Viruses

i take it back. there is little to no improvement.

What browser are you using?

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

I use Google Chrome.

I guess I have Microsoft Windows Recover Console installed already because I didn't get any prompts to install.

Also, ComboFix did not restart computer. Contents of Log below:


ComboFix 13-12-17.02 - Family 2013-12-17 21:26:22.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.16345.13736 [GMT -8:00]
Running from: c:\users\ss\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6361\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6361\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6361\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6361\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6361\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6361\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6361\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6361\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6361\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6361\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\2c784c13-702f-431e-a492-e9dddd757b25.dll
c:\programdata\PCDr\6361\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6361\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3cb2cbfc-72a8-4ae7-9061-1a58b1505327.dll
c:\programdata\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6361\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6361\AddOnDownloaded\5c103ca5-8249-401b-a699-41d0a39023f4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6361\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6361\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\704dfeb5-9129-4d88-8096-7f3bc80eb1ec.dll
c:\programdata\PCDr\6361\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6361\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6361\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6361\AddOnDownloaded\8d529c31-eeb1-4b4d-ab7e-98a38b1abf60.dll
c:\programdata\PCDr\6361\AddOnDownloaded\8fab1a01-d6b6-4640-ac86-c3ddd583c840.dll
c:\programdata\PCDr\6361\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9d97f346-8efc-4e33-9c3b-3eef6c324e61.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9e7391aa-d9c2-4547-bdb7-737a833083a2.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6361\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6361\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6361\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6361\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6361\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6361\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c4f346c1-09ef-4c0a-846d-8ca41f94690b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6361\AddOnDownloaded\cadaa395-f50b-45c6-81f6-b5aaa3c5efba.dll
c:\programdata\PCDr\6361\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6361\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6361\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6361\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\dde43788-ba3c-4b88-bc8a-de8a0eb22c79.dll
c:\programdata\PCDr\6361\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6361\AddOnDownloaded\e13c218f-cd37-454b-a187-3381a9945752.dll
c:\programdata\PCDr\6361\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6361\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f586fa98-17b8-498c-9c59-24de5750efab.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f73e8868-a1f5-4756-9eae-b4ffc305f35a.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\programdata\PCDr\6361\AddOnDownloaded\fc470dbb-846d-42d3-bb0a-6363a559f3fb.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-18 to 2013-12-18 )))))))))))))))))))))))))))))))
.
.
2013-12-18 05:29 . 2013-12-18 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 05:15 . 2013-12-17 05:15 -------- d-----w- c:\program files (x86)\ESET
2013-12-17 02:14 . 2013-12-17 02:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-17 02:13 . 2013-12-17 02:13 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-15 12:42 . 2013-12-15 12:42 -------- d-----w- c:\program files\Reimage
2013-12-15 12:19 . 2013-12-15 12:19 -------- d-----w- c:\windows\ERUNT
2013-12-15 12:11 . 2013-12-15 12:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-15 12:10 . 2013-12-15 12:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-15 12:10 . 2013-12-15 12:10 -------- d-----w- c:\program files (x86)\Java
2013-12-15 12:03 . 2013-12-15 12:03 -------- d-----w- c:\programdata\CDB
2013-12-15 12:01 . 2013-12-15 12:01 -------- d-----w- c:\users\ss\AppData\Local\AVG SafeGuard toolbar
2013-12-15 12:01 . 2013-12-18 02:01 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-12-15 12:01 . 2013-12-18 02:01 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-12-15 12:01 . 2013-12-18 02:01 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-12-15 12:01 . 2013-12-18 02:01 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-12-15 11:58 . 2013-12-15 11:58 -------- d--h--w- c:\programdata\Common Files
2013-12-15 11:46 . 2013-12-15 12:11 -------- d-----w- c:\programdata\Oracle
2013-12-14 18:32 . 2013-12-14 18:32 -------- d-----w- c:\users\ss\AppData\Roaming\Malwarebytes
2013-12-14 18:32 . 2013-12-14 18:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-14 18:32 . 2013-12-14 18:32 -------- d-----w- c:\programdata\Malwarebytes
2013-12-14 18:32 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-14 18:32 . 2013-12-14 18:32 -------- d-----w- c:\users\ss\AppData\Local\Programs
2013-12-14 18:22 . 2013-12-14 22:29 -------- d-----w- C:\AdwCleaner
2013-12-14 17:23 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 17:23 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 21:03 . 2013-12-12 21:03 254128 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10227.bin
2013-12-12 20:43 . 2013-12-12 20:43 -------- d-----w- c:\users\ss\AppData\Roaming\AVAST Software
2013-11-20 06:19 . 2013-11-20 06:19 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 18:06 . 2013-01-13 06:24 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 00:53 . 2013-11-14 20:20 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-14 20:20 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-28 23:20 . 2013-04-06 18:47 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-28 23:20 . 2013-04-06 18:47 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-28 23:20 . 2013-01-12 00:55 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-28 23:20 . 2013-01-12 00:55 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-28 23:20 . 2013-01-12 00:55 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-28 23:20 . 2013-01-12 00:55 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-28 23:20 . 2013-01-12 00:55 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-28 23:20 . 2013-01-12 00:55 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-28 23:20 . 2013-01-12 00:55 43152 ----a-w- c:\windows\avastSS.scr
2013-10-10 11:53 . 2013-11-14 00:38 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-14 00:39 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-14 00:38 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-14 00:39 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-14 00:39 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-14 00:38 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-14 00:39 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-14 00:38 2304512 ----a-w- c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-14 00:39 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-23 22:30 . 2013-11-14 00:38 419328 ----a-w- c:\windows\system32\schannel.dll
2013-09-23 22:30 . 2013-11-14 00:38 323072 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-18 02:01 3333144 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll" [2013-12-18 3333144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ss\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-02 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-17 56128]
"Shwicon9106"="c:\program files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe" [2012-06-28 262144]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-04 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-06-02 143888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\e5750e6a-a1bb-4259-8624-4ddf0a5eea7f.exe" [2013-11-23 180184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-28 3568312]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-12-18 2471448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Dell Display Manager.lnk - c:\program files (x86)\Dell\Dell Display Manager\ddm.exe [2013-1-17 571024]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 05:26 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2021929342-2636877692-3538982120-1001Core.job
- c:\users\ss\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-02 20:12]
.
2013-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2021929342-2636877692-3538982120-1001UA.job
- c:\users\ss\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-02 20:12]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 00:47]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-28 23:20 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-14 1212560]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-07-03 757888]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-07-03 127104]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.59.144.93 64.59.150.139
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ZoneAlarm - c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Toolbar-Locked - (no file)
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-12-17 21:30:40
ComboFix-quarantined-files.txt 2013-12-18 05:30
.
Pre-Run: 812,445,614,080 bytes free
Post-Run: 813,158,182,912 bytes free
.
- - End Of File - - A49A1F1B02C6489B9A4704B91CB869D2

Hi Dave

I have tried to remove mypc backup but have not been successful. i googled how to do it and can find the Hkey fiiles but can't delete them. I can't even find any mypc files...

I use Google Chrome.

Does the same thing happen with Internet Explorer?

I have tried to remove mypc backup but have not been successful.

Did you go to Control Panel, Programs and Features and try to uninstall it there? Please don't try to do any thing in the Registry.

i don't use IE. don't even have it installed.

yes, i tried looking for it under programs & features but it is not listed. at least i don't recognize it. is it time for me to take my computer in and pay to have someone clean it up for me? i am beginning to feel that it is.

I get an "SSL Connection Error" message or "this website is not available" when i try and open certain websites.

thanks again for all your help.

i don't use IE. don't even have it installed.

If you have Windows, you have IE. It just you have version 10 of IE in the Security log. I just want to know if it does the same thing with IE as it does with Google.

is it time for me to take my computer in and pay to have someone clean it up for me? i am beginning to feel that it is.

I seriously doubt that any repair shop will clean the computer. They will probably just do a format and a re-install of the OS.

I get an "SSL Connection Error" message or "this website is not available" when i try and open certain websites.

Please check this link. You probably won't get this error on IE.

i am sure i have IE but how do i launch it if i can't find it ?

so this looks like something i need to buy. is that correct?

by the way, what is 7 Zip 9.20?

i am sure i have IE but how do i launch it if i can't find it ?

Click on Start and see if it's there or you can click on My Computer, the C drive, Program Files, click on Internet Explorer and click on ieexplorer. That's the one with large e symbol

so this looks like something i need to buy. is that correct?

No, it's installed with Windows.

by the way, what is 7 Zip 9.20?.

You can find the answer here.

found IE. worse than chrome.
Windows 8 search tools are confusing.
already read the 7 zip stuff and didn't understand a word of it other than its open source. i guess the question is, do i need to have it?

the 7 zip stuff and didn't understand a word of it other than its open source. i guess the question is, do i need to have it?.

No, I don't believe you do with Windows 8.

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

sorry but no change to IE. on the link i used it said that Fix IE utility had been tested on IE 7, IE 8 and IE 9, on Windows Vista & Windows 7. I have IE 10 so maybe it doesn't work on that version.

sascha wrote:

sorry but no change to IE.  on the link i used it said that Fix IE utility had been tested on  IE 7, IE 8 and IE 9, on Windows Vista & Windows 7.  I have IE 10 so maybe it doesn't work on that version.

You should have version 11. Please try to update IE and see what happens.

it won't let me. says it can't run on my pc. attempted several times.

says my OS is not supported. need 7 SP1 or Server 2008 R2 SP1 to install IE 11

IE is way way worse now than chrome. at least with chrome i can access some websites, even if i can't navigate very well within them. e.g. i can access CNN but can't run any videos. some photos still not loading properly in facebook, CNN etc.

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

won't let me run it.

sascha wrote:

won't let me run it.

What kind of message are you receiving?

hi dave

things just went from bad to worse (i couldn't get back on GeekPolice) and so i called dell to ask for a flash drive to reinstall my OS which i did myself this morning. i couldn't open in safe mode or install or run anything. maybe its a crock but everything was pointing to a corrupted OS. i really appreciate your help in getting rid of the malware. you have been really patient. thanks again.