I discovered yesterday that my daughter's netbook was infected with XP Internet Security 2012. Before finding your site I successfully identified and removed the offending executable from both the App Data folder and the system cache folder. Then I Googled and found a thread on your site and was able to run FixNCR.reg to enable executables to launch. The system seems normal now except that Windows Security Essentials and Windows Update cannot get updates from the Microsoft web service. Error number is 0x80070424. I followed MS guidance on this error message (make sure required services are enabled, install latest version of Windows Update Agent) successfully but it did not solve the problem. I performed full system scan with Windows Malicious Software Removal Tool and Windows Security Essentials -- no problems were detected by either one.
I have now discovered your instructions for initiating a support thread. You will find the logs below. Please let me know how to proceed to enable updates from MS and to correct any other problems you may detect.
Thanks in advance!
[Note: Complete message is too long. Attach.txt will appear in a follow-up message.]
=====Malwarebytes Log=======================================================
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.12.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: USER-B5561F4EE6 [administrator]
1/12/2012 12:10:51 PM
mbam-log-2012-01-12 (12-10-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 165512
Time elapsed: 8 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 19
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: w|‰F¦ç3L¿ûéÂâq‰B -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files\QuestScan\questscan.dll -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\Owner\Local Settings\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\vve.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.
(end)
=====End of Malwarebytes Log============================================
=====GMER Log===========================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-12 12:30:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8025GAL rev.BD102A
Running: pp3ybm9u.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agncrpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
=====End of GMER Log=====================================================
=====DDS.txt=============================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 13:10:06 on 2012-01-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.528 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{A16A61EF-689E-49AB-B40A-EA6D560F1FFC} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\f3c6r062.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsla0009af8;MpKsla0009af8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\MpKsla0009af8.sys [2012-1-12 29904]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-1-14 345336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-1-3 112128]
S1 MpKsl033e51f4;MpKsl033e51f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{80ec8a8b-3eb9-41e5-b514-dcbbe3065f33}\mpksl033e51f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{80ec8a8b-3eb9-41e5-b514-dcbbe3065f33}\MpKsl033e51f4.sys [?]
S1 MpKsl11ec26f4;MpKsl11ec26f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksl11ec26f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsl11ec26f4.sys [?]
S1 MpKsl17729d41;MpKsl17729d41;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\mpksl17729d41.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\MpKsl17729d41.sys [?]
S1 MpKsl38ebef73;MpKsl38ebef73;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksl38ebef73.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsl38ebef73.sys [?]
S1 MpKsl3ff54a23;MpKsl3ff54a23;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\mpksl3ff54a23.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\MpKsl3ff54a23.sys [?]
S1 MpKsl48247695;MpKsl48247695;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl48247695.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl48247695.sys [?]
S1 MpKsl48d86cbb;MpKsl48d86cbb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6aee6db-a836-42df-90a6-c458f508622e}\mpksl48d86cbb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6aee6db-a836-42df-90a6-c458f508622e}\MpKsl48d86cbb.sys [?]
S1 MpKsl490299c2;MpKsl490299c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl490299c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl490299c2.sys [?]
S1 MpKsl4ee76185;MpKsl4ee76185;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27672250-988f-43a4-b3eb-ef2fdba26535}\mpksl4ee76185.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27672250-988f-43a4-b3eb-ef2fdba26535}\MpKsl4ee76185.sys [?]
S1 MpKsl5c36086c;MpKsl5c36086c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\mpksl5c36086c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\MpKsl5c36086c.sys [?]
S1 MpKsl6285954b;MpKsl6285954b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e47f504-8511-4e0a-9a3b-bc4b8cfb6d51}\mpksl6285954b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e47f504-8511-4e0a-9a3b-bc4b8cfb6d51}\MpKsl6285954b.sys [?]
S1 MpKsl642c042a;MpKsl642c042a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{271f73bf-7b43-4e52-85e4-e473f0926991}\mpksl642c042a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{271f73bf-7b43-4e52-85e4-e473f0926991}\MpKsl642c042a.sys [?]
S1 MpKsl64ecffcc;MpKsl64ecffcc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpksl64ecffcc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKsl64ecffcc.sys [?]
S1 MpKsl65db795f;MpKsl65db795f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl65db795f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl65db795f.sys [?]
S1 MpKsl699813d9;MpKsl699813d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpksl699813d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKsl699813d9.sys [?]
S1 MpKsl769b56ba;MpKsl769b56ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cee42a22-d305-434c-8252-9b73c493079f}\mpksl769b56ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cee42a22-d305-434c-8252-9b73c493079f}\MpKsl769b56ba.sys [?]
S1 MpKsl776ea1d4;MpKsl776ea1d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\mpksl776ea1d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\MpKsl776ea1d4.sys [?]
S1 MpKsl7c100916;MpKsl7c100916;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\mpksl7c100916.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\MpKsl7c100916.sys [?]
S1 MpKsl947a69b6;MpKsl947a69b6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl947a69b6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl947a69b6.sys [?]
S1 MpKsla03acf28;MpKsla03acf28;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksla03acf28.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsla03acf28.sys [?]
S1 MpKsladb5a15d;MpKsladb5a15d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\mpksladb5a15d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\MpKsladb5a15d.sys [?]
S1 MpKslc0d4b25c;MpKslc0d4b25c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1e76c23-b58c-433b-bf7a-b55c29e30692}\mpkslc0d4b25c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1e76c23-b58c-433b-bf7a-b55c29e30692}\MpKslc0d4b25c.sys [?]
S1 MpKslc389921d;MpKslc389921d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpkslc389921d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKslc389921d.sys [?]
S1 MpKslc4716ed6;MpKslc4716ed6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpkslc4716ed6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKslc4716ed6.sys [?]
S1 MpKslc65e8f80;MpKslc65e8f80;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpkslc65e8f80.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKslc65e8f80.sys [?]
S1 MpKslcf877fbc;MpKslcf877fbc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{221fb447-19b1-4b48-98af-4e8d5406fd34}\mpkslcf877fbc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{221fb447-19b1-4b48-98af-4e8d5406fd34}\MpKslcf877fbc.sys [?]
S1 MpKsld2585d19;MpKsld2585d19;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksld2585d19.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsld2585d19.sys [?]
S1 MpKsld753e17c;MpKsld753e17c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksld753e17c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsld753e17c.sys [?]
S1 MpKslf0725f66;MpKslf0725f66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpkslf0725f66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKslf0725f66.sys [?]
S1 MpKslf3161fdc;MpKslf3161fdc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpkslf3161fdc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKslf3161fdc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2011-1-3 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [2011-1-3 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2011-1-3 104448]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-12 19:08:00 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\MpKsla0009af8.sys
2012-01-12 19:07:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\offreg.dll
2012-01-12 18:09:26 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-12 18:08:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-12 18:08:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 18:08:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 02:06:20 -------- d-----w- C:\81b340ccc1d0935e653f
2012-01-12 01:50:54 -------- d-----w- C:\9db39fa925c76cd3f447c757d1f3
2012-01-12 01:49:09 -------- d-----w- C:\d532972f6c9db24d50b38a9afe1d
2012-01-12 00:06:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2012-01-12 00:06:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
2012-01-11 19:50:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\SanctionedMedia
2012-01-11 17:19:28 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-05 17:05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 13:11:26.29 ===============
I have now discovered your instructions for initiating a support thread. You will find the logs below. Please let me know how to proceed to enable updates from MS and to correct any other problems you may detect.
Thanks in advance!
[Note: Complete message is too long. Attach.txt will appear in a follow-up message.]
=====Malwarebytes Log=======================================================
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.12.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: USER-B5561F4EE6 [administrator]
1/12/2012 12:10:51 PM
mbam-log-2012-01-12 (12-10-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 165512
Time elapsed: 8 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 19
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: w|‰F¦ç3L¿ûéÂâq‰B -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files\QuestScan\questscan.dll -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Documents and Settings\Owner\Local Settings\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\vve.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.
(end)
=====End of Malwarebytes Log============================================
=====GMER Log===========================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-12 12:30:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8025GAL rev.BD102A
Running: pp3ybm9u.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agncrpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
=====End of GMER Log=====================================================
=====DDS.txt=============================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 13:10:06 on 2012-01-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.528 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{A16A61EF-689E-49AB-B40A-EA6D560F1FFC} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\f3c6r062.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsla0009af8;MpKsla0009af8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\MpKsla0009af8.sys [2012-1-12 29904]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-1-14 345336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-1-3 112128]
S1 MpKsl033e51f4;MpKsl033e51f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{80ec8a8b-3eb9-41e5-b514-dcbbe3065f33}\mpksl033e51f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{80ec8a8b-3eb9-41e5-b514-dcbbe3065f33}\MpKsl033e51f4.sys [?]
S1 MpKsl11ec26f4;MpKsl11ec26f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksl11ec26f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsl11ec26f4.sys [?]
S1 MpKsl17729d41;MpKsl17729d41;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\mpksl17729d41.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\MpKsl17729d41.sys [?]
S1 MpKsl38ebef73;MpKsl38ebef73;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksl38ebef73.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsl38ebef73.sys [?]
S1 MpKsl3ff54a23;MpKsl3ff54a23;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\mpksl3ff54a23.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74929d3e-4c68-4edf-a2a7-550e33c86c63}\MpKsl3ff54a23.sys [?]
S1 MpKsl48247695;MpKsl48247695;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl48247695.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl48247695.sys [?]
S1 MpKsl48d86cbb;MpKsl48d86cbb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6aee6db-a836-42df-90a6-c458f508622e}\mpksl48d86cbb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6aee6db-a836-42df-90a6-c458f508622e}\MpKsl48d86cbb.sys [?]
S1 MpKsl490299c2;MpKsl490299c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl490299c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl490299c2.sys [?]
S1 MpKsl4ee76185;MpKsl4ee76185;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27672250-988f-43a4-b3eb-ef2fdba26535}\mpksl4ee76185.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27672250-988f-43a4-b3eb-ef2fdba26535}\MpKsl4ee76185.sys [?]
S1 MpKsl5c36086c;MpKsl5c36086c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\mpksl5c36086c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\MpKsl5c36086c.sys [?]
S1 MpKsl6285954b;MpKsl6285954b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e47f504-8511-4e0a-9a3b-bc4b8cfb6d51}\mpksl6285954b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e47f504-8511-4e0a-9a3b-bc4b8cfb6d51}\MpKsl6285954b.sys [?]
S1 MpKsl642c042a;MpKsl642c042a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{271f73bf-7b43-4e52-85e4-e473f0926991}\mpksl642c042a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{271f73bf-7b43-4e52-85e4-e473f0926991}\MpKsl642c042a.sys [?]
S1 MpKsl64ecffcc;MpKsl64ecffcc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpksl64ecffcc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKsl64ecffcc.sys [?]
S1 MpKsl65db795f;MpKsl65db795f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl65db795f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl65db795f.sys [?]
S1 MpKsl699813d9;MpKsl699813d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpksl699813d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKsl699813d9.sys [?]
S1 MpKsl769b56ba;MpKsl769b56ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cee42a22-d305-434c-8252-9b73c493079f}\mpksl769b56ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cee42a22-d305-434c-8252-9b73c493079f}\MpKsl769b56ba.sys [?]
S1 MpKsl776ea1d4;MpKsl776ea1d4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\mpksl776ea1d4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ba55130-50fe-45d9-b708-b4c3baeecf7f}\MpKsl776ea1d4.sys [?]
S1 MpKsl7c100916;MpKsl7c100916;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\mpksl7c100916.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\MpKsl7c100916.sys [?]
S1 MpKsl947a69b6;MpKsl947a69b6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksl947a69b6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsl947a69b6.sys [?]
S1 MpKsla03acf28;MpKsla03acf28;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksla03acf28.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsla03acf28.sys [?]
S1 MpKsladb5a15d;MpKsladb5a15d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\mpksladb5a15d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02da85fa-f160-4ae3-a20c-3b911a40d6a9}\MpKsladb5a15d.sys [?]
S1 MpKslc0d4b25c;MpKslc0d4b25c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1e76c23-b58c-433b-bf7a-b55c29e30692}\mpkslc0d4b25c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1e76c23-b58c-433b-bf7a-b55c29e30692}\MpKslc0d4b25c.sys [?]
S1 MpKslc389921d;MpKslc389921d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpkslc389921d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKslc389921d.sys [?]
S1 MpKslc4716ed6;MpKslc4716ed6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpkslc4716ed6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKslc4716ed6.sys [?]
S1 MpKslc65e8f80;MpKslc65e8f80;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpkslc65e8f80.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKslc65e8f80.sys [?]
S1 MpKslcf877fbc;MpKslcf877fbc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{221fb447-19b1-4b48-98af-4e8d5406fd34}\mpkslcf877fbc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{221fb447-19b1-4b48-98af-4e8d5406fd34}\MpKslcf877fbc.sys [?]
S1 MpKsld2585d19;MpKsld2585d19;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\mpksld2585d19.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9ed5ab5-f06c-4476-abca-30449a5bac63}\MpKsld2585d19.sys [?]
S1 MpKsld753e17c;MpKsld753e17c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpksld753e17c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKsld753e17c.sys [?]
S1 MpKslf0725f66;MpKslf0725f66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\mpkslf0725f66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c46e0eeb-eb00-481d-a955-2177618ee932}\MpKslf0725f66.sys [?]
S1 MpKslf3161fdc;MpKslf3161fdc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\mpkslf3161fdc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68ee7efd-6fbf-46a1-b902-b4a4e85645b3}\MpKslf3161fdc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2011-1-3 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [2011-1-3 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2011-1-3 104448]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-12 19:08:00 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\MpKsla0009af8.sys
2012-01-12 19:07:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\offreg.dll
2012-01-12 18:09:26 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-12 18:08:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-12 18:08:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 18:08:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 02:06:20 -------- d-----w- C:\81b340ccc1d0935e653f
2012-01-12 01:50:54 -------- d-----w- C:\9db39fa925c76cd3f447c757d1f3
2012-01-12 01:49:09 -------- d-----w- C:\d532972f6c9db24d50b38a9afe1d
2012-01-12 00:06:58 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2012-01-12 00:06:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
2012-01-11 19:50:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\SanctionedMedia
2012-01-11 17:19:28 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a81dcff1-704d-4997-99aa-fa5949207ec3}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-05 17:05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 13:11:26.29 ===============