Jump to content

jeroenp

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jeroenp
    This seems to be resolved though I'm still having a feeling I don't have the full answer to the cause. Please see the additional information in the Avast! forum thread: http://forum.avast.com/index.php?topic=93431.0 If anyone has additional info on how to dig deeper into this, please let me know. --jeroen
  2. jeroenp
    <p>This is the aswMBR log:</p> <p> </p> <p> </p> <div>aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software</div> <div>Run date: 2012-02-15 23:26:56</div> <div>-----------------------------</div> <div>23:26:56.223 OS Version: Windows x64 6.1.7601 Service Pack 1</div> <div>23:26:56.223 Number of processors: 8 586 0x1E05</div> <div>23:26:56.224 ComputerName: W701UJPL UserName: jeroenp</div> <div>23:26:57.565 Initialize success</div> <div>23:27:00.495 AVAST engine defs: 12021501</div> <div>23:27:31.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0</div> <div>23:27:31.673 Disk 0 Vendor: INTEL_SS 4PC1 Size: 572325MB BusType: 3</div> <div>23:27:31.676 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1</div> <div>23:27:31.679 Disk 1 Vendor: SAMSUNG_ 2AM1 Size: 953869MB BusType: 3</div> <div>23:27:31.684 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2</div> <div>23:27:31.688 Disk 2 Vendor: INTEL_SS 4PC1 Size: 572325MB BusType: 3</div> <div>23:27:31.695 Disk 3 \Device\Harddisk3\SR0 -> \Device\SdBus-0</div> <div>23:27:31.699 Disk 3 Vendor: ( Size: 1964MB BusType: 12</div> <div>23:27:31.705 Disk 4 \Device\Harddisk4\DR3 -> \Device\Scsi\JMCF1Port1Path0Target0Lun0</div> <div>23:27:31.710 Disk 4 Vendor: JMCR____ Size: 30559MB BusType: 1</div> <div>23:27:31.717 Disk 0 MBR read successfully</div> <div>23:27:31.723 Disk 0 MBR scan</div> <div>23:27:31.729 Disk 0 Windows 7 default MBR code</div> <div>23:27:31.737 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048</div> <div>23:27:31.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 572222 MB offset 206848</div> <div>23:27:31.751 Service scanning</div> <div>23:27:32.208 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32</div> <div>23:27:32.797 Modules scanning</div> <div>23:27:32.804 Disk 0 trace - called modules:</div> <div>23:27:32.813 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys spjf.sys hal.dll </div> <div>23:27:32.819 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ded9790]</div> <div>23:27:32.827 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800dc59480]</div> <div>23:27:32.834 5 ACPI.sys[fffff8800118a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800dc58050]</div> <div>23:27:34.056 AVAST engine scan C:\Windows</div> <div>23:27:35.290 AVAST engine scan C:\Windows\system32</div> <div>23:28:23.890 AVAST engine scan C:\Windows\system32\drivers</div> <div>23:28:29.969 AVAST engine scan C:\Users\jeroenp</div> <div>23:29:08.381 AVAST engine scan C:\ProgramData</div> <div>23:29:14.179 Scan finished successfully</div> <div>23:31:53.384 Disk 0 MBR has been saved successfully to "C:\Users\jeroenp\AppData\Local\Temp\MBR.dat"</div> <div>23:31:53.393 The log file has been saved successfully to "C:\Users\jeroenp\AppData\Local\Temp\aswMBR.txt"</div> <div> </div>
  3. jeroenp
    More info: - FireFox google search is fine (i.e. no webhp redirect). - Don't have the Google Search app in IE, but if I search through the Google.com page, search is fine as well (i.e. no webhp redirect).
  4. jeroenp
    Since a couple of days - I'm not completely sure which day - my Google chrome web search redirects to webhp. My Google Chrome settings are these {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q=%s I've run ComboFix (see the dump below). Because of ComboFix, I had to disable the scanners (Avast! Antivirus and Window Defender). Now comes the odd thing: if I *disable* Avast! Antivirus, then everything works fine. Avast is version 6.0.1367 with Engine version 120215-1. I will post the same info on the Avast forum. A few questions: - Is Avast hacked? - Do I have a rootkit? - What steps should I perform from now? Other machines that were in the same network don'd seem to suffer from this behaviour (yet?), but to be sure, I have moved this particular machine to a quarantined portion of the network. I will post the same info on the Avast forum. --jeroen ComboFix 12-02-15.01 - jeroenp 2012-02-15 19:03:37.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16316.13211 [GMT 1:00] Running from: c:\users\jeroenp\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 ))))))))))))))))))))))))))))))) . . 2012-02-15 18:07 . 2012-02-15 18:07 -------- d-----w- c:\users\nicolette\AppData\Local\temp 2012-02-15 18:07 . 2012-02-15 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-15 18:07 . 2012-02-15 18:07 -------- d-----w- c:\users\bluelink\AppData\Local\temp 2012-02-12 20:33 . 2012-02-12 20:33 -------- d-----w- c:\users\nicolette\AppData\Roaming\PwrMgr 2012-02-12 20:31 . 2012-02-12 20:33 -------- d-----w- c:\users\nicolette\AppData\Local\Htc 2012-02-12 20:31 . 2012-02-12 20:31 -------- d-----w- c:\users\nicolette\AppData\Roaming\HTC 2012-02-12 20:31 . 2012-02-12 20:31 -------- d-----w- c:\users\nicolette\AppData\Roaming\Intel Corporation 2012-02-12 20:31 . 2012-02-12 20:31 -------- d-----w- c:\users\nicolette\AppData\Local\Broadcom 2012-02-11 01:37 . 2012-02-11 01:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7215903A-B452-4166-9913-B6054A392A14}\offreg.dll 2012-02-10 08:56 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7215903A-B452-4166-9913-B6054A392A14}\mpengine.dll 2012-02-09 12:11 . 2012-02-09 12:11 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-02-09 12:07 . 2012-02-09 12:07 -------- d-----w- C:\DRIVERS 2012-02-09 11:59 . 2012-02-09 11:59 -------- d-----w- c:\program files\Common Files\SPBA 2012-02-09 11:59 . 2012-02-09 11:59 -------- d-----w- c:\program files (x86)\Common Files\SPBA 2012-02-09 11:59 . 2012-02-09 12:01 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software 2012-02-09 11:12 . 2012-02-09 11:12 -------- d-----w- c:\programdata\Lenovo 2012-02-03 14:26 . 2012-02-03 14:26 -------- d-----w- c:\program files (x86)\WinDirStat 2012-02-03 14:07 . 2012-02-03 14:07 -------- d-----w- c:\program files\Common Files\Lenovo 2012-02-03 14:07 . 2012-02-03 14:07 -------- d-----w- c:\program files (x86)\Common Files\Lenovo 2012-02-03 14:06 . 2011-08-11 10:20 45928 ----a-w- c:\windows\system32\ibmpmsvc.exe 2012-02-03 14:06 . 2011-08-11 10:20 39024 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys 2012-02-03 14:06 . 2011-08-11 10:20 38760 ----a-w- c:\windows\system32\tpinspm.dll 2012-02-03 14:05 . 2011-09-30 17:16 393264 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-02-03 14:05 . 2011-09-30 17:14 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll 2012-02-03 14:05 . 2011-09-30 17:14 226600 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-02-03 14:05 . 2011-09-30 17:14 148264 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-02-03 14:05 . 2011-09-30 17:14 276776 ----a-w- c:\windows\system32\SynCtrl.dll 2012-02-03 14:05 . 2011-09-30 17:14 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll 2012-02-03 14:05 . 2011-09-30 17:14 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll 2012-02-03 14:05 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin 2012-02-03 14:05 . 2012-02-03 14:05 -------- d-----w- c:\program files (x86)\Cisco 2012-01-22 16:55 . 2012-01-22 16:55 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-22 16:55 . 2012-01-22 16:55 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-01-22 16:55 . 2012-01-22 16:55 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-22 16:55 . 2012-01-22 16:55 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-22 10:48 . 2012-01-22 10:48 -------- d-----w- c:\program files (x86)\Gigaset QuickSync 2012-01-21 09:23 . 2012-01-21 09:23 -------- d-----w- c:\program files (x86)\Bitcricket 2012-01-20 08:05 . 2012-01-20 08:05 -------- d-----w- c:\program files\VMware 2012-01-19 20:14 . 2012-01-19 20:14 -------- d-----w- c:\users\jeroenp\AppData\Roaming\CheckPoint 2012-01-19 09:29 . 2011-09-07 17:43 48240 ----a-w- c:\windows\system32\drivers\vmwvusb.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 08:39 . 2011-07-21 10:37 84992 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-01-26 23:52 . 2010-03-04 20:29 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-20 08:03 . 2011-06-20 08:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-01 02:05 . 2011-08-04 12:16 527424 ------w- c:\windows\PWMBTHLV.EXE 2011-12-01 02:05 . 2011-08-04 12:16 31344 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS 2011-12-01 02:05 . 2011-08-04 12:16 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS 2011-12-01 02:05 . 2011-08-04 12:16 1036352 ----a-w- c:\windows\system32\PWMCP64V.cpl 2011-11-28 18:01 . 2010-11-02 11:59 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-11-02 11:59 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-11-28 18:01 . 2011-02-20 22:58 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:54 . 2011-04-11 21:07 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-11-02 12:01 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-11-02 12:01 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-11-02 12:01 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-11-02 12:01 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-28 17:51 . 2010-11-02 12:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-24 16:28 . 2011-11-24 16:28 794112 ----a-w- c:\windows\system32\Gqstsp.tsp 2011-11-24 16:22 . 2011-11-24 16:22 495616 ----a-w- c:\windows\SysWow64\Gqstsp.tsp 2011-11-24 04:52 . 2011-12-15 08:21 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 14:58 . 2012-01-12 07:40 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-12 07:40 67072 ----a-w- c:\windows\SysWow64\packager.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "HotSwap! Applet"="c:\bin\HotSwap!64.EXE" [2009-01-10 95232] "HotSwap! Applet"="c:\bin\HotSwap!64.EXE" [2009-01-10 103936] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-31 63856] "Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400] "Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112] "FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "MyPoi Monitor"="c:\program files (x86)\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" [2010-05-10 2186488] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808] "InputDirector"="c:\program files (x86)\Input Director\InputDirector.exe" [2011-06-23 589824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] . c:\users\nicolette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jeroenp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\users\jeroenp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jeroenp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] KillSkypeHome.lnk - c:\bin\KillSkypeHome.exe [2011-9-8 304252] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-4-11 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) "LocalAccountTokenFilterPolicy"= 1 (0x1) "SoftwareSASGeneration"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer7"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176] R2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2011-06-23 36864] R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] R3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\SysWOW64\drivers\bmdrvr.sys [2009-04-17 34864] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056] R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2010-07-21 13824] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2010-12-01 357904] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-17 378472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400] S2 VeeamBackupService.exe;Veeam Backup and FastSCP Service;c:\program files (x86)\Veeam\Veeam Backup and FastSCP\VeeamBackupService.exe [2010-01-28 28672] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448] S2 vmware-converter-agent;VMware vCenter Converter Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2009-04-17 428592] S2 vmware-converter-server;VMware vCenter Converter Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2009-04-17 428592] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x] S2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys [2009-04-17 32816] S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-09-07 494192] S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-09-07 1125488] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 JMCF;JMCF;c:\windows\system32\DRIVERS\jmcf.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x] S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PROCEXP150 *Deregistered* - PROCEXP150 . Contents of the 'Scheduled Tasks' folder . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 18:50] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 18:50] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559922807-3192264508-2838444725-1000Core.job - c:\users\jeroenp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 22:41] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559922807-3192264508-2838444725-1000UA.job - c:\users\jeroenp\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 22:41] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559922807-3192264508-2838444725-1011Core.job - c:\users\nicolette\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:30] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559922807-3192264508-2838444725-1011UA.job - c:\users\nicolette\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 18:30] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\jeroenp\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-26 119664] "Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808] "Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248] "VX6000"="c:\windows\vVX6000.exe" [2009-06-30 764256] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "TpShocks"="TpShocks.exe" [2011-03-29 380776] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768] "ThinkPadDisplayUtility"="c:\program files\Lenovo\DISPUTIL\tplcdclr.exe" [2009-10-28 86376] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\vsocklib.dll TCP: DhcpNameServer = 192.168.171.1 62.179.104.196 213.46.228.196 DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://enter.ing.net/SNX/CSHELL/extender.cab FF - ProfilePath - c:\users\jeroenp\AppData\Roaming\Mozilla\Firefox\Profiles\hns8m6u5.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-02-15 19:08:49 ComboFix-quarantined-files.txt 2012-02-15 18:08 ComboFix2.txt 2012-02-15 17:52 . Pre-Run: 84,483,248,128 bytes free Post-Run: 84,404,576,256 bytes free . - - End Of File - - 261A61B51CDD4BD280D1843B5333DC15 log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.