:thanx: Hi, I just wanted to start off by thanking you guys for the time you spend helping us with our computer problems. Its very much appreciated. Ok, the problems that I seem to be having is mostly my administrative rights being taken away and also system files being changed or I get locked out of them. Any system file that I would try to open or anything I would try to install would say:
ShellExecuteEx failed; code 203.
The system could not find the environment option that was entered.
I think I have fixed that problem and Im not having any trouble with that anymore but I dont think that my computer has gotten rid of all the malware and viruses so Im wanting to double check with you and see if theres anything else you can tell me. I have read over your "Spyware 1st Steps" and Ive tried to complete all the steps you ask. When I tried the scan using the gmer.exe program, my computer was having problems completeing the scan the first way you suggested to do it, which was selecting most of the boxes. The first time I tried my computer crashed and the second time the program shut down on me. So after that I tried and was able to complete the scan by having only the SECTIONS box and the C: drive box checked. So the ark.txt log and also the attach.txt log are both together in a zipped file named attach.zip. As for the DDS, its down below. Please let me know if theres anything else you need from me, and again thank you guys so much for the help :smitten: Oh, I have one other question I wanted to ask you. Whenever I open up my task manager and I view what processes are going, I see LOTS of svchost.exe applications listed. Theres like 14 of them running at once. Is this normal?? Just thought it was odd and was wondering. Please get back to me when you can. Thanks.
Here is the DDS log file:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.7.2
Run by Kathy at 4:34:35 on 2013-03-31
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1013.109 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
uProxyOverride = 192.168.*.*
mSearchAssistant = about:blank
uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - <orphaned>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - ?p=ZJxdm128YYUS
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\hqbl7thl.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-5-12 34248]
.
=============== Created Last 30 ================
.
2013-03-29 09:06:23 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5db351f-a5e7-47fa-87ea-ffdc0e74538e}\mpengine.dll
2013-03-27 20:28:08 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-27 20:28:03 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-03-27 20:28:03 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-03-27 10:01:34 -------- d-----w- c:\windows\CheckSur
2013-03-27 08:21:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 10:09:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-26 10:01:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-26 10:01:46 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-03-26 06:14:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-03-26 06:14:11 75776 ----a-w- c:\windows\system32\synceng.dll
2013-03-26 06:14:09 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-03-26 06:14:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-26 06:14:04 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-03-26 06:11:59 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-26 06:10:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-26 06:10:10 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-03-26 06:10:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-26 06:10:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-26 06:06:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-03-26 06:06:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-26 06:05:58 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-03-26 06:05:53 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-26 06:04:42 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-26 06:04:40 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-26 05:16:22 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-26 04:34:54 -------- d-----w- c:\users\kathy\WPDNSE
2013-03-26 03:43:53 344064 ----a-w- c:\users\kathy\~DF263D.tmp
2013-03-26 03:43:53 -------- d-----w- c:\users\kathy\appdata\roaming\Malwarebytes
2013-03-26 03:43:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 03:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 03:19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-26 02:20:42 -------- d-----w- c:\users\kathy\Temp1_other.zip
2013-03-26 02:20:39 -------- d-----w- c:\users\kathy\Temp1_core2.zip
2013-03-26 02:20:37 -------- d-----w- c:\users\kathy\Temp1_core1.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp3_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp2_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp1_ffjcext.zip
2013-03-26 02:20:03 -------- d-----w- c:\users\kathy\Temp1_hcsolutions.zip
2013-03-26 02:20:01 -------- d-----w- c:\users\kathy\Temp1_extra.zip
2013-03-26 02:20:00 -------- d-----w- c:\users\kathy\Temp1_core3.zip
2013-03-26 02:18:03 -------- d-----w- c:\users\kathy\Temp2_QTJava.zip
2013-03-26 02:17:55 -------- d-----w- c:\users\kathy\Temp1_guidAcheck.zip
2013-03-26 02:17:51 -------- d-----w- c:\users\kathy\Temp1_guid.zip
2013-03-26 02:06:41 -------- d-----w- c:\users\kathy\Temp1_{830D8CBD-C668-49e2-A969-C2C2106332E0}15f5ec1a.zip
2013-03-26 02:06:35 -------- d-----w- c:\users\kathy\Temp1_MS Office 9.0-0000.zip
2013-03-26 02:06:34 -------- d-----w- c:\users\kathy\Temp1_Log-0000.zip
2013-03-26 02:06:34 -------- d-----r- c:\users\kathy\Temp1_Adobe FlashPlayer Cookies-0000.zip
2013-03-26 02:06:17 -------- d-----w- c:\users\kathy\Temp1_QTJava.zip
2013-03-25 23:36:42 23784 ----a-w- c:\users\kathy\jar_cache810545407248282337.tmp
2013-03-25 23:36:38 162342 ----a-w- c:\users\kathy\jar_cache5944341240564910929.tmp
2013-03-25 23:33:03 24087 ----a-w- c:\users\kathy\jar_cache1260781167568378051.tmp
2013-03-25 23:32:57 155614 ----a-w- c:\users\kathy\jar_cache9104242265208800127.tmp
2013-03-25 23:29:55 161473 ----a-w- c:\users\kathy\jar_cache5011018460118787721.tmp
2013-03-25 16:27:11 -------- d-----w- c:\users\kathy\gm_ttt_60810
2013-03-25 16:13:29 335520 ----a-w- c:\users\kathy\4E4E.tmp
2013-03-25 08:40:58 0 ------w- c:\users\kathy\jar_cache2237421101716404614.tmp
2013-03-25 08:36:59 -------- d-----w- c:\users\kathy\plugtmp-7
2013-03-24 19:05:42 -------- d-----w- c:\users\kathy\plugtmp-6
.
==================== Find3M ====================
.
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-17 08:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 4:48:58.43 ===============
ShellExecuteEx failed; code 203.
The system could not find the environment option that was entered.
I think I have fixed that problem and Im not having any trouble with that anymore but I dont think that my computer has gotten rid of all the malware and viruses so Im wanting to double check with you and see if theres anything else you can tell me. I have read over your "Spyware 1st Steps" and Ive tried to complete all the steps you ask. When I tried the scan using the gmer.exe program, my computer was having problems completeing the scan the first way you suggested to do it, which was selecting most of the boxes. The first time I tried my computer crashed and the second time the program shut down on me. So after that I tried and was able to complete the scan by having only the SECTIONS box and the C: drive box checked. So the ark.txt log and also the attach.txt log are both together in a zipped file named attach.zip. As for the DDS, its down below. Please let me know if theres anything else you need from me, and again thank you guys so much for the help :smitten: Oh, I have one other question I wanted to ask you. Whenever I open up my task manager and I view what processes are going, I see LOTS of svchost.exe applications listed. Theres like 14 of them running at once. Is this normal?? Just thought it was odd and was wondering. Please get back to me when you can. Thanks.
Here is the DDS log file:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.7.2
Run by Kathy at 4:34:35 on 2013-03-31
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1013.109 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
uProxyOverride = 192.168.*.*
mSearchAssistant = about:blank
uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - <orphaned>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - ?p=ZJxdm128YYUS
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\hqbl7thl.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-5-12 34248]
.
=============== Created Last 30 ================
.
2013-03-29 09:06:23 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5db351f-a5e7-47fa-87ea-ffdc0e74538e}\mpengine.dll
2013-03-27 20:28:08 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-27 20:28:03 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-03-27 20:28:03 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-03-27 10:01:34 -------- d-----w- c:\windows\CheckSur
2013-03-27 08:21:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 10:09:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-26 10:01:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-26 10:01:46 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-03-26 06:14:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-03-26 06:14:11 75776 ----a-w- c:\windows\system32\synceng.dll
2013-03-26 06:14:09 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-03-26 06:14:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-26 06:14:04 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-03-26 06:11:59 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-26 06:10:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-26 06:10:10 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-03-26 06:10:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-26 06:10:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-26 06:06:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-03-26 06:06:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-26 06:05:58 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-03-26 06:05:53 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-26 06:04:42 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-26 06:04:40 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-26 05:16:22 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-26 04:34:54 -------- d-----w- c:\users\kathy\WPDNSE
2013-03-26 03:43:53 344064 ----a-w- c:\users\kathy\~DF263D.tmp
2013-03-26 03:43:53 -------- d-----w- c:\users\kathy\appdata\roaming\Malwarebytes
2013-03-26 03:43:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 03:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 03:19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-26 02:20:42 -------- d-----w- c:\users\kathy\Temp1_other.zip
2013-03-26 02:20:39 -------- d-----w- c:\users\kathy\Temp1_core2.zip
2013-03-26 02:20:37 -------- d-----w- c:\users\kathy\Temp1_core1.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp3_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp2_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp1_ffjcext.zip
2013-03-26 02:20:03 -------- d-----w- c:\users\kathy\Temp1_hcsolutions.zip
2013-03-26 02:20:01 -------- d-----w- c:\users\kathy\Temp1_extra.zip
2013-03-26 02:20:00 -------- d-----w- c:\users\kathy\Temp1_core3.zip
2013-03-26 02:18:03 -------- d-----w- c:\users\kathy\Temp2_QTJava.zip
2013-03-26 02:17:55 -------- d-----w- c:\users\kathy\Temp1_guidAcheck.zip
2013-03-26 02:17:51 -------- d-----w- c:\users\kathy\Temp1_guid.zip
2013-03-26 02:06:41 -------- d-----w- c:\users\kathy\Temp1_{830D8CBD-C668-49e2-A969-C2C2106332E0}15f5ec1a.zip
2013-03-26 02:06:35 -------- d-----w- c:\users\kathy\Temp1_MS Office 9.0-0000.zip
2013-03-26 02:06:34 -------- d-----w- c:\users\kathy\Temp1_Log-0000.zip
2013-03-26 02:06:34 -------- d-----r- c:\users\kathy\Temp1_Adobe FlashPlayer Cookies-0000.zip
2013-03-26 02:06:17 -------- d-----w- c:\users\kathy\Temp1_QTJava.zip
2013-03-25 23:36:42 23784 ----a-w- c:\users\kathy\jar_cache810545407248282337.tmp
2013-03-25 23:36:38 162342 ----a-w- c:\users\kathy\jar_cache5944341240564910929.tmp
2013-03-25 23:33:03 24087 ----a-w- c:\users\kathy\jar_cache1260781167568378051.tmp
2013-03-25 23:32:57 155614 ----a-w- c:\users\kathy\jar_cache9104242265208800127.tmp
2013-03-25 23:29:55 161473 ----a-w- c:\users\kathy\jar_cache5011018460118787721.tmp
2013-03-25 16:27:11 -------- d-----w- c:\users\kathy\gm_ttt_60810
2013-03-25 16:13:29 335520 ----a-w- c:\users\kathy\4E4E.tmp
2013-03-25 08:40:58 0 ------w- c:\users\kathy\jar_cache2237421101716404614.tmp
2013-03-25 08:36:59 -------- d-----w- c:\users\kathy\plugtmp-7
2013-03-24 19:05:42 -------- d-----w- c:\users\kathy\plugtmp-6
.
==================== Find3M ====================
.
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-17 08:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 4:48:58.43 ===============