Was infected with vista antispyware 2012. scanned and deleted and rebooted, now internet wont work. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_27 Run by Owner at 10:16:58 on 2012-01-04 MicrosoftÆ Windows Vistaô Ultimate 6.0.6001.1.1252.1.1033.18.2045.796 [GMT -8:00] . AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\Windows\system32\svchost.exe -k rpcssaz C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3A.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun uRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe" uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [AdobeBridge] uRun: [Download] "c:\users\owner\appdata\local\supportsoft\ddoctorv2\owner\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe" uRun: [WP-4530 Series(Network)] "c:\windows\system32\spool\drivers\w32x86\3\e_tatih3a.exe" /fu "c:\users\owner\appdata\local\temp\E_S1C3F.tmp" /EF "HKCU" mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [synTPStart] "c:\program files\synaptics\syntp\SynTPStart.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe" mRun: [NvSvc] "c:\windows\system32\rundll32.exe" c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] "c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\showin~1.lnk - c:\program files\showingsync\ShowingSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: cstv.com Trusted Zone: cstv.com\grfx Trusted Zone: facebook.com\www Trusted Zone: google.com\www Trusted Zone: imprev.net\prudential Trusted Zone: orefonline.com Trusted Zone: pru-nw.com\www.birwin Trusted Zone: rmlsweb.com\forms Trusted Zone: wsucougars.com\www DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{19A96A49-D081-49CF-96CF-12C1DA37EB4D} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{37EDCD37-393E-4F0B-B46A-0569081B372F} : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\4aufq8d5.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q= FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - plugin: c:\program files\funwebproducts\installr\1.bin\NPFUNWEB.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\owner\appdata\roaming\Move Networks . ============= SERVICES / DRIVERS =============== . R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 20464] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-17 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-17 43904] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776] . =============== Created Last 30 ================ . 2012-01-04 07:54:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-01-04 07:36:06 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes 2012-01-04 07:35:55 -------- d-----w- c:\programdata\Malwarebytes 2012-01-04 07:35:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-04 07:35:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-03 09:38:11 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d9b93226-2b21-49bd-abf3-60dd044a4c84}\mpengine.dll 2011-12-21 17:36:24 -------- d-----w- c:\users\owner\appdata\local\ABBYY 2011-12-21 17:19:41 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint 2011-12-21 17:19:38 -------- d-----w- c:\programdata\ABBYY 2011-12-21 17:19:38 -------- d-----w- c:\program files\common files\ABBYY 2011-12-21 17:06:13 458129 ----a-w- c:\windows\system32\ensppui.dll 2011-12-21 17:06:13 249344 ----a-w- c:\windows\system32\enspres.dll 2011-12-21 17:06:12 475410 ----a-w- c:\windows\system32\ensppmon.dll 2011-12-21 17:06:12 458129 ----a-w- c:\windows\system32\enppui.dll 2011-12-21 17:06:12 249344 ----a-w- c:\windows\system32\enpres.dll 2011-12-21 17:06:11 475410 ----a-w- c:\windows\system32\enppmon.dll 2011-12-21 17:06:09 -------- d-----w- c:\program files\EpsonNet 2011-12-21 17:05:22 -------- d-----w- c:\program files\common files\EPSON 2011-12-21 17:01:48 -------- d-----w- c:\program files\Epson America Inc 2011-12-21 17:01:25 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2011-12-21 17:01:23 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2011-12-21 17:01:23 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2011-12-21 17:01:17 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2011-12-21 17:01:02 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe 2011-12-21 16:59:06 -------- d-----w- c:\program files\Epson Software 2011-12-21 16:51:47 93696 ----a-w- c:\windows\system32\E_TLBH3A.DLL 2011-12-21 16:51:29 81408 ----a-w- c:\windows\system32\E_TD4BH3A.DLL 2011-12-21 16:50:42 -------- d-----w- c:\programdata\EPSON 2011-12-21 16:48:35 341504 ----a-w- c:\windows\system32\esw2ud.dll 2011-12-21 16:48:35 132560 ----a-w- c:\windows\system32\esdevapp.exe 2011-12-21 16:48:35 12800 ----a-w- c:\windows\system32\escdev.dll 2011-12-21 16:47:44 -------- d-----w- c:\program files\epson 2011-12-15 11:06:02 -------- d-----w- C:\MSIf4783.tmp 2011-12-14 17:31:35 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll . ==================== Find3M ==================== . . ============= FINISH: 10:30:16.99 =============== Attach.zip
