bkamps
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by bkamps
-
Google redirect and Firewall disabled
bkamps replied to bkamps's topic in Resolved Malware Removal Logs
Thank you, computer is running great! -
Google redirect and Firewall disabled
bkamps replied to bkamps's topic in Resolved Malware Removal Logs
Most of the Start Menu programs are still missing but I can deal with that , I am still having the delay/ freezing when I open the internet or Outlook but it is not as bad as before. Thank you so much for your help. -
Google redirect and Firewall disabled
bkamps replied to bkamps's topic in Resolved Malware Removal Logs
As of now it seems like the Re-direct has been eliminated but when I initially open my Outlook or Internet Explorer it will freeze up and sometimes open two windows and eventually they will load and merge back into one window. Also my start menu has been purged of all the programs, is there anyway to restore these ? Attached is the combofix log. Thank you in advance! ComboFix 11-06-26.02 - brendankamps 06/27/2011 8:28.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1480 [GMT -4:00] Running from: c:\documents and settings\brendankamps\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\jestertb.dll c:\windows\win32 c:\windows\winhelp.ini . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-23 15:51 . 2011-06-23 15:51 -------- d--h--w- c:\windows\PIF 2011-06-23 12:49 . 2011-06-23 12:49 -------- d-----w- c:\documents and settings\brendankamps\Application Data\AVG10 2011-06-23 12:38 . 2011-06-23 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-06-23 12:35 . 2011-06-23 12:35 -------- d-----w- c:\documents and settings\brendankamps\Application Data\QuickScan 2011-06-23 12:23 . 2011-06-23 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-06-22 18:22 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 18:22 . 2011-06-22 18:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-22 18:04 . 2011-06-22 18:04 -------- d-----w- c:\program files\CCleaner 2011-06-21 13:43 . 2011-06-21 13:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-21 13:40 . 2011-06-21 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-06-20 14:29 . 2011-06-20 14:29 49480 ----a-w- c:\windows\system32\FwsVpn.dll 2011-06-20 14:29 . 2011-06-20 14:29 107848 ----a-w- c:\windows\system32\SymVPN.dll 2011-06-20 14:29 . 2011-06-20 14:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2011-06-20 14:28 . 2011-06-20 14:28 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys 2011-06-20 14:28 . 2011-06-20 14:28 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys 2011-06-20 13:30 . 2011-06-20 13:30 -------- d-----w- c:\documents and settings\brendankamps\Application Data\Malwarebytes 2011-06-20 13:29 . 2011-06-20 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-20 13:02 . 2011-06-20 13:02 -------- d-----w- c:\documents and settings\brendankamps\Application Data\SPE 2011-06-20 12:46 . 2011-06-20 12:38 -------- d-----w- c:\documents and settings\brendankamps\Application Data\Apple Computer 2011-06-20 12:37 . 2011-06-20 12:37 -------- d-----w- C:\found.000 2011-06-02 14:43 . 2003-05-15 06:01 133376 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-05-31 13:43 . 2011-05-31 13:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-21 14:36 . 2010-09-01 18:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-06-21 14:36 . 2010-09-01 18:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-05-10 12:11 . 2011-05-10 12:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-04-18 14:34 . 2011-04-18 14:33 1409 ----a-w- c:\windows\QTFont.for 2011-04-18 14:34 . 2011-04-18 14:34 1409 ----a-w- c:\windows\system32\tmpEA590.FOT 2011-04-18 14:34 . 2011-04-18 14:34 1409 ----a-w- c:\windows\system32\tmpA3690.FOT 2011-04-18 14:34 . 2011-04-18 14:34 1409 ----a-w- c:\windows\system32\tmp3E490.FOT 2011-04-14 09:07 . 2011-03-24 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40 . 2010-04-16 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-16 04:17 . 2011-06-23 13:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-27 178712] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-20 115560] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4088394130-1642059860-2787334958-1149\Scripts\Logon\0\0] "Script"=logon.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4088394130-1642059860-2787334958-1161\Scripts\Logon\0\0] "Script"=logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168] R2 KaseyaAVService;Kaseya Security Service;c:\program files\Protek\Agent\KasAVSrv.exe [5/21/2010 11:15 AM 221184] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 7:45 AM 105592] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2011 11:46 AM 136176] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [9/1/2010 1:48 PM 23888] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/22/2011 2:22 PM 39984] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 15:46] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 15:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s Trusted Zone: live.com Trusted Zone: live.com\login TCP: DhcpNameServer = 192.168.1.2 192.168.1.1 FF - ProfilePath - c:\documents and settings\brendankamps\Application Data\Mozilla\Firefox\Profiles\1ol08ubw.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Notify-TPSvc - TPSvc.dll SafeBoot-Symantec Antvirus . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-27 08:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-06-27 08:34:16 ComboFix-quarantined-files.txt 2011-06-27 12:34 . Pre-Run: 52,097,077,248 bytes free Post-Run: 52,049,006,592 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - BEE9F0AA4C7AD95E188E6B0751E4721D -
Google redirect and Firewall disabled
bkamps replied to bkamps's topic in Resolved Malware Removal Logs
I ran ATF cleaner as well as GooredFix but when i extract tdsskiller and try to run it. It will not open , here is the copy of the GooredFix log . Any ideas for what I should do next? Thank you for all your help! GooredFix by jpshortstuff (03.07.10.1) Log created at 07:43 on 27/06/2011 (brendankamps) Firefox version 5.0 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [13:29 23/06/2011] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:12 18/08/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:34 16/04/2010] -=E.O.F=- -
Recently I have been struck down by some issues with my PC, first it started with my firewall being disabled and locked so it could not be turned on but this happens at random, most of the time it is working fine. Also all my links have been redirected to random websites. See my most recent MBAM log and the DDS.txt below as per the "i'm infected" thread. Any help at all will be greatly appreciated! Regards, Brendan K. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6926 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/23/2011 10:31:35 AM mbam-log-2011-06-23 (10-31-35).txt Scan type: Quick scan Objects scanned: 290325 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by brendankamps at 12:16:03 on 2011-06-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1061 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Protek\Agent\KasAVSrv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uStart Page = hxxp://www.google.ca/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjU5OTc4MDEyLUJBKzEtS1YzKzctVDUtRERUKzAtRkwxMCsx"&"prod=90"&"ver=10.0.1382 uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) mPolicies-system: RunStartupScriptSync = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: live.com Trusted Zone: live.com\login DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304686789677 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.2 192.168.1.1 TCP: Interfaces\{3E981CF1-E889-48E5-AF9C-F075A31637DC} : DhcpNameServer = 192.168.1.2 192.168.1.1 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks enterprise solutions 9.0\HelpAsyncPluggableProtocol.dll Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll Notify: igfxcui - igfxdev.dll Notify: TPSvc - TPSvc.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\brendankamps\application data\mozilla\firefox\profiles\1ol08ubw.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-20 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-20 108392] R2 KaseyaAVService;Kaseya Security Service;c:\program files\protek\agent\KasAVSrv.exe [2010-5-21 221184] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-6-20 1775344] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110622.052\NAVENG.SYS [2011-6-23 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110622.052\NAVEX15.SYS [2011-6-23 1542392] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?] R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?] R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?] R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?] R4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-7 136176] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-9-1 23888] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-22 39984] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?] . =============== Created Last 30 ================ . 2011-06-23 15:51:19 -------- d--h--w- c:\windows\PIF 2011-06-23 12:49:49 -------- d-----w- c:\documents and settings\brendankamps\application data\AVG10 2011-06-23 12:38:37 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-06-23 12:35:50 -------- d-----w- c:\documents and settings\brendankamps\application data\QuickScan 2011-06-23 12:23:06 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-06-22 18:22:18 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 18:22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-22 18:04:43 -------- d-----w- c:\program files\CCleaner 2011-06-21 13:43:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-20 14:29:01 49480 ----a-w- c:\windows\system32\FwsVpn.dll 2011-06-20 14:29:01 107848 ----a-w- c:\windows\system32\SymVPN.dll 2011-06-20 14:29:00 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2011-06-20 14:28:59 320560 ----a-w- c:\windows\system32\drivers\srtspl.sys 2011-06-20 14:28:59 281648 ----a-w- c:\windows\system32\drivers\srtsp.sys 2011-06-20 13:30:09 -------- d-----w- c:\documents and settings\brendankamps\application data\Malwarebytes 2011-06-20 13:29:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-20 13:02:48 -------- d-----w- c:\documents and settings\brendankamps\application data\SPE 2011-06-20 12:37:44 -------- d-sh--w- C:\found.000 2011-06-02 14:43:18 133376 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-05-31 13:43:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-06-21 14:36:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-06-21 14:36:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-05-10 12:11:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2011-04-18 14:34:04 1409 ----a-w- c:\windows\QTFont.for 2011-04-18 14:34:01 1409 ----a-w- c:\windows\system32\tmpEA590.FOT 2011-04-18 14:34:01 1409 ----a-w- c:\windows\system32\tmpA3690.FOT 2011-04-18 14:34:00 1409 ----a-w- c:\windows\system32\tmp3E490.FOT 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 12:16:39.41 =============== attach.zip