Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows firewall is off, keep getting notices that Mcafee firewall is off


  • This topic is locked This topic is locked
26 replies to this topic

#16 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 20 April 2013 - 07:41 AM

This is normal since you installed McAfee's Firewall.

You cannot have two firewall working simultaneously.
Nor should you run two Virus protection programs at the same time.

BC AdBot (Login to Remove)

 


#17 beckygirl

beckygirl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 April 2013 - 07:47 AM

I tried to remove McAfee last week.

There shouldn't be any other firewalls, as far as I know.



#18 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 20 April 2013 - 10:51 AM

Did you use this tool?

McAfee's removal tool.
http://mcafee-removal-tool.com/

#19 beckygirl

beckygirl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 April 2013 - 12:06 PM

I just used the McAfee removal tool.  Restarted my computer and still can not turn on the Windows Firewall.  It says Windows firewall is turned off or set up incorrectly.  There is a button that says "Turn on Now".  when I try that it says "Action Center cann't turn on windows firewall".



#20 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 20 April 2013 - 12:27 PM

Please run ComboFix one more time. Save the log.

You may be asked to update the program, please do.

When done post the log, do not attach it.

Confirm the you wanted to remove McAfee completely.
I will suggest a script to remove any remaining entries related to McAfee.

#21 beckygirl

beckygirl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 20 April 2013 - 01:45 PM

Yes, I want to remove McAfee completely.

 

I ran ComboFix and now I cannot open anything (browser, programs, etc!  I get a message that says "Illegal operation attempted on a registry key that has been marked for deletion. Now what????  I am sending this from my laptop.

 

ComboFix 13-04-20.01 - becky 04/20/2013  14:06:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.4647 [GMT -4:00]
Running from: c:\users\becky\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
c:\programdata\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
c:\programdata\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
c:\windows\RPSETUP.EXE.LOG
c:\windows\SysWow64\msnphoto.scr
H:\Autorun.inf
H:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-20 to 2013-04-20  )))))))))))))))))))))))))))))))
.
.
2013-04-13 00:33 . 2013-04-13 00:33 -------- d-----w- c:\programdata\MSNDynFiles
2013-04-12 20:34 . 2013-04-12 20:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-12 20:09 . 2013-04-12 20:09 -------- d-----w- c:\program files\Google
2013-04-12 20:08 . 2013-04-12 20:21 -------- d-----w- c:\users\becky\AppData\Local\Google
2013-04-12 20:08 . 2013-04-12 20:21 -------- d-----w- c:\program files (x86)\Google
2013-04-12 20:00 . 2013-04-12 20:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-12 20:00 . 2013-04-12 20:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 20:00 . 2013-04-12 20:00 -------- d-----w- c:\program files (x86)\Java
2013-04-12 19:29 . 2013-04-12 19:29 -------- d-----w- c:\windows\Sun
2013-04-12 19:22 . 2013-04-12 19:22 -------- d-----w- c:\users\becky\My Backup Files
2013-04-12 15:59 . 2013-04-12 15:59 -------- d-----w- c:\windows\ERUNT
2013-04-12 15:58 . 2013-04-12 15:58 -------- d-----w- C:\JRT
2013-04-12 15:53 . 2013-04-12 15:53 -------- d-----w- c:\users\becky\AppData\Local\AVG Secure Search
2013-04-12 15:48 . 2013-04-12 15:48 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-10 23:42 . 2013-04-10 23:42 -------- d-----w- c:\users\becky\AppData\Roaming\McAfee
2013-04-10 19:28 . 2013-04-10 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-10 16:52 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files\iPod
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files\iTunes
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files (x86)\iTunes
2013-04-10 12:11 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 12:08 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 12:08 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 12:08 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 12:08 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 12:08 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 12:08 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 12:08 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 12:08 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 12:07 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 12:07 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 12:07 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:07 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:07 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 12:07 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 12:07 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-08 19:37 . 2012-08-23 15:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-04-08 19:37 . 2012-08-23 15:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-04-08 19:37 . 2012-08-23 15:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-04-08 19:36 . 2013-04-08 19:36 -------- d-----w- c:\users\becky\AppData\Roaming\AVG
2013-04-08 19:35 . 2013-04-08 19:38 -------- d-----w- c:\programdata\AVG
2013-04-08 19:33 . 2013-04-08 19:33 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\users\becky\AppData\Local\AVG SafeGuard toolbar
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\users\becky\AppData\Roaming\TuneUp Software
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-04-08 16:34 . 2013-04-08 16:34 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-04-08 16:34 . 2013-04-12 15:48 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-04-08 16:34 . 2013-04-08 16:34 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-04-08 16:32 . 2013-04-08 16:32 -------- d-----w- C:\$AVG
2013-04-08 16:31 . 2013-04-08 19:36 -------- d-----w- c:\program files (x86)\AVG
2013-04-08 16:18 . 2013-04-20 14:52 -------- d-----w- c:\programdata\MFAData
2013-04-08 16:18 . 2013-04-08 19:28 -------- d-----w- c:\users\becky\AppData\Local\Avg2013
2013-04-08 16:18 . 2013-04-08 16:18 -------- d--h--w- c:\programdata\Common Files
2013-04-08 16:18 . 2013-04-08 16:18 -------- d-----w- c:\users\becky\AppData\Local\MFAData
2013-04-08 16:05 . 2013-04-08 16:05 -------- d-----w- c:\programdata\NortonInstaller
2013-04-07 15:28 . 2013-04-07 15:28 -------- d-----w- c:\users\becky\AppData\Local\Macromedia
2013-04-04 12:14 . 2013-04-04 12:17 -------- d-----w- c:\users\becky\AppData\Roaming\FreeFileViewer
2013-04-03 12:18 . 2013-04-03 13:22 -------- d-----w- c:\users\becky\AppData\Local\FreeFileViewer
2013-04-03 12:14 . 2013-04-03 12:14 -------- d-----w- c:\program files (x86)\FreeFileViewer
2013-03-28 22:37 . 2012-10-25 23:38 4200304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2013-03-28 22:36 . 2013-04-20 12:51 -------- d-----w- c:\program files (x86)\Quicken
2013-03-25 20:57 . 2013-04-05 01:49 -------- d-----r- c:\program files (x86)\Skype
2013-03-25 20:57 . 2013-03-25 20:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-22 07:05 . 2013-03-22 07:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 20:08 . 2012-06-22 04:24 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 20:08 . 2012-03-31 03:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:00 . 2012-06-21 23:55 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-12 20:00 . 2012-03-31 03:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-10 12:13 . 2012-07-18 19:13 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2012-04-19 22:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 05:45 . 2013-03-12 23:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 23:01 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 23:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 23:01 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 23:01 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 23:01 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:51 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-04-08 1219248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-08 39768]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-08 990896]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 20:29 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 20:08]
.
2013-04-20 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-04-03 21:24]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 20:08]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///D:/vwr_data/WebVwr.cab
FF - ProfilePath - c:\users\becky\AppData\Roaming\Mozilla\Firefox\Profiles\7nnqdum0.default\
FF - ExtSQL: 2013-04-08 12:35; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2
FF - ExtSQL: !HIDDEN! 2012-11-02 09:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2013-04-20  14:22:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-20 18:22
.
Pre-Run: 923,088,297,984 bytes free
Post-Run: 924,259,086,336 bytes free
.
- - End Of File - - A6D02D40768A53D836946AD33BC29957
 



#22 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 21 April 2013 - 07:24 AM

Restart the computer normally and it should remove the bad programs. You should then be OK.
Look at my instructions on post no 2.

Open notepad and copy/paste the text in the quote box below into it:
 
Driver::
mfehidk01
McMPFSvc
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

Edited by nasdaq, 21 April 2013 - 07:26 AM.


#23 beckygirl

beckygirl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 21 April 2013 - 10:35 AM

Thank you!  I'm sorry, the second post was nine days ago and I had forgotten that you said I might get that message.  Restarted the computer and now I have my firewall back!!!  Reran ComboFix and posted the log below.  Do you think my computer should be back to normal now?

 

ComboFix 13-04-20.01 - becky 04/21/2013  11:10:46.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.4065 [GMT -4:00]
Running from: c:\users\becky\Desktop\ComboFix.exe
Command switches used :: c:\users\becky\Desktop\CFScript.txt
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
c:\programdata\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
c:\programdata\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McMPFSvc
-------\Service_mfehidk01
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))
.
.
2013-04-13 00:33 . 2013-04-13 00:33 -------- d-----w- c:\programdata\MSNDynFiles
2013-04-12 20:34 . 2013-04-12 20:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-12 20:09 . 2013-04-12 20:09 -------- d-----w- c:\program files\Google
2013-04-12 20:08 . 2013-04-12 20:21 -------- d-----w- c:\users\becky\AppData\Local\Google
2013-04-12 20:08 . 2013-04-12 20:21 -------- d-----w- c:\program files (x86)\Google
2013-04-12 20:00 . 2013-04-12 20:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-12 20:00 . 2013-04-12 20:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 20:00 . 2013-04-12 20:00 -------- d-----w- c:\program files (x86)\Java
2013-04-12 19:29 . 2013-04-12 19:29 -------- d-----w- c:\windows\Sun
2013-04-12 19:22 . 2013-04-12 19:22 -------- d-----w- c:\users\becky\My Backup Files
2013-04-12 15:59 . 2013-04-12 15:59 -------- d-----w- c:\windows\ERUNT
2013-04-12 15:58 . 2013-04-12 15:58 -------- d-----w- C:\JRT
2013-04-12 15:53 . 2013-04-12 15:53 -------- d-----w- c:\users\becky\AppData\Local\AVG Secure Search
2013-04-12 15:48 . 2013-04-12 15:48 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-10 23:42 . 2013-04-10 23:42 -------- d-----w- c:\users\becky\AppData\Roaming\McAfee
2013-04-10 19:28 . 2013-04-10 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-10 16:52 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files\iPod
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files\iTunes
2013-04-10 16:52 . 2013-04-10 16:52 -------- d-----w- c:\program files (x86)\iTunes
2013-04-10 12:11 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 12:08 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 12:08 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 12:08 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 12:08 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 12:08 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 12:08 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 12:08 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 12:08 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 12:07 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 12:07 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 12:07 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 12:07 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 12:07 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 12:07 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 12:07 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-08 19:37 . 2012-08-23 15:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-04-08 19:37 . 2012-08-23 15:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-04-08 19:37 . 2012-08-23 15:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-04-08 19:36 . 2013-04-08 19:36 -------- d-----w- c:\users\becky\AppData\Roaming\AVG
2013-04-08 19:35 . 2013-04-08 19:38 -------- d-----w- c:\programdata\AVG
2013-04-08 19:33 . 2013-04-08 19:33 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\users\becky\AppData\Local\AVG SafeGuard toolbar
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\users\becky\AppData\Roaming\TuneUp Software
2013-04-08 16:35 . 2013-04-08 16:35 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-04-08 16:34 . 2013-04-08 16:34 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-04-08 16:34 . 2013-04-12 15:48 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-04-08 16:34 . 2013-04-08 16:34 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-04-08 16:32 . 2013-04-08 16:32 -------- d-----w- C:\$AVG
2013-04-08 16:31 . 2013-04-08 19:36 -------- d-----w- c:\program files (x86)\AVG
2013-04-08 16:18 . 2013-04-21 14:52 -------- d-----w- c:\programdata\MFAData
2013-04-08 16:18 . 2013-04-08 19:28 -------- d-----w- c:\users\becky\AppData\Local\Avg2013
2013-04-08 16:18 . 2013-04-08 16:18 -------- d--h--w- c:\programdata\Common Files
2013-04-08 16:18 . 2013-04-08 16:18 -------- d-----w- c:\users\becky\AppData\Local\MFAData
2013-04-08 16:05 . 2013-04-08 16:05 -------- d-----w- c:\programdata\NortonInstaller
2013-04-07 15:28 . 2013-04-07 15:28 -------- d-----w- c:\users\becky\AppData\Local\Macromedia
2013-04-04 12:14 . 2013-04-04 12:17 -------- d-----w- c:\users\becky\AppData\Roaming\FreeFileViewer
2013-04-03 12:18 . 2013-04-03 13:22 -------- d-----w- c:\users\becky\AppData\Local\FreeFileViewer
2013-04-03 12:14 . 2013-04-03 12:14 -------- d-----w- c:\program files (x86)\FreeFileViewer
2013-03-28 22:37 . 2012-10-25 23:38 4200304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2013-03-28 22:36 . 2013-04-20 12:51 -------- d-----w- c:\program files (x86)\Quicken
2013-03-25 20:57 . 2013-04-05 01:49 -------- d-----r- c:\program files (x86)\Skype
2013-03-25 20:57 . 2013-03-25 20:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 20:08 . 2012-06-22 04:24 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 20:08 . 2012-03-31 03:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 20:00 . 2012-06-21 23:55 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-12 20:00 . 2012-03-31 03:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-10 12:13 . 2012-07-18 19:13 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2012-04-19 22:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 07:07 . 2013-03-22 07:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 07:07 . 2013-03-22 07:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 07:07 . 2013-03-22 07:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 07:07 . 2013-03-22 07:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 07:07 . 2013-03-22 07:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 07:07 . 2013-03-22 07:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 07:07 . 2013-03-22 07:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 07:07 . 2013-03-22 07:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 07:07 . 2013-03-22 07:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 07:07 . 2013-03-22 07:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 07:07 . 2013-03-22 07:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 07:07 . 2013-03-22 07:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 07:07 . 2013-03-22 07:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 07:07 . 2013-03-22 07:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 07:07 . 2013-03-22 07:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 07:07 . 2013-03-22 07:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 07:07 . 2013-03-22 07:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 07:07 . 2013-03-22 07:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 07:07 . 2013-03-22 07:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 07:07 . 2013-03-22 07:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 07:07 . 2013-03-22 07:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 07:07 . 2013-03-22 07:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 07:07 . 2013-03-22 07:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 07:07 . 2013-03-22 07:07 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 07:07 . 2013-03-22 07:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 07:07 . 2013-03-22 07:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 07:07 . 2013-03-22 07:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 07:07 . 2013-03-22 07:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 07:07 . 2013-03-22 07:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 07:07 . 2013-03-22 07:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 07:07 . 2013-03-22 07:07 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 07:07 . 2013-03-22 07:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 07:07 . 2013-03-22 07:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 07:07 . 2013-03-22 07:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 07:07 . 2013-03-22 07:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 07:07 . 2013-03-22 07:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 07:07 . 2013-03-22 07:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 07:07 . 2013-03-22 07:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 07:07 . 2013-03-22 07:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 07:07 . 2013-03-22 07:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 07:07 . 2013-03-22 07:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 07:07 . 2013-03-22 07:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 07:07 . 2013-03-22 07:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 07:07 . 2013-03-22 07:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 07:07 . 2013-03-22 07:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 07:07 . 2013-03-22 07:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 07:07 . 2013-03-22 07:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 07:07 . 2013-03-22 07:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 07:07 . 2013-03-22 07:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 07:05 . 2013-03-22 07:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-22 07:05 . 2013-03-22 07:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-22 07:05 . 2013-03-22 07:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-22 07:05 . 2013-03-22 07:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-22 07:05 . 2013-03-22 07:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-22 07:05 . 2013-03-22 07:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-22 07:05 . 2013-03-22 07:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 07:05 . 2013-03-22 07:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-22 07:05 . 2013-03-22 07:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-22 07:05 . 2013-03-22 07:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-22 07:05 . 2013-03-22 07:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-22 07:05 . 2013-03-22 07:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-22 07:05 . 2013-03-22 07:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-22 07:05 . 2013-03-22 07:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-22 07:05 . 2013-03-22 07:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 07:05 . 2013-03-22 07:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-22 07:05 . 2013-03-22 07:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-22 07:05 . 2013-03-22 07:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-22 07:05 . 2013-03-22 07:05 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-22 07:05 . 2013-03-22 07:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-22 07:05 . 2013-03-22 07:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-22 07:05 . 2013-03-22 07:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-22 07:05 . 2013-03-22 07:05 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-22 07:05 . 2013-03-22 07:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-22 07:05 . 2013-03-22 07:05 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-22 07:05 . 2013-03-22 07:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-22 07:05 . 2013-03-22 07:05 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-22 07:05 . 2013-03-22 07:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-22 07:05 . 2013-03-22 07:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-22 07:05 . 2013-03-22 07:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-04-08 1219248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-08 39768]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-08 990896]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 20:29 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 20:08]
.
2013-04-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-04-03 21:24]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 20:08]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///D:/vwr_data/WebVwr.cab
FF - ProfilePath - c:\users\becky\AppData\Roaming\Mozilla\Firefox\Profiles\7nnqdum0.default\
FF - ExtSQL: 2013-04-08 12:35; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2
FF - ExtSQL: !HIDDEN! 2012-11-02 09:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2013-04-21  11:20:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-21 15:20
ComboFix2.txt  2013-04-20 18:22
.
Pre-Run: 923,406,209,024 bytes free
Post-Run: 922,915,540,992 bytes free
.
- - End Of File - - 03EA1627F891F580E3EA668FE8BD4865
 



#24 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 21 April 2013 - 12:29 PM

Looking good.

Any remaining issues?

#25 beckygirl

beckygirl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 21 April 2013 - 07:22 PM

I've run into a couple of issues.  I used to use MSN for my emails and that has recently switched over to Outlook.com.  For some reason I can't get into outlook.com (my email account) at all.  I have tried the link from my homepage and I have tried typing the address.  Also, if I go into my old MSN account for my emails, I can't load any pictures or attachments (.jpg, .xls or .pdf for example).  I get the message "Command failed to execute".   Any ideas?



#26 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 22 April 2013 - 07:46 AM

The best offer I can give you are these two links.

http://answers.msn.com/thread.aspx?threadid=ae88a920-6ed4-495c-af87-da151d9eed6e

http://support.microsoft.com/?kbid=883260

If you cannot find a solution I suggest you start a new topic in the Business Application forum
http://www.bleepingcomputer.com/forums/forum16.html

I do not use MSN or OE.

==

When all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#27 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 28 April 2013 - 09:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users