did you double check to make sure that FireFox isn't set to load any previous pages at start up?

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,887
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    =============================

    DDS.txt log is incomplete. Please redo.

    Download RogueKiller on the desktop

    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again



    Download Malwarebytes Anti-Rootkit (MBAR) from HERE

    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

  5. #5
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    I re-ran DDS, as well as ran Rogue, and am running the MalwareBytes Anti-Rootkit now, will probably take about another hour... Will let it run overnight. Here are the logs so far:
    DDS Again:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
    Run by Sean at 16:54:19 on 2013-02-26
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8165.5486 [GMT -5:00]
    .
    AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\SysWOW64\NEWTScannerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Windows Internet Explorer provided by Powered by Meadows Medical Supply!
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe -update plugin
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [DellNSCST_GRNCH] "C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
    mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoWelcomeScreen = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableInstallerDetection = dword:0
    mPolicies-System: EnableSecureUIAPaths = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://192.168.17.114:4343/officescan/console/ClientInstall/WinNTChk.cab
    DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://192.168.17.114:4343/officescan/console/ClientInstall/setupini.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://192.168.17.114:4343/officescan/console/ClientInstall/setup.cab
    DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://192.168.17.114:4343/officescan/console/ClientInstall/RemoveCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://192.168.17.114:4343/SMB/console/html/root/AtxEnc.cab
    DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://192.168.17.114:4343/SMB/console/html/root/AtxConsole.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.17.111
    TCP: Interfaces\{3659B84D-3D58-46EC-B2D8-B20EF260CB1C} : DHCPNameServer = 192.168.17.111
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
    x64-Run: [OfficeScanNT Monitor] -HideWindow
    x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
    x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
    x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\pij62fst.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\sean\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-25 09:44; adblockpopups@jessehakanen.net; C:\Users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\pij62fst.default\extensions\adblockpopups@jessehakanen.net.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-12 203776]
    R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-12-2 272816]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-21 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-21 682344]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2011-10-20 11576]
    R2 SvcNEWTScanner;NEWTScanner Service;C:\Windows\SysWOW64\NEWTScannerSvc.exe [2011-11-30 78576]
    R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-12-2 69904]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-21 24176]
    R3 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-12 413800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-12 317440]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 svclocal;svclocal;C:\dell\drivers\R240574\Dell1815dn_Driver_ONLY_Win7(64bits)\svclocal.exe [2011-10-20 58608]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2/26/2013 8:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F20D1DE4-495C-4E4C-9562-F1543814B72A}\offreg.dll
    2/26/2013 8:44 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F20D1DE4-495C-4E4C-9562-F1543814B72A}\mpengine.dll
    2/22/2013 18:02 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2/22/2013 18:02 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2/22/2013 18:01 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2/22/2013 18:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2/21/2013 14:07 -------- d-----w- C:\Users\sean\AppData\Roaming\Malwarebytes
    2/21/2013 14:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2/21/2013 14:07 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2/21/2013 14:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2/21/2013 14:07 -------- d-----w- C:\Users\sean\AppData\Local\Programs
    2/20/2013 14:50 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2/20/2013 14:50 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2/15/2013 19:09 -------- d-----w- C:\Users\sean\AppData\Roaming\uTorrent
    2/14/2013 2:01 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2/14/2013 2:01 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2/13/2013 10:15 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2/13/2013 10:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2/13/2013 10:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2/13/2013 10:15 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2/13/2013 10:15 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2/13/2013 10:15 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2/13/2013 10:15 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2/13/2013 10:15 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2/13/2013 10:15 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2/13/2013 10:15 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2/13/2013 10:15 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2/13/2013 10:15 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2/1/2013 19:56 -------- d-----w- C:\Eddata
    .
    ==================== Find3M ====================
    .
    2/22/2013 18:01 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2/22/2013 18:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2/22/2013 17:52 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2/22/2013 17:52 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    1/17/2013 6:28 273840 ------w- C:\Windows\System32\MpSigStub.exe
    1/9/2013 1:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    1/9/2013 1:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
    1/9/2013 1:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    1/9/2013 1:07 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    1/9/2013 1:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
    1/9/2013 1:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    1/8/2013 22:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    1/8/2013 22:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    1/8/2013 22:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    1/8/2013 21:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    1/8/2013 21:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    1/8/2013 21:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    1/4/2013 4:43 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    12/16/2012 17:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
    12/16/2012 14:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    12/16/2012 14:13 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    12/16/2012 14:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    12/7/2012 13:20 441856 ----a-w- C:\Windows\System32\Wpc.dll
    12/7/2012 13:15 2746368 ----a-w- C:\Windows\System32\gameux.dll
    12/7/2012 12:26 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    12/7/2012 12:20 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    12/7/2012 11:20 30720 ----a-w- C:\Windows\System32\usk.rs
    12/7/2012 11:20 43520 ----a-w- C:\Windows\System32\csrr.rs
    12/7/2012 11:20 23552 ----a-w- C:\Windows\System32\oflc.rs
    12/7/2012 11:20 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    12/7/2012 11:20 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    12/7/2012 11:20 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    12/7/2012 11:20 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    12/7/2012 11:19 20480 ----a-w- C:\Windows\System32\pegi.rs
    12/7/2012 11:19 46592 ----a-w- C:\Windows\System32\fpb.rs
    12/7/2012 11:19 40960 ----a-w- C:\Windows\System32\cob-au.rs
    12/7/2012 11:19 21504 ----a-w- C:\Windows\System32\grb.rs
    12/7/2012 11:19 15360 ----a-w- C:\Windows\System32\djctq.rs
    12/7/2012 11:19 55296 ----a-w- C:\Windows\System32\cero.rs
    12/7/2012 11:19 51712 ----a-w- C:\Windows\System32\esrb.rs
    11/30/2012 5:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    11/30/2012 5:45 243200 ----a-w- C:\Windows\System32\wow64.dll
    11/30/2012 5:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    11/30/2012 5:43 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    11/30/2012 5:41 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    11/30/2012 4:53 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    11/30/2012 3:23 338432 ----a-w- C:\Windows\System32\conhost.exe
    11/30/2012 2:38 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    11/30/2012 2:38 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    11/30/2012 2:38 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    11/30/2012 2:38 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 16:54:34.87 ===============

    Attach.txt below:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/19/2011 11:59:53 AM
    System Uptime: 2/13/2013 9:09:22 PM (307 hours ago)
    .
    Motherboard: Dell Inc. | | 0M5DCD
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | CPU 1 | 2170/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 275.115 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP172: 2/13/2013 9:00:13 PM - Windows Update
    RP173: 2/19/2013 2:33:10 AM - Windows Update
    RP174: 2/22/2013 3:43:52 AM - Windows Update
    RP175: 2/22/2013 1:00:03 PM - Installed Java 7 Update 15
    RP176: 2/22/2013 1:01:46 PM - Installed Java 7 Update 15 (64-bit)
    RP177: 2/26/2013 3:43:47 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ĶTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    BID
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Desktop
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Conexant HD Audio
    CyberLink PowerDVD 9.5
    D3DX10
    Dell Backup and Recovery Manager
    Dell Client System Update
    Dell Edoc Viewer
    Dell Laser MFP 1815 Software Uninstall
    FileZilla Client 3.5.2
    Google Chrome
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java 7 Update 15
    Java 7 Update 15 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MV200Z_PU
    Nero 7 Demo
    Octoshape add-in for Adobe Flash Player
    Order Manager PDF Writer
    PL-2303 USB-to-Serial
    PowerISO
    QBFC 7.0
    QuickBooks
    QuickBooks Pro 2009
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skypeô 5.5
    Stone Edge Order Manager
    SupportSoft Assisted Service
    Trend Micro Client/Server Security Agent
    Trend Micro Worry-Free Business Security Agent
    Uninstall Dell PC Fax
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== End Of File ===========================





    RogueKiller Logs - 2 Generated:
    RKreport[1]_S_02262013_02d1648 file below:
    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sean [Admin rights]
    Mode : Scan -- Date : 02/26/2013 16:48:51
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKX-753CA1 ATA Device +++++
    --- User ---
    [MBR] 9a714560210136df5f30642d881e510f
    [BSP] 242cec716bf6e8eb449639c57093cb83 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12442 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25563136 | Size: 464457 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02262013_02d1648.txt >>
    RKreport[1]_S_02262013_02d1648.txt

    RKreport[2]_D_02262013_02d1650.txt listed below:
    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sean [Admin rights]
    Mode : Remove -- Date : 02/26/2013 16:50:09
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKX-753CA1 ATA Device +++++
    --- User ---
    [MBR] 9a714560210136df5f30642d881e510f
    [BSP] 242cec716bf6e8eb449639c57093cb83 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12442 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25563136 | Size: 464457 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02262013_02d1650.txt >>
    RKreport[1]_S_02262013_02d1648.txt ; RKreport[2]_D_02262013_02d1650.txt
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  6. #6
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    So the MalwareBytes anti root kit found nothing either, is there a log to post even if nothing is found? In the meantime... The popup happened again this morning when opening Firefox... Then, I updated my flash player, and restarted due to Windows updates, and it did NOT reoccur upon opening Firefox this time....
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,887
    Good. Let's make sure nothing else is hiding there...

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
    - XP: http://support.microsoft.com/kb/948247

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  8. #8
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    FYI, I just noticed an RK_Quarantine folder on my desktop.. It has the following files in it:
    Quarantine.JPG
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  9. #9
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    So, Combofix ran without a hitch, Trend Micro turned off and all.. Here is the log:

    ComboFix 13-02-26.01 - Sean 02/27/2013 16:58:34.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8165.6589 [GMT -5:00]
    Running from: c:\users\sean\Desktop\ComboFix.exe
    AV: Trend Micro Security Agent *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Security Agent *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-27 22:01 . 2013-02-27 22:01 -------- d-----w- c:\users\SeanNew\AppData\Local\temp
    2013-02-27 22:01 . 2013-02-27 22:01 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
    2013-02-27 22:01 . 2013-02-27 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-27 22:01 . 2013-02-27 22:01 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2013-02-26 08:44 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20D1DE4-495C-4E4C-9562-F1543814B72A}\mpengine.dll
    2013-02-25 14:41 . 2013-02-25 14:41 -------- d-----w- c:\program files\Microsoft Silverlight
    2013-02-25 14:41 . 2013-02-25 14:41 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2013-02-22 18:17 . 2013-02-22 18:17 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-02-22 18:02 . 2013-02-22 18:01 310688 ----a-w- c:\windows\system32\javaws.exe
    2013-02-22 18:02 . 2013-02-22 18:01 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-22 18:02 . 2013-02-22 18:02 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-02-22 18:02 . 2013-02-22 18:01 188832 ----a-w- c:\windows\system32\javaw.exe
    2013-02-22 18:02 . 2013-02-22 18:01 188320 ----a-w- c:\windows\system32\java.exe
    2013-02-22 18:01 . 2013-02-22 18:00 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-02-22 18:00 . 2013-02-22 18:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-22 14:10 . 2013-02-22 14:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-02-21 14:07 . 2013-02-21 14:07 -------- d-----w- c:\users\sean\AppData\Roaming\Malwarebytes
    2013-02-21 14:07 . 2013-02-21 14:07 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-21 14:07 . 2013-02-21 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-21 14:07 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-21 14:07 . 2013-02-21 14:07 -------- d-----w- c:\users\sean\AppData\Local\Programs
    2013-02-15 19:09 . 2013-02-21 22:07 -------- d-----w- c:\users\sean\AppData\Roaming\uTorrent
    2013-02-14 02:01 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 02:01 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 10:15 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 10:15 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 10:15 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 10:15 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 10:15 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 10:15 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 10:15 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 10:15 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 10:15 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 10:15 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 10:15 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 10:15 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-01 19:56 . 2013-02-01 19:56 -------- d-----w- C:\Eddata
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 14:26 . 2012-04-17 13:14 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-27 14:26 . 2011-10-13 00:20 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-22 18:01 . 2011-10-13 00:27 963488 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-22 18:00 . 2011-10-13 00:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-02-14 02:04 . 2011-10-19 21:55 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-04 04:43 . 2013-02-13 10:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 11:27 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 11:27 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 11:27 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 11:27 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 11:27 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 11:27 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 11:27 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 11:27 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 11:27 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 11:27 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 11:27 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 11:27 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 11:27 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 11:27 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 11:27 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 11:27 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 11:27 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 11:27 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 11:27 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 11:27 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 11:27 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 11:27 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 11:27 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 11:27 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 11:27 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 11:27 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 11:27 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 11:27 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 11:27 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 11:27 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 11:27 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 11:27 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 11:27 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 11:27 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 11:27 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 11:27 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 11:27 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 11:27 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 11:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 11:27 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 11:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-18 336384]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
    "DellNSCST_GRNCH"="c:\program files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" [2008-07-16 278528]
    "NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.exe" [2001-07-09 155648]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-6-22 984936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableInstallerDetection"= 0 (0x0)
    "EnableSecureUIAPaths"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
    R3 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]
    R3 svclocal;svclocal;c:\dell\drivers\R240574\Dell1815dn_Driver_ONLY_Win7(64bits)\svclocal.exe [2008-08-18 58608]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-20 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-19 203776]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-07-18 11576]
    S2 SvcNEWTScanner;NEWTScanner Service;c:\windows\SysWOW64\NEWTScannerSvc.exe [2011-11-30 78576]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-24 69904]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:26]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-1138Core.job
    - c:\users\sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 23:55]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-1138UA.job
    - c:\users\sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 23:55]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-500Core.job
    - c:\users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 20:29]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-500UA.job
    - c:\users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 20:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeScanNT Monitor"="-HideWindow" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
    "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.17.111
    DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://192.168.17.114:4343/SMB/console/html/root/AtxEnc.cab
    DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://192.168.17.114:4343/SMB/console/html/root/AtxConsole.cab
    FF - ProfilePath - c:\users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\pij62fst.default\
    FF - ExtSQL: 2013-02-25 09:44; adblockpopups@jessehakanen.net; c:\users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\pij62fst.default\extensions\adblockpopups@jessehakanen.net.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-27 17:02:51
    ComboFix-quarantined-files.txt 2013-02-27 22:02
    ComboFix2.txt 2012-01-26 18:31
    .
    Pre-Run: 295,105,748,992 bytes free
    Post-Run: 295,432,708,096 bytes free
    .
    - - End Of File - - 434BDB08B2DBDCF6FEB5645A1EFF0C88
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,887
    Looks good.

    You can delete RK_Quarantine folder.

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  11. #11
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    Here is ADwCleaner:
    # AdwCleaner v2.113 - Logfile created 02/28/2013 at 09:55:20
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Sean - SEANNEW-PC
    # Boot Mode : Normal
    # Running from : C:\Users\sean\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

    ***** [Internet Browsers] *****

    #NAME?

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    File : C:\Users\sean\AppData\Roaming\Mozilla\Firefox\Profiles\pij62fst.default\prefs.js

    [OK] File is clean.

    File : C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7nkgl26g.default\prefs.js

    [OK] File is clean.

    #NAME?

    File : C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1440 octets] - [28/02/2013 09:55:20]

    ########## EOF - C:\AdwCleaner[S1].txt - [1500 octets] ##########



    JRW:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.6 (02.27.2013:1)
    OS: Windows 7 Professional x64
    Ran by Sean on Thu 02/28/2013 at 10:01:56.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\minidumps [3 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/28/2013 at 10:06:03.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL:
    OTL logfile created on: 2/28/2013 10:12:50 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sean\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.68% Memory free
    15.95 Gb Paging File | 14.27 Gb Available in Paging File | 89.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.57 Gb Total Space | 275.17 Gb Free Space | 60.67% Space Free | Partition Type: NTFS

    Computer Name: SEANNEW-PC | User Name: Sean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/28 09:52:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sean\Desktop\OTL.exe
    PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/30 12:08:32 | 000,078,576 | ---- | M] (Komodo Laboratories LLC) -- C:\Windows\SysWOW64\NEWTScannerSvc.exe
    PRC - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe
    PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2008/07/16 09:22:52 | 000,278,528 | ---- | M] (Dell) -- C:\Program Files (x86)\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    SRV:64bit: - [2011/11/17 02:18:32 | 001,017,360 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (TmListen)
    SRV:64bit: - [2011/02/19 10:45:16 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/27 09:26:31 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/15 19:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/11/30 12:08:32 | 000,078,576 | ---- | M] (Komodo Laboratories LLC) [Auto | Running] -- C:\Windows\SysWOW64\NEWTScannerSvc.exe -- (SvcNEWTScanner)
    SRV - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/08/18 17:30:34 | 000,058,608 | ---- | M] () [On_Demand | Stopped] -- C:\dell\drivers\R240574\Dell1815dn_Driver_ONLY_Win7(64bits)\svclocal.exe -- (svclocal)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/12 21:09:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/12 21:09:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/06/23 22:34:44 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
    DRV:64bit: - [2011/06/23 22:34:34 | 000,069,904 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV:64bit: - [2011/06/23 22:34:24 | 000,146,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
    DRV:64bit: - [2011/06/10 14:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/10 18:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2011/02/19 11:27:28 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/02/19 10:03:52 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/01/13 22:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 22:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/10/01 04:59:06 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/14 18:55:38 | 000,092,672 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2008/07/18 08:53:00 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
    DRV - [2011/10/19 18:04:19 | 000,082,400 | ---- | M] (Acronis) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\snapman.sys -- (snapman)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{C0C5FB2E-8D30-4349-8781-6AD6631F59DC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{C0C5FB2E-8D30-4349-8781-6AD6631F59DC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    IE - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
    FF - prefs.js..extensions.enabledAddons: %7Bfffe0eac-3819-4561-8aa9-178a68450d4f%7D:1.91
    FF - prefs.js..extensions.enabledAddons: Server%40lipo-technologies.com:0.9
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sean\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sean\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011/12/05 17:33:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/22 09:10:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/10/19 18:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\Extensions
    [2013/02/25 09:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\Firefox\Profiles\pij62fst.default\extensions
    [2013/02/25 09:44:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\sean\AppData\Roaming\mozilla\Firefox\Profiles\pij62fst.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/02/25 09:44:11 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2013/02/20 09:11:58 | 000,045,334 | ---- | M] () (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\extensions\Server@lipo-technologies.com.xpi
    [2013/02/25 09:43:49 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/09/25 10:23:42 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2011/11/18 12:34:07 | 000,043,693 | ---- | M] () (No name found) -- C:\Users\sean\AppData\Roaming\mozilla\firefox\profiles\pij62fst.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}.xpi
    [2013/02/22 09:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/15 19:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sean\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\sean\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sean\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\sean\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\administrator\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\administrator\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\administrator\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: YouTube = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Skype Click to Call = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Gmail = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2012/02/27 20:24:40 | 000,000,117 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [DellNSCST_GRNCH] C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe (Dell)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-610581344-3166673297-3214119492-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-610581344-3166673297-3214119492-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-610581344-3166673297-3214119492-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.15.2)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://192.168.17.114:4343/officesc...l/WinNTChk.cab (Reg Error: Key error.)
    O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...l/setupini.cab (Reg Error: Key error.)
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...tall/setup.cab (Reg Error: Key error.)
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...RemoveCtrl.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://192.168.17.114:4343/SMB/cons...oot/AtxEnc.cab (Encrypt Class)
    O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} https://192.168.17.114:4343/SMB/cons...AtxConsole.cab (Security Server Management Console)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.15.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.111
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = meadowsad01.meadows.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3659B84D-3D58-46EC-B2D8-B20EF260CB1C}: DhcpNameServer = 192.168.17.111
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/28 10:01:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/28 10:01:44 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/28 09:52:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sean\Desktop\OTL.exe
    [2013/02/28 09:52:44 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\sean\Desktop\JRT.exe
    [2013/02/28 09:43:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/27 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/02/27 16:39:20 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\sean\Desktop\ComboFix.exe
    [2013/02/25 09:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/02/25 09:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/02/25 09:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/02/25 09:04:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2013/02/22 13:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/02/22 09:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/02/21 09:07:57 | 000,000,000 | ---D | C] -- C:\Users\sean\AppData\Roaming\Malwarebytes
    [2013/02/21 09:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/21 09:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/21 09:07:47 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/02/21 09:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/02/21 09:07:30 | 000,000,000 | ---D | C] -- C:\Users\sean\AppData\Local\Programs
    [2013/02/20 09:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/15 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\sean\AppData\Roaming\uTorrent
    [2013/02/12 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\sean\Desktop\Saudi Guy
    [2013/02/01 14:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Educational Data
    [2013/02/01 14:56:33 | 000,000,000 | ---D | C] -- C:\Eddata
    [2013/02/01 12:48:54 | 000,000,000 | ---D | C] -- C:\Users\sean\Desktop\Email Lists_Convention_Lists
    [2013/01/31 13:35:09 | 000,000,000 | --SD | C] -- C:\Users\sean\Documents\My Shapes
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/28 10:04:27 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/28 10:04:27 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/28 10:01:35 | 000,812,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/28 10:01:35 | 000,685,100 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/28 10:01:35 | 000,128,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/28 09:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/28 09:56:54 | 2126,200,831 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/28 09:52:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sean\Desktop\OTL.exe
    [2013/02/28 09:52:47 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\sean\Desktop\JRT.exe
    [2013/02/28 09:52:35 | 000,594,019 | ---- | M] () -- C:\Users\sean\Desktop\adwcleaner.exe
    [2013/02/28 09:42:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-500UA.job
    [2013/02/28 09:33:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-1138UA.job
    [2013/02/28 09:26:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/27 19:42:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-500Core.job
    [2013/02/27 19:33:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-197448801-1903265348-1793838230-1138Core.job
    [2013/02/27 16:54:32 | 000,033,171 | ---- | M] () -- C:\Users\sean\Desktop\Quarantine.JPG
    [2013/02/27 16:40:28 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\sean\Desktop\ComboFix.exe
    [2013/02/26 15:47:15 | 002,887,680 | ---- | M] () -- C:\Users\sean\Documents\Database2.accdb
    [2013/02/26 10:30:20 | 000,019,769 | ---- | M] () -- C:\Users\sean\Desktop\Capture.JPG
    [2013/02/25 19:34:34 | 000,002,323 | ---- | M] () -- C:\Users\sean\Desktop\Google Chrome.lnk
    [2013/02/25 16:34:47 | 000,046,592 | ---- | M] () -- C:\Users\sean\Desktop\Warehouse_Flow_Chart.vsd
    [2013/02/22 14:30:31 | 000,030,055 | ---- | M] () -- C:\Users\sean\Desktop\Quote.pdf
    [2013/02/22 09:10:57 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/21 09:07:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/20 15:12:50 | 000,054,889 | ---- | M] () -- C:\Users\sean\Desktop\UPS.pdf
    [2013/02/20 13:49:57 | 000,227,516 | ---- | M] () -- C:\Users\sean\Documents\IMM1444E.PDF
    [2013/02/19 12:51:35 | 000,023,939 | ---- | M] () -- C:\Users\sean\Desktop\PS.pdf
    [2013/02/13 21:09:55 | 000,431,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/11 15:01:37 | 000,175,945 | ---- | M] () -- C:\Users\sean\Documents\Dell Laser MFP 1815_20130211150052.pdf
    [2013/02/08 14:46:46 | 000,000,013 | ---- | M] () -- C:\Users\sean\Documents\Dell Laser MFP 1815(1)_20130208144602.pdf
    [2013/01/31 16:58:31 | 000,046,080 | ---- | M] () -- C:\Users\sean\Documents\Drawing1.vsd
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/28 09:52:31 | 000,594,019 | ---- | C] () -- C:\Users\sean\Desktop\adwcleaner.exe
    [2013/02/27 16:54:32 | 000,033,171 | ---- | C] () -- C:\Users\sean\Desktop\Quarantine.JPG
    [2013/02/27 09:03:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/26 15:42:03 | 002,887,680 | ---- | C] () -- C:\Users\sean\Documents\Database2.accdb
    [2013/02/26 09:28:02 | 000,019,769 | ---- | C] () -- C:\Users\sean\Desktop\Capture.JPG
    [2013/02/22 09:10:57 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/22 09:10:57 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/21 09:07:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/20 15:13:07 | 000,054,889 | ---- | C] () -- C:\Users\sean\Desktop\UPS.pdf
    [2013/02/20 13:49:56 | 000,227,516 | ---- | C] () -- C:\Users\sean\Documents\IMM1444E.PDF
    [2013/02/19 12:55:21 | 000,030,055 | ---- | C] () -- C:\Users\sean\Desktop\Quote.pdf
    [2013/02/19 12:41:46 | 000,023,939 | ---- | C] () -- C:\Users\sean\Desktop\PS.pdf
    [2013/02/11 15:01:36 | 000,175,945 | ---- | C] () -- C:\Users\sean\Documents\Dell Laser MFP 1815_20130211150052.pdf
    [2013/02/08 14:46:46 | 000,000,013 | ---- | C] () -- C:\Users\sean\Documents\Dell Laser MFP 1815(1)_20130208144602.pdf
    [2013/01/31 16:58:31 | 000,046,080 | ---- | C] () -- C:\Users\sean\Documents\Drawing1.vsd
    [2013/01/31 16:58:12 | 000,046,592 | ---- | C] () -- C:\Users\sean\Desktop\Warehouse_Flow_Chart.vsd
    [2012/10/16 10:12:50 | 003,856,932 | ---- | C] () -- C:\ProgramData\SamPCFax000005D00000
    [2012/01/26 13:18:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/26 13:18:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/26 13:18:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/26 13:18:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/26 13:18:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/20 15:20:50 | 000,007,163 | ---- | C] () -- C:\Users\sean\AppData\Roaming\DellFaxOptions.xml
    [2011/10/20 09:00:50 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
    [2011/10/20 08:59:55 | 000,110,592 | ---- | C] () -- C:\Windows\wiainst.exe
    [2011/10/19 18:18:50 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/10/19 17:43:23 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/10/19 12:15:57 | 000,056,688 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/10/12 21:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/10/12 21:02:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/12 21:02:36 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/12 21:02:35 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/12 21:02:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/12 21:02:32 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/12 21:02:19 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/19 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\FileZilla
    [2013/02/13 13:19:06 | 000,000,000 | ---D | M] -- C:\Users\sean\AppData\Roaming\FileZilla
    [2012/03/20 13:12:27 | 000,000,000 | ---D | M] -- C:\Users\sean\AppData\Roaming\KeePassX
    [2011/10/24 11:05:47 | 000,000,000 | ---D | M] -- C:\Users\sean\AppData\Roaming\Spotify
    [2011/10/20 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\sean\AppData\Roaming\TeamViewer
    [2013/02/21 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\sean\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    < End of report >
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  12. #12
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    OTL Extras logfile created on: 2/28/2013 10:12:50 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sean\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.68% Memory free
    15.95 Gb Paging File | 14.27 Gb Available in Paging File | 89.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.57 Gb Total Space | 275.17 Gb Free Space | 60.67% Space Free | Partition Type: NTFS

    Computer Name: SEANNEW-PC | User Name: Sean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-197448801-1903265348-1793838230-1138\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1
    FirewallDisableNotify = 0
    AntiVirusDisableNotify = 0
    UpdatesDisableNotify = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    VistaSp1 = 28 4D B2 76 41 04 CA 01 [binary data]
    AntiVirusOverride = 0
    AntiSpywareOverride = 0
    FirewallOverride = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirewallDisableNotify = 0
    AntiVirusDisableNotify = 0
    UpdatesDisableNotify = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    DisableSR = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
    CoreNet-GP-LSASS-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DNS-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-GP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-GP-NP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IPv6-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IPv6-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-Teredo-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-Teredo-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DHCP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DHCP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IGMP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IGMP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP4-DUFRAG-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP4-DUFRAG-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-TE-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-TE-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-DU-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-DU-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LD-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LD-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR2-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR2-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDA-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDA-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDS-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDS-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RA-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RA-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RS-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PTB-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PTB-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteDesktop-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP6-ERQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP6-ERQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP4-ERQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP4-ERQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-RPCSS-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SpoolSvc-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-RPCSS-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SpoolSvc-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-Out-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-In-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-Out-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-In-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnP-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-In-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-Out-UDP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-In-UDP-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-In-TCP-EdgeScope-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    RemoteAssistance-UPnP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-In-TCP-EdgeScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    RemoteAssistance-DCOM-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-RAServer-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-RAServer-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  13. #13
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
    CoreNet-GP-LSASS-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DNS-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-GP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-GP-NP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IPv6-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IPv6-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-Teredo-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-Teredo-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DHCP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-DHCP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IGMP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-IGMP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP4-DUFRAG-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP4-DUFRAG-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PP-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PP-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-TE-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-TE-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-DU-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-DU-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LD-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LD-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR2-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR2-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LR-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-LQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDA-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDA-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDS-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-NDS-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RA-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RA-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-RS-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PTB-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    CoreNet-ICMP6-PTB-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteDesktop-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP6-ERQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP6-ERQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP4-ERQ-Out = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-ICMP4-ERQ-In = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-RPCSS-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SpoolSvc-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-RPCSS-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SpoolSvc-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-Out-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Datagram-In-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-Out-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Name-In-UDP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-SMB-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    FPS-NB_Session-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnP-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-In-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-Out-UDP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-In-UDP-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-Out-TCP-Active = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-In-TCP-EdgeScope-Active = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    RemoteAssistance-UPnP-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-UPnPHost-In-TCP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-Out-UDP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-SSDPSrv-In-UDP = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-Out-TCP = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-In-TCP-EdgeScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    RemoteAssistance-DCOM-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-RAServer-Out-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    RemoteAssistance-RAServer-In-TCP-NoScope = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    {0350D92E-CCB5-431F-9F10-D60AE86B0384} = lport=139 | protocol=6 | dir=in | app=system |
    {06BD7E96-9B3A-44F5-97FD-1DEF1B8C7AC5} = lport=137 | protocol=17 | dir=in | app=system |
    {18D10BB9-BDEF-4928-9ACE-6123392C9E40} = rport=137 | protocol=17 | dir=out | app=system |
    {19C78C6E-CAA7-4972-BDCB-9C39B4D6CAFA} = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
    {212A1DDE-6ECC-43F2-ADAB-999683DEBF39} = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
    {235A4EE2-2374-4278-A0C7-B9AE5A0DF22D} = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    {29B086AB-7025-4E73-B0E6-6237F3DE0875} = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    {2DD9A7EA-8A57-4236-8949-DA2291DF0E6C} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    {2E61C835-EC32-45C3-9DC1-0E8F90CA5992} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {40BC5696-0226-4F48-8FD0-419E9636D535} = lport=3389 | protocol=6 | dir=in | app=system |
    {45B8F594-DA97-4A55-A688-0693CC4B1070} = rport=445 | protocol=6 | dir=out | app=system |
    {5623508C-A39D-4922-BEE0-224B063F057D} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {58C71BC0-2435-4E80-A95F-914AD50B6D20} = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
    {5BECC349-79C4-41BE-A6DE-10ABFA371283} = rport=138 | protocol=17 | dir=out | app=system |
    {5C41C7D3-4C15-4CA7-BE29-2C87AD01B9B7} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    {60667BFA-6310-4252-9EFA-B52EFBFE18BD} = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
    {68360141-161D-4C1E-9B41-98690DE573C9} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {7CC75CD6-FD02-4C32-8720-85EA49DE6B21} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {81484ED9-C549-4BA0-B1BC-42B0B683FB7E} = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    {88C2517C-2CC6-4A54-A885-D1E9958DD0E2} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    {90F2E247-070C-4421-8B4E-91647FF7FBC2} = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    {93F31C9F-6CA4-4C8C-9B4D-BAA58C90D297} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {943E97B7-D480-4124-9928-94B0225D118A} = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    {9C613D77-DB78-4103-912A-0808B452EAAB} = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
    {B205DB1D-E59E-4B84-AE6A-35AA83BEC1E2} = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    {BCF6A039-3CFE-4FD5-814A-0E763A999EC1} = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    {CC6624D6-CB60-4D34-9CFE-8AC756BA5E44} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    {D41EF616-2B7E-4CB8-8724-632B159F7826} = rport=139 | protocol=6 | dir=out | app=system |
    {D60C09A0-CACF-4878-9185-42F377B35619} = lport=138 | protocol=17 | dir=in | app=system |
    {D766582D-6261-4B12-A066-A75176BA46B9} = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    {E39EF6EF-D10D-4913-8652-96632BCC13C4} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    {F2610625-6F8B-49EF-9301-6E0DC57BD3D7} = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    {12A258DA-63AB-4D1B-BCBC-110515E32F2D} = protocol=6 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
    {231A156A-EF60-4178-8B2E-EFC641427E12} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    {28782752-AD27-4960-B727-0AA6173A2DE9} = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    {2D5C2519-52C3-4B2B-AC1B-19ED5A75C78E} = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    {4781D1A8-D3F1-4E73-89AA-85CA4CED7ACB} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    {4F6E4896-84CC-431A-ADC3-D63D6460A403} = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    {7D975982-B31E-4660-A909-C0499CB4E727} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    {894DEFC7-68BB-469D-8F22-A000BE53C091} = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    {B57A1D12-5920-4CFB-9D8C-EEBFF0604659} = protocol=17 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
    {B5F9213E-8ABC-4DD2-99B3-81AC52B3A6D4} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    {BBD869E1-91F1-4A99-9E54-5814B471E380} = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    {C749260D-5B95-4469-9902-72B77B36ED3C} = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    {C8DF222A-A409-4486-82D1-55190F343963} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    {D2A2BD86-E330-426B-9C43-BDC71789CF4C} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    {DBB71D5B-F172-4C5C-BB45-B7E6334C4A08} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    {F6597B19-5818-4D3D-ABB4-F4030D17929A} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    {FCEF9DF6-4000-4E81-90D6-AFFE62A0C07C} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    TCP Query User{34007CB9-3B96-4CCB-BC23-12B64B24CCEF}C:\program files (x86)\microsoft office\office12\excel.exe = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |
    TCP Query User{56F78390-8783-4B36-AA9B-F29956F23B76}C:\users\sean\downloads\spotify installer.exe = protocol=6 | dir=in | app=c:\users\sean\downloads\spotify installer.exe |
    TCP Query User{7EED1054-A0D1-4ACA-BA91-EB58CCDE75BF}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe |
    TCP Query User{D5A443E4-D1A8-4115-89C5-65B768E11531}C:\users\sean\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe = protocol=6 | dir=in | app=c:\users\sean\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    UDP Query User{110CA62A-C209-4124-A5AB-D4B6081139A5}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe |
    UDP Query User{1C7AC807-5C36-4AF5-9143-E205513329A1}C:\users\sean\downloads\spotify installer.exe = protocol=17 | dir=in | app=c:\users\sean\downloads\spotify installer.exe |
    UDP Query User{70B21A43-C6F4-40CF-ADC2-ED0391F96EBE}C:\users\sean\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe = protocol=17 | dir=in | app=c:\users\sean\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    UDP Query User{C00606B5-F325-4EA9-9126-2E032EFCD993}C:\program files (x86)\microsoft office\office12\excel.exe = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\excel.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {08026A9B-5A43-EDF9-5476-4F4DC940F5FB} = ccc-utility64
    {0A07E717-BB5D-4B99-840B-6C5DED52B277} = Trend Micro Worry-Free Business Security Agent
    {1B8ABA62-74F0-47ED-B18C-A43128E591B8} = Windows Live ID Sign-in Assistant
    {26A24AE4-039D-4CA4-87B4-2F86416024FF} = Java(TM) 6 Update 24 (64-bit)
    {26A24AE4-039D-4CA4-87B4-2F86417015FF} = Java 7 Update 15 (64-bit)
    {50B4B603-A4C6-4739-AE96-6C76A0F8A388} = Dell Backup and Recovery Manager
    {656DEEDE-F6AC-47CA-A568-A1B4E34B5760} = Windows Live Remote Service Resources
    {8220EEFE-38CD-377E-8595-13398D740ACE} = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    {847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5} = Windows Live Remote Client Resources
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
    {8E34682C-8118-31F1-BC4C-98CD9675E1C2} = Microsoft .NET Framework 4 Extended
    {8EBA8727-ADC2-477B-9D9A-1A1836BE4E05} = Dell Edoc Viewer
    {90120000-002A-0000-1000-0000000FF1CE} = Microsoft Office Office 64-bit Components 2007
    {90120000-002A-0409-1000-0000000FF1CE} = Microsoft Office Shared 64-bit MUI (English) 2007
    {90120000-0116-0409-1000-0000000FF1CE} = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    {95120000-00B9-0409-1000-0000000FF1CE} = Microsoft Application Error Reporting
    {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} = Microsoft Visual C++ 2005 Redistributable (x64)
    {D07A61E5-A59C-433C-BCBD-22025FA2287B} = Windows Live Language Selector
    {DA54F80E-261C-41A2-A855-549A144F2F59} = Windows Live MIME IFilter
    {DF6D988A-EEA0-4277-AAB8-158E086E439B} = Windows Live Remote Client
    {E02A6548-6FDE-40E2-8ED9-119D7D7E641F} = Windows Live Remote Service
    {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} = Microsoft .NET Framework 4 Client Profile
    CCleaner = CCleaner
    CNXT_AUDIO_HDA = Conexant HD Audio
    Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended = Microsoft .NET Framework 4 Extended
    Order Manager PDF Writer = Order Manager PDF Writer
    Wofie = Trend Micro Worry-Free Business Security Agent

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {01CD9E78-5D95-C7FB-EC23-64B39130EE31} = CCC Help Norwegian
    {0A07E717-BB5D-4B99-840B-6C5DED52B277} = Trend Micro Worry-Free Business Security Agent
    {0B0F231F-CE6A-483D-AA23-77B364F75917} = Windows Live Installer
    {11A80E40-621F-489C-A626-58886B60FEAC} = Uninstall Dell PC Fax
    {1205F38A-449D-D189-DA2C-812700240426} = CCC Help Danish
    {18E58A5D-D8BD-EF4B-006A-104E5FE8CB13} = CCC Help German
    {19BA08F7-C728-469C-8A35-BFBD3633BE08} = Windows Live Movie Maker
    {1C22B23F-47AE-B9EC-8D40-1383B4CCA3E2} = CCC Help Chinese Traditional
    {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} = Junk Mail filter update
    {200FEC62-3C34-4D60-9CE8-EC372E01C08F} = Windows Live SOXE Definitions
    {2136B58D-D966-49C7-AD88-011FB089CCBD} = Catalyst Control Center - Branding
    {23BA3C7D-87F6-2D5A-B8C1-7AE76D86DF3A} = Catalyst Control Center Graphics Previews Common
    {26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 29
    {26A24AE4-039D-4CA4-87B4-2F83217015FF} = Java 7 Update 15
    {2902F983-B4C1-44BA-B85D-5C6D52E2C441} = Windows Live Mesh ActiveX Control for Remote Connections
    {2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE} = Dell Client System Update
    {3336F667-9049-4D46-98B6-4C743EEBC5B1} = Windows Live Photo Gallery
    {34F4D9A4-42C2-4348-BEF4-E553C84549E7} = Windows Live Photo Gallery
    {388E4B09-3E71-4649-8921-F44A3A2954A7} = Microsoft Visual Studio 2005 Tools for Office Runtime
    {3A4C8B8E-AF20-25E1-35B8-2E8115BFC2B6} = CCC Help Thai
    {3DEDF1B0-B2A5-EDCE-F698-5C38B3717CA1} = CCC Help Portuguese
    {491C731F-F54D-864B-928D-436692D42133} = CCC Help Korean
    {4958364A-733A-D443-AF75-6880899AC7A4} = CCC Help Russian
    {4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
    {50120000-1105-0000-0000-0000000FF1CE} = Microsoft Office 2007 Primary Interop Assemblies
    {52261DC5-93FE-4851-9519-5B62B07DF7F7} = Stone Edge Order Manager
    {56443FAC-86A4-0EF8-E5CE-5D67703F8980} = Catalyst Control Center Localization All
    {579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} = Windows Live UX Platform Language Pack
    {5A3F6A80-7913-475E-8B96-477A952CFA43} = SupportSoft Assisted Service
    {631B1AD5-2C53-CC3B-F2A6-235EAC63E6A2} = Catalyst Control Center Profiles Desktop
    {65153EA5-8B6E-43B6-857B-C6E4FC25798A} = Intel(R) Management Engine Components
    {66A42477-F80D-1A4F-08D8-D58697836EE5} = CCC Help Polish
    {682B3E4F-696A-42DE-A41C-4C07EA1678B4} = Windows Live SOXE
    {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
    {716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK
    {7B07D38E-4952-A687-F360-4A177374F644} = CCC Help Swedish
    {80956555-A512-4190-9CAD-B000C36D6B6B} = Windows Live Messenger
    {80A23BA6-B1AC-49D0-93F9-B65A27DA5B56} = MV200Z_PU
    {83C292B7-38A5-440B-A731-07070E81A64F} = Windows Live PIMT Platform
    {84B2CF01-194D-2284-B313-F2E0D78D1033} = Nero 7 Demo
    {8AA0FB20-9A21-56FF-8C4E-86732A070808} = CCC Help Spanish
    {8B1A559A-FB9D-42F5-A8A7-2F132CF28414} = Catalyst Control Center
    {8C6D6116-B724-4810-8F2D-D047E6B7D68E} = Mesh Runtime
    {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} = MSVCRT
    {90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007
    {90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007
    {90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007
    {90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007
    {90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007
    {90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007
    {90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
    {90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
    {90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007
    {90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007
    {90120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
    {90120000-0044-0409-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (English) 2007
    {90120000-0051-0000-0000-0000000FF1CE} = Microsoft Office Visio Professional 2007
    {90120000-0054-0409-0000-0000000FF1CE} = Microsoft Office Visio MUI (English) 2007
    {90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007
    {90120000-00A1-0409-0000-0000000FF1CE} = Microsoft Office OneNote MUI (English) 2007
    {90120000-00B2-0409-0000-0000000FF1CE} = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    {90120000-00BA-0409-0000-0000000FF1CE} = Microsoft Office Groove MUI (English) 2007
    {90120000-0114-0409-0000-0000000FF1CE} = Microsoft Office Groove Setup Metadata MUI (English) 2007
    {90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007
    {90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007
    {92EA4134-10D1-418A-91E1-5A0453131A38} = Windows Live Movie Maker
    {99F4774B-2931-11FD-E747-FD8AD1BEA8AB} = CCC Help Dutch
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {9A2F0810-3622-4E86-9072-973FBE1679C5} = QuickBooks Pro 2009
    {9A2F0810-369F-4E86-9072-973FBE1679C5} = QuickBooks
    {9D56775A-93F3-44A3-8092-840E3826DE30} = Windows Live Mail
    {9F04FE10-CA92-11E0-6784-1414EBED18BE} = BID
    {A0C91188-C88F-4E86-93E6-CD7C9A266649} = Windows Live Mesh
    {A1FB4B86-129B-3C86-8DD8-440B60D50514} = CCC Help Finnish
    {A3232358-1FD7-973B-2D09-971C914CA8F8} = CCC Help Chinese Standard
    {A726AE06-AAA3-43D1-87E3-70F510314F04} = Windows Live Writer
    {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} = CyberLink PowerDVD 9.5
    {A8A759FC-44FD-EBA6-8A18-F2F550DCEC83} = CCC Help Turkish
    {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} = Windows Live Photo Common
    {AA59DDE4-B672-4621-A016-4C248204957A} = Skype™ 5.5
    {AAAFC670-569B-4A2F-82B4-42945E0DE3EF} = Windows Live Writer
    {AAF454FC-82CA-4F29-AB31-6A109485E76E} = Windows Live Writer
    {AC76BA86-7AD7-1033-7B44-AB0000000001} = Adobe Reader XI (11.0.02)
    {B462A229-4CCA-CD9F-D704-A888D0947DC1} = CCC Help Hungarian
    {B6CF2967-C81E-40C0-9815-C05774FEF120} = Skype Click to Call
    {B9259945-753D-A9AD-3133-E8900086902A} = CCC Help English
    {BBB9D421-42DE-4553-0249-6A3E1FD991C8} = CCC Help French
    {BE613FE0-2618-DDB0-078D-209B476F22A9} = Catalyst Control Center
    {BED0B8A2-2986-49F8-90D6-FA008D37A3D2} = Trend Micro Client/Server Security Agent
    {C01A86F5-56E7-101F-9BC9-E3F1025EB779} = Intel(R) Identity Protection Technology 1.1.2.0
    {C66824E4-CBB3-4851-BB3F-E8CFD6350923} = Windows Live Mail
    {CDC8A707-DD65-E68B-6C0F-1C1F748DC4A8} = CCC Help Japanese
    {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} = Windows Live UX Platform
    {D0B44725-3666-492D-BEF6-587A14BD9BD9} = MSVCRT_amd64
    {D436F577-1695-4D2F-8B44-AC76C99E0002} = Windows Live Photo Common
    {D45240D3-B6B3-4FF9-B243-54ECE3E10066} = Windows Live Communications Platform
    {D64B1BF5-0057-BA0E-0A0F-38AE12520BD8} = CCC Help Czech
    {D7500D20-78EF-EBEE-C1EF-A9FA57297BDB} = CCC Help Italian
    {D90AD053-6F8D-4658-9EB8-D57C8BE39092} = QBFC 7.0
    {DDC8BDEE-DCAC-404D-8257-3E8D4B782467} = Windows Live Writer Resources
    {DECDCB7C-58CC-4865-91AF-627F9798FE48} = Windows Live Mesh
    {E09C4DB7-630C-4F06-A631-8EA7239923AF} = D3DX10
    {EB4DF488-AAEF-406F-A341-CB2AAA315B90} = Windows Live Messenger
    {ECC3713C-08A4-40E3-95F1-7D0704F1CE5E} = PL-2303 USB-to-Serial
    {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} = Microsoft SQL Server 2005 Compact Edition [ENU]
    {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} = Intel(R) Processor Graphics
    {F127DA21-9A8D-1752-588E-12929E6C0F47} = CCC Help Greek
    {F664CCAC-CB94-1E11-F67D-5EFBAA507B88} = Catalyst Control Center InstallProxy
    {FE044230-9CA5-43F7-9B58-5AC5A28A1F33} = Windows Live Essentials
    {FE23D063-934D-4829-A0D8-00634CE79B4A} = Adobe AIR
    Adobe AIR = Adobe AIR
    Adobe Flash Player ActiveX = Adobe Flash Player 11 ActiveX
    Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
    Dell Laser MFP 1815 = Dell Laser MFP 1815 Software Uninstall
    ENTERPRISE = Microsoft Office Enterprise 2007
    FileZilla Client = FileZilla Client 3.5.2
    InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} = CyberLink PowerDVD 9.5
    Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft Visual Studio 2005 Tools for Office Runtime = Visual Studio 2005 Tools for Office Second Edition Runtime
    Mozilla Firefox 19.0 (x86 en-US) = Mozilla Firefox 19.0 (x86 en-US)
    MozillaMaintenanceService = Mozilla Maintenance Service
    PowerISO = PowerISO
    uTorrent = ĶTorrent
    VISPRO = Microsoft Office Visio Professional 2007
    Winamp = Winamp
    WinLiveSuite = Windows Live Essentials
    WinRAR archiver = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-197448801-1903265348-1793838230-1138\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    Google Chrome = Google Chrome
    Octoshape add-in for Adobe Flash Player = Octoshape add-in for Adobe Flash Player

    < End of report >
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  14. #14
    Join Date
    Apr 2001
    Location
    Manhattan
    Posts
    156
    I almost think that the pop-up only occurs on the first login of the day on the machine.. I'm 99% on that. Also, just for fun, I emailed the address listed on the site that the pop up is from, and they actually responded asking me if I have any of the following plugins installed:
    Dear Sir/Madam,

    If this happens to on Firefox, please remove the following add-ons:

    Play Piano
    Test Your memory
    Play Music
    Web Server
    Super Paste

    Which I never have, nor would I have installed.. But, I just found it odd that the person actually tried to help me... I wonder if they're just throwing decoys, or don't even know that their site is hacked (somewhat?)...
    Optiplex 390, i5-2400, 8GB Ram, Win 7 Pro, Dell E6500 w/XP, Poweredge 840, T100

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,887
    What is the site name of that pop-up?

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-197448801-1903265348-1793838230-1138\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O4 - HKU\S-1-5-21-610581344-3166673297-3214119492-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
      O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
      O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
      O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://192.168.17.114:4343/officesc...l/WinNTChk.cab (Reg Error: Key error.)
      O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...l/setupini.cab (Reg Error: Key error.)
      O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...tall/setup.cab (Reg Error: Key error.)
      O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://192.168.17.114:4343/officesc...RemoveCtrl.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
      O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.



    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •