Lunker16

Here are the results of the scan Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 25 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````

Sorry, I think I posted the log files before I deleted. I ran both programs again and posted the new logfiles. The computer seems to be running trouble free mbam-log-2013-09-08 (10-53-16).txt AdwCleanerS1.txt

Thanks Mr. C, Here are the files. Things seem to be getting better. AdwCleanerS0.txt MBAM-log-2013-09-08 (09-29-38).txt

Thank you MrCharlie, Here are the results of the scan. RKreport0_S_09072013_225132.txt

Hello, I think I have a malware infection. My computer keeps installing fake security software. Any help would be greatly appreciated. dds.txt attach.txt

Results of the Security Check: Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpyroPortalDriver Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 23 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````

I Could only find one and I uninstalled it. Looks like the message went away. I think that it has been installing itself

Just noticed one problem When I try to log onto Internet explorer a window pops up that says: {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}:GoogleToolbarNotifier.exe - Application Error The exception unknown software exception (0xc00000fd) occurred in the application at location 0x777853b4. Click on ok to terminate the program I click ok but it keeps popping up

MrC, Here are the reports. So far things deem to be running a lot better AdwCleanerR0.txt AdwCleanerS0.txt MBAM-log-2013-08-26 (20-45-30).txt

Here is the new log RKreport0_S_08262013_185904.txt

Thanks MrC, Here are the log files. Everything seems to be working great. Fixlog.txt mbar-log-2013-08-26 (16-49-00).txt system-log.txt

Here you go: FRST.txt Addition.txt

Thank You for the reply Mr. Charlie, Here are the items you wanted: attach.txt RKreport0_S_08252013_204107.txt

I have run malware bytes 3 times, and it finds infections but they keep coming back. Also ran DDS. Here are the text files. Any help would be greatly appreciated. DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.19453 Run by Michael at 19:21:58 on 2013-08-24 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.2882 [GMT -5:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Windows\system32\atashost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\program files\windows ilivid toolbar\datamngr\IEBHO.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - c:\program files\delorme\sendtogps\PNPluginForIE.dll TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_SCF5.tmp" /EF "HKCU" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [spUninstallDeleteDir] rmdir /s /q "c:\users\michael\appdata\roaming\SearchProtect" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [FLMOFFICE4DMOUSE] c:\program files\micro innovations\wireless optical navigator mouse\mouse32a.exe mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll LSP: c:\program files\avira\antivir desktop\avsda.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: NameServer = 192.168.1.1 192.168.5.1 TCP: Interfaces\{E41DC90B-5C78-411A-ABA7-E0A66542123F} : DHCPNameServer = 192.168.1.1 192.168.5.1 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-1-2 20376] S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-9 37352] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-9 84024] S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-9 108088] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-9 84744] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072] S2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-7-3 104960] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-7-3 17920] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-7 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-4-7 27192] S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2010-7-7 29824] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-8-9 589368] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-08-24 01:21:05 -------- d-----w- c:\users\michael\appdata\local\{BD7F593B-19CB-49C0-8D67-E5B1014BF4BC} 2013-08-24 01:07:55 -------- d-----w- c:\users\michael\appdata\roaming\7go 2013-08-24 01:07:41 -------- d-----w- c:\program files\Conduit 2013-08-24 01:07:38 -------- d-----w- c:\users\michael\appdata\local\Conduit 2013-08-24 01:07:27 -------- d-----w- c:\program files\MyPC Backup 2013-08-24 01:06:50 -------- d-----w- c:\users\michael\appdata\roaming\SpeedAnalysis2 2013-08-24 01:06:48 -------- d-----w- c:\users\michael\appdata\roaming\File Scout 2013-08-22 20:21:15 -------- d-----w- c:\users\michael\appdata\local\{01243DFE-0754-416D-9473-774D672A4668} 2013-08-21 21:14:05 -------- d-----w- c:\users\michael\appdata\local\{4F3BD11B-C3C8-483A-8B5B-3DBA146BE9DE} 2013-08-20 21:50:11 -------- d-----w- c:\users\michael\appdata\local\{C9E2462D-BF09-4827-A6EE-668A345AC1E8} 2013-08-19 16:03:25 -------- d-----w- c:\users\michael\appdata\local\{541AE1B9-B0B8-4032-8AA8-DCD56D7B8F01} 2013-08-18 22:04:44 -------- d-----w- c:\users\michael\appdata\local\{3FFBF2BF-55EF-4E58-83BE-E4AF1D8C168E} 2013-08-17 15:41:08 -------- d-----w- c:\users\michael\appdata\local\{B73AC201-96FF-45A2-8ABA-C7656B0D358B} 2013-08-16 13:40:55 -------- d-----w- c:\users\michael\appdata\local\{933FB8AD-E2DF-4431-9F8B-1DBE7744F793} 2013-08-15 16:04:55 -------- d-----w- c:\users\michael\appdata\local\{269B7609-A5E9-4A2B-8E0F-39B3133ACE96} 2013-08-15 01:21:49 -------- d-----w- c:\users\michael\appdata\local\{12F8E317-9B33-46D1-B0B4-B5A388D9B325} 2013-08-14 12:37:49 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 12:37:49 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 12:37:49 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 12:37:49 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 12:21:48 -------- d-----w- c:\users\michael\appdata\local\{708E2E1A-7D23-4D6C-9D16-AAC0B5876D3E} 2013-08-13 17:59:35 -------- d-----w- c:\users\michael\appdata\local\{8DDDBFEA-C562-49EC-8959-96AE10E03A95} 2013-08-12 13:41:06 -------- d-----w- c:\users\michael\appdata\local\{B02B1B9B-5856-4C40-9335-4D72BEBD1C11} 2013-08-11 17:06:13 -------- d-----w- c:\users\michael\appdata\local\{AE436423-B25A-4982-A70C-F326172AF832} 2013-08-10 18:03:18 -------- d-----w- c:\users\michael\appdata\local\{45F0CE80-26F6-4F9B-85A9-EC8ED6C406F1} 2013-08-10 01:01:45 -------- d-----w- c:\users\michael\appdata\roaming\Avira 2013-08-10 00:59:25 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-08-10 00:59:24 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-08-10 00:59:09 -------- d-----w- c:\programdata\Avira 2013-08-10 00:59:09 -------- d-----w- c:\program files\Avira 2013-08-10 00:39:02 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{267f3cf8-47a1-449f-96b9-2c46297d23b0}\mpengine.dll 2013-08-10 00:24:14 -------- d-----w- c:\users\michael\appdata\local\{BE43066C-D94B-4F93-9E90-5ADE3495E200} 2013-08-03 13:47:33 -------- d-----w- c:\users\michael\appdata\local\{EEAE665B-8E45-43E5-929E-FB8944429A37} 2013-08-02 13:49:47 -------- d-----w- c:\users\michael\appdata\local\{0062878E-ABC8-4D27-A306-764C3DB71FE6} 2013-08-01 14:00:28 -------- d-----w- c:\users\michael\appdata\local\{934EE4BE-EB9F-4707-A517-B7E4E6CFF4E0} 2013-07-31 13:14:17 -------- d-----w- c:\users\michael\appdata\local\{B08256A0-9AFC-4947-A577-895DF8258419} 2013-07-30 17:06:59 -------- d-----w- c:\users\michael\appdata\local\{1287D8BF-5632-408B-9BE2-988E8B6F4F56} 2013-07-29 16:02:58 -------- d-----w- c:\users\michael\appdata\local\{8421BBB3-5541-4C85-8FE8-D5372476017D} 2013-07-28 16:21:15 -------- d-----w- c:\users\michael\appdata\local\{1DD80D06-9CD1-4D70-A0AC-E3263C90B3DC} 2013-07-27 21:00:16 -------- d-----w- c:\users\michael\appdata\local\{33B9B9CC-A22A-4827-83E3-1899F16DBDC1} 2013-07-26 17:32:33 -------- d-----w- c:\users\michael\appdata\local\{06993DEE-53DD-489F-BB81-1633CA4AD768} 2013-07-26 00:26:17 -------- d-----w- c:\users\michael\appdata\local\{623BB302-D5B5-4A09-8D08-FF91433E06C1} . ==================== Find3M ==================== . 2013-08-20 22:30:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-20 22:30:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-24 00:33:07 916480 ----a-w- c:\windows\system32\wininet.dll 2013-07-24 00:32:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-24 00:32:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-24 00:32:56 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-24 00:32:55 71680 ----a-w- c:\windows\system32\iesetup.dll 2013-07-23 23:56:25 385024 ----a-w- c:\windows\system32\html.iec 2013-07-23 23:49:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-23 23:49:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-15 13:22:11 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-06-15 11:23:33 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll . ============= FINISH: 19:23:28.27 ===============