Alright so I used MSE and Malwarebytes to remove it and then I was having issues with my firewall not turning on so I used post 2 from here:
http://answers.microsoft.com/en-us/...firewall/ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee
Once I got firewall and BFE to reappear after a reset I got errors for those to start and my internet stopped working. Here are my logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122301
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/22/2011 11:19:42 PM
mbam-log-2011-12-22 (23-19-42).txt
Scan type: Quick scan
Objects scanned: 205241
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Gmer
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-22 23:35:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200KS-75PFB0 rev.21.00M21
Running: qmrrckbj.exe; Driver: C:\Users\Welch\AppData\Local\Temp\fgloqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C45369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 004011D1 42 Bytes [C4, 08, 5D, C3, CC, CC, CC, ...]
.text autochk.exe 004011FC 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401202 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text autochk.exe 0040122C 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401232 47 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\MediaMall\MediaMallServer.exe[1032] KERNEL32.dll!GetFileAttributesExW 75CF307E 6 Bytes JMP 71A90F5A
.text C:\Program Files\MediaMall\MediaMallServer.exe[1032] KERNEL32.dll!GetModuleFileNameW 75CFEF35 6 Bytes JMP 71AF0F5A
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB28521$\3558784311 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\@ 2048 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\bckfg.tmp 814 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\keywords 219 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\L 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\L\xadqgnnk 338944 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000032.@ 97792 bytes
File C:\Windows\$NtUninstallKB37014$\3634874217 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489\L 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489\U 0 bytes
---- EOF - GMER 1.0.15 ----
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Welch at 23:35:54 on 2011-12-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1186 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Common Files\supportsoft\bin\bcont.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Users\Welch\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53172
BHO: AutorunsDisabled - No File
BHO: Canon Easy-WebPrint EX BHO - No File
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\welch\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~2.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\egrabber\addressgrabber business 2010\InternetAddress.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{1F580317-1C55-40BC-BE99-23BD28E176D9} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}\D4966496233373230253633303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A08A42F6-2480-4698-B1CD-BA35177C272B} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A08A42F6-2480-4698-B1CD-BA35177C272B}\2375942554235393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A8D10DF4-D8AD-42D1-9E93-EDF8AE3FD0EE} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C3AEE420-1FF5-42AC-A7A3-691E806C986A} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-3-29 21728]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-5 164048]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl1e3c35cb;MpKsl1e3c35cb;c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\MpKsl1e3c35cb.sys [2011-12-22 29904]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-5 51792]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-10-22 5424504]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2010-4-30 3795560]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-6 2222376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-3-29 699896]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-14 65536]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2009-7-13 20992]
S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2011-3-29 272864]
S3 2WXG7053;2W 802.11g XG705 SP3 Driver;c:\windows\system32\drivers\wlanUIG.sys [2007-4-24 358304]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-3-27 857600]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 135664]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-23 04:10:56 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\MpKsl1e3c35cb.sys
2011-12-23 04:10:27 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\offreg.dll
2011-12-23 02:34:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 02:32:08 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1abc2fd0-c57a-4d7b-b07a-2137acc1186e}\gapaengine.dll
2011-12-23 02:32:03 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\mpengine.dll
2011-12-23 02:31:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-22 02:44:47 -------- d-----w- c:\program files\WOT
2011-12-14 03:02:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 03:02:53 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 03:02:50 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:02:50 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-06 12:15:18 277504 ----a-w- c:\windows\system32\CNMLMA7.DLL
2011-12-06 12:14:48 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2011-12-06 12:14:48 110592 ----a-w- c:\windows\system32\CNC870I.dll
2011-12-06 12:14:48 102400 ----a-w- c:\windows\system32\CNC870U.dll
2011-12-01 03:28:22 -------- d-----w- c:\users\welch\appdata\local\PhotoChannel
2011-11-30 22:55:29 -------- d-----w- c:\users\welch\appdata\local\WMTools Downloaded Files
2011-11-30 22:45:04 -------- d-----w- c:\program files\Movie Maker 2.6
2011-11-30 00:40:58 -------- d-----w- c:\users\welch\appdata\local\{44EC752A-6758-4570-AD3D-1EE973CF2685}
2011-11-30 00:40:48 -------- d-----w- c:\users\welch\appdata\local\{5E933785-29B1-4B2B-B665-51EDC1AA3982}
2011-11-30 00:32:44 -------- d-----w- c:\users\welch\appdata\local\{6A718644-F11C-49A6-BB32-8168ECECCA8E}
2011-11-24 10:47:15 -------- d-----w- c:\users\welch\appdata\roaming\IPNycA1uv2b4
2011-11-24 10:47:15 -------- d-----w- c:\users\welch\appdata\roaming\dmG5sQJ6dKfZhXj
2011-11-24 10:44:01 -------- d-----w- c:\users\welch\appdata\roaming\YbF4pmG5sJdKfZh
2011-11-24 10:44:01 -------- d-----w- c:\users\welch\appdata\roaming\eXwjUCelIrPyAuS
2011-11-24 10:43:50 -------- d-----w- c:\users\welch\appdata\roaming\WhYXwjUVtPyAu24
2011-11-24 10:43:49 -------- d-----w- c:\users\welch\appdata\roaming\kamH6sWJ7E8TqYw
.
==================== Find3M ====================
.
2011-12-05 17:56:26 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 12:27:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 23:36:25.83 ===============
http://answers.microsoft.com/en-us/...firewall/ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee
Once I got firewall and BFE to reappear after a reset I got errors for those to start and my internet stopped working. Here are my logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122301
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/22/2011 11:19:42 PM
mbam-log-2011-12-22 (23-19-42).txt
Scan type: Quick scan
Objects scanned: 205241
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Gmer
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-22 23:35:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200KS-75PFB0 rev.21.00M21
Running: qmrrckbj.exe; Driver: C:\Users\Welch\AppData\Local\Temp\fgloqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C45369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 004011D1 42 Bytes [C4, 08, 5D, C3, CC, CC, CC, ...]
.text autochk.exe 004011FC 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401202 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text autochk.exe 0040122C 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401232 47 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\MediaMall\MediaMallServer.exe[1032] KERNEL32.dll!GetFileAttributesExW 75CF307E 6 Bytes JMP 71A90F5A
.text C:\Program Files\MediaMall\MediaMallServer.exe[1032] KERNEL32.dll!GetModuleFileNameW 75CFEF35 6 Bytes JMP 71AF0F5A
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB28521$\3558784311 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\@ 2048 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\bckfg.tmp 814 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\keywords 219 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\L 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\L\xadqgnnk 338944 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U 0 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB28521$\411072489\U\80000032.@ 97792 bytes
File C:\Windows\$NtUninstallKB37014$\3634874217 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489\L 0 bytes
File C:\Windows\$NtUninstallKB37014$\411072489\U 0 bytes
---- EOF - GMER 1.0.15 ----
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Welch at 23:35:54 on 2011-12-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1186 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Common Files\supportsoft\bin\bcont.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Users\Welch\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53172
BHO: AutorunsDisabled - No File
BHO: Canon Easy-WebPrint EX BHO - No File
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\welch\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\welch\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~2.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {90A81828-92DB-400e-AECD-78C540F5EB49} - c:\program files\egrabber\addressgrabber business 2010\InternetAddress.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{1F580317-1C55-40BC-BE99-23BD28E176D9} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{48C9BFA9-EF0D-4489-934E-C8C8E54983BD}\D4966496233373230253633303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A08A42F6-2480-4698-B1CD-BA35177C272B} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A08A42F6-2480-4698-B1CD-BA35177C272B}\2375942554235393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A8D10DF4-D8AD-42D1-9E93-EDF8AE3FD0EE} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C3AEE420-1FF5-42AC-A7A3-691E806C986A} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-3-29 21728]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-5 164048]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl1e3c35cb;MpKsl1e3c35cb;c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\MpKsl1e3c35cb.sys [2011-12-22 29904]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-5 51792]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2011-10-22 5424504]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2010-4-30 3795560]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-6 2222376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-3-29 699896]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-14 65536]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2009-7-13 20992]
S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2011-3-29 272864]
S3 2WXG7053;2W 802.11g XG705 SP3 Driver;c:\windows\system32\drivers\wlanUIG.sys [2007-4-24 358304]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-3-27 857600]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 135664]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-23 04:10:56 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\MpKsl1e3c35cb.sys
2011-12-23 04:10:27 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\offreg.dll
2011-12-23 02:34:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 02:32:08 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1abc2fd0-c57a-4d7b-b07a-2137acc1186e}\gapaengine.dll
2011-12-23 02:32:03 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48356ec5-2bf8-4339-8230-c8e086a7eb36}\mpengine.dll
2011-12-23 02:31:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-22 02:44:47 -------- d-----w- c:\program files\WOT
2011-12-14 03:02:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 03:02:53 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 03:02:50 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 03:02:50 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-06 12:15:18 277504 ----a-w- c:\windows\system32\CNMLMA7.DLL
2011-12-06 12:14:48 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2011-12-06 12:14:48 110592 ----a-w- c:\windows\system32\CNC870I.dll
2011-12-06 12:14:48 102400 ----a-w- c:\windows\system32\CNC870U.dll
2011-12-01 03:28:22 -------- d-----w- c:\users\welch\appdata\local\PhotoChannel
2011-11-30 22:55:29 -------- d-----w- c:\users\welch\appdata\local\WMTools Downloaded Files
2011-11-30 22:45:04 -------- d-----w- c:\program files\Movie Maker 2.6
2011-11-30 00:40:58 -------- d-----w- c:\users\welch\appdata\local\{44EC752A-6758-4570-AD3D-1EE973CF2685}
2011-11-30 00:40:48 -------- d-----w- c:\users\welch\appdata\local\{5E933785-29B1-4B2B-B665-51EDC1AA3982}
2011-11-30 00:32:44 -------- d-----w- c:\users\welch\appdata\local\{6A718644-F11C-49A6-BB32-8168ECECCA8E}
2011-11-24 10:47:15 -------- d-----w- c:\users\welch\appdata\roaming\IPNycA1uv2b4
2011-11-24 10:47:15 -------- d-----w- c:\users\welch\appdata\roaming\dmG5sQJ6dKfZhXj
2011-11-24 10:44:01 -------- d-----w- c:\users\welch\appdata\roaming\YbF4pmG5sJdKfZh
2011-11-24 10:44:01 -------- d-----w- c:\users\welch\appdata\roaming\eXwjUCelIrPyAuS
2011-11-24 10:43:50 -------- d-----w- c:\users\welch\appdata\roaming\WhYXwjUVtPyAu24
2011-11-24 10:43:49 -------- d-----w- c:\users\welch\appdata\roaming\kamH6sWJ7E8TqYw
.
==================== Find3M ====================
.
2011-12-05 17:56:26 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 12:27:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 23:36:25.83 ===============