Jump to content

Infected - Ping.exe and other issues


Recommended Posts

Dear Madam/Sir,

It all started yesterday (sunday) around noon as I was downloading a torrent with Azureus (yes i know..). i got the commonplace fake Anti-Virus pop-ups whish was showing up as vik.exe in task manager. It was blocking AVG and Spybot S&D, but Malwarebytes was able to run and indeed seemed to neutralize the vik.exe threat. The one thing I did notice as I went to reboot my computer was that the machine never totally shut itself down. It stopped sending any kind of signal to the monitor and appeared to cease functioning but the light and fans stayed on until I held the power button down long enough for the computer to power down. This problem has persisted since it first appeared every time I've gone to shut down. After having gotten rid of vik.exe and realizing that ping.exe was still hangingin around I attempted to run another scan and after that subsequent scan didn't do anything, I decided to purchase the full version of Malwarebytes in case it might be more comprehensive that the free version. Just to be sure, I uninstalled before re-installing, but even since I re-installed, it freezes up within a few minutes of starting a scan such that its status is "not responding" in task manager. As you can see, my problem is mutli-fold, but with some time, patience, and help, I look forward to resoloving my issues. Thanks

dds.txt

attach.txt

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Hey,

Thanks for the response and sorry for not following up! After several days of having not received any replies, I realized that the problem is exactly what you mentioned. Since I assumed the thread would thus be dead as well as having been pretty busy with the holidays, I figured I would come back to the forums when I had time and just post a new topic.

Since you responded though, I suppose I will hold off and follow your instructions instead. will post logs asap.

Thanks again!

Link to post
Share on other sites

I failed to mention that i reinstalled MBAM again, and since having done so, it has run just fine. Here are the logs you requested.

MBAM log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.03.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Theo :: TWO-FACE [administrator]

1/6/2012 1:21:19 PM

mbam-log-2012-01-06 (13-21-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 318010

Time elapsed: 23 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_27

Run by Theo at 13:45:05 on 2012-01-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1102 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\acs.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\V0610Mon.exe

C:\WINDOWS\system32\DeltTray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe

C:\Program Files\TruDirect\TruDirectTray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\documents and settings\theo\application data\complitly\Complitly.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Aim6]

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\documents and settings\theo\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [soundMan] SOUNDMAN.EXE

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [Live! Central 2] "c:\program files\creative\creative live! cam\live! central 2\CTLVCentral2.exe" /mode2

mRun: [V0610Mon.exe] c:\windows\V0610Mon.exe

mRun: [DeltTray] DeltTray.exe

mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [CTxfiHlp] CTXFIHLP.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\108mbp~1.lnk - c:\program files\108mbps wireless lan adapter\WLANPRO.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\reg.lnk - c:\program files\108mbps wireless lan adapter\Reg.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: NecUsb3Sevice - USB3Nw32.dll

Notify: USB3Nw32 - USB3Nw32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\theo\application data\mozilla\firefox\profiles\cx3isd22.default\

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\theo\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\theo\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-4-3 16384]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-7 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-7 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-2 243152]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-27 2253120]

R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2011-3-25 2784768]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-10-4 66944]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-21 24652]

R3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [2010-7-7 1811288]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-3-6 198232]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-6 1353304]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-6 73816]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-3-6 1227352]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-19 119656]

S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2004-8-4 14336]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-6 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-1-11 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-3-6 198232]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-12 143936]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-6 1353304]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-6 73816]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [2011-1-12 274624]

.

=============== Created Last 30 ================

.

2011-12-19 23:42:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-19 23:42:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-12-17 16:31:30 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-17 16:31:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-10-25 23:42:00 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-10-25 23:42:00 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-25 23:41:56 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-10-13 00:35:59 0 ---ha-w- c:\documents and settings\theo\yekenpygks.tmp

2011-10-12 19:19:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 13:45:52.01 ===============

do you need the attach.txt also?

Thank you!

Link to post
Share on other sites

I followed the instructions to disable AVG, but when i go to run ComboFix it says AVG is still active. should I ignore this? I have many instances of different AVG processes running in task manager, which led me to believe maybe that's why combofix says AVG is still active, so I tried to kill them all, but was they would either not go away or just come right back. So I thought I would just uninstall AVG to be sure, and just reinstall it later, but the uninstall failed stating that the:

"Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....

Access is denied."

Link to post
Share on other sites

since I didn't receive a response, i just went ahead and ran ComboFix anyway. here is the log:

ComboFix 12-01-10.02 - Theo 01/11/2012 17:50:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1610 [GMT -5:00]

Running from: c:\documents and settings\Theo\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\k19iv6am.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\k19iv6am.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome.manifest

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\k19iv6am.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome\xulcache.jar

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\k19iv6am.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\defaults\preferences\xulcache.js

c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\k19iv6am.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\install.rdf

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome.manifest

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome\xulcache.jar

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\defaults\preferences\xulcache.js

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\install.rdf

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\n5vzovzx.Theo\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\n5vzovzx.Theo\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome.manifest

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\n5vzovzx.Theo\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome\xulcache.jar

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\n5vzovzx.Theo\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\defaults\preferences\xulcache.js

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\n5vzovzx.Theo\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\install.rdf

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\zycc5p9z.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\zycc5p9z.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome.manifest

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\zycc5p9z.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\chrome\xulcache.jar

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\zycc5p9z.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\defaults\preferences\xulcache.js

c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\zycc5p9z.default\extensions\{5fa0a2f2-3f4e-4fbc-a7ae-d9989a56a986}\install.rdf

c:\documents and settings\Theo\yekenpygks.tmp

C:\install.exe

c:\windows\$NtUninstallKB6408$\1993220297

c:\windows\$NtUninstallKB6408$\4222673592\@

c:\windows\$NtUninstallKB6408$\4222673592\bckfg.tmp

c:\windows\$NtUninstallKB6408$\4222673592\cfg.ini

c:\windows\$NtUninstallKB6408$\4222673592\Desktop.ini

c:\windows\$NtUninstallKB6408$\4222673592\keywords

c:\windows\$NtUninstallKB6408$\4222673592\kwrd.dll

c:\windows\$NtUninstallKB6408$\4222673592\L\zdqmytvl

c:\windows\$NtUninstallKB6408$\4222673592\lsflt7.ver

c:\windows\$NtUninstallKB6408$\4222673592\U\00000001.@

c:\windows\$NtUninstallKB6408$\4222673592\U\00000002.@

c:\windows\$NtUninstallKB6408$\4222673592\U\00000004.@

c:\windows\$NtUninstallKB6408$\4222673592\U\80000000.@

c:\windows\$NtUninstallKB6408$\4222673592\U\80000004.@

c:\windows\$NtUninstallKB6408$\4222673592\U\80000032.@

c:\windows\system32\SET94.tmp

c:\windows\system32\tmpA9.tmp

c:\windows\system32\tmpAA.tmp

c:\windows\$NtUninstallKB6408$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))

.

.

2011-12-24 17:46 . 2011-12-24 17:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Stardock

2011-12-24 17:46 . 2011-12-24 17:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Stardock

2011-12-19 23:42 . 2012-01-04 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-19 23:42 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-18 01:09 . 2011-12-18 01:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla

2011-12-16 22:09 . 2011-12-18 00:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit

2011-12-16 22:09 . 2011-12-18 00:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Vuze_Remote

2011-12-16 22:09 . 2011-12-18 00:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\vshare.tv_Bar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 16:31 . 2010-03-06 06:07 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-17 16:31 . 2005-07-26 11:02 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-11-10 14:49 . 2011-05-25 13:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-08-28 426140]

"V0610Mon.exe"="c:\windows\V0610Mon.exe" [2009-08-06 24576]

"DeltTray"="DeltTray.exe" [2004-08-27 56320]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

108Mbps Wireless LAN Adapter Configuration Utility.lnk - c:\program files\108Mbps Wireless LAN Adapter\WLANPRO.exe [2008-8-11 2678784]

Reg.lnk - c:\program files\108Mbps Wireless LAN Adapter\Reg.exe [2008-8-11 24576]

TruDirectTray.lnk - c:\program files\TruDirect\TruDirectTray.exe [2008-2-18 421888]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 13:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16561\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Documents and Settings\\Theo\\Local Settings\\Apps\\2.0\\N88RJ1BE.W1J\\NRCZAXTT.8HW\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

.

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/3/2011 6:37 PM 16384]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2008 1:04 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2010 9:53 PM 243152]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:07 AM 308136]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]

R2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [3/25/2011 4:17 AM 2784768]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [10/4/2011 10:44 PM 66944]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/21/2008 10:18 AM 24652]

R3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [7/7/2010 10:15 PM 1811288]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [3/6/2010 1:07 AM 198232]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [3/6/2010 1:07 AM 1353304]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [3/6/2010 1:07 AM 73816]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [3/6/2010 1:07 AM 1227352]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/19/2010 8:21 PM 119656]

S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [8/4/2004 7:00 AM 14336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/27/2011 5:49 PM 2253120]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/6/2010 1:05 AM 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [1/11/2011 2:56 PM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [3/6/2010 1:07 AM 198232]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/12/2011 2:08 AM 143936]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [3/6/2010 1:07 AM 1353304]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [3/6/2010 1:07 AM 73816]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [1/12/2011 2:10 AM 274624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsbSevice REG_MULTI_SZ NecUsb

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-113007714-1801674531-1003Core.job

- c:\documents and settings\Theo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 02:48]

.

2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-113007714-1801674531-1003UA.job

- c:\documents and settings\Theo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 02:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

HKCU-Run-Aim6 - (no file)

Notify-NecUsb3Sevice - USB3Nw32.dll

Notify-USB3Nw32 - USB3Nw32.dll

AddRemove-Aim Plugin for QQ Games - c:\program files\Tencent\QQ Games\Plugin\Uninstall.EXE

AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-11 18:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0a\06\1d\12\1b\1aË"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(508)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\acs.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\SOUNDMAN.EXE

c:\windows\SYSTEM32\CTXFISPI.EXE

c:\windows\system32\DeltTray.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\CTXFIHLP.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-01-11 18:55:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-11 23:55

.

Pre-Run: 273,196,679,168 bytes free

Post-Run: 277,509,349,376 bytes free

.

- - End Of File - - B9DD0FC74CA49F11F12F03A3D5F4E2C1

in addition to the different "stage" scans that ran, it seems i had a rootkit infection that seems to have left some other issues to work through. I wasn't able to restore my network connection simply by using the 'repair' feature and got the following error message:

Windows could not finish repairing the problem because the following action cannot be

completed: Renewing your IP address

When I try to bring up ipconfig, the window appears momentarily and then immediately disappears, so I was unable to renew my IP that way and I don't know how else to do it.

In addition my windows firewall seems to not work either. Its off, and when i try to turn it back on, i get the following message:

Windows firewall settings cannot be displayed because the associated service is not

running. Do you want to start the Windows FIrewall/Internet Connection Sharing (ICS)

service?

So I click on 'yes' and it tells me:

Cannot start the ICS

ok, thanks again

Link to post
Share on other sites

ok, was able to get that sooner than expected..

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_27

Run by Theo at 22:40:13 on 2012-01-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1031 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\acs.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\V0610Mon.exe

C:\WINDOWS\system32\DeltTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe

C:\Program Files\TruDirect\TruDirectTray.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [soundMan] SOUNDMAN.EXE

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [Live! Central 2] "c:\program files\creative\creative live! cam\live! central 2\CTLVCentral2.exe" /mode2

mRun: [V0610Mon.exe] c:\windows\V0610Mon.exe

mRun: [DeltTray] DeltTray.exe

mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [CTxfiHlp] CTXFIHLP.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\108mbp~1.lnk - c:\program files\108mbps wireless lan adapter\WLANPRO.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\reg.lnk - c:\program files\108mbps wireless lan adapter\Reg.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trudir~1.lnk - c:\program files\trudirect\TruDirectTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\theo\application data\mozilla\firefox\profiles\cx3isd22.default\

.

============= SERVICES / DRIVERS ===============

.

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-4-3 16384]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-7 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-7 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-2 243152]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2011-3-25 2784768]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-10-4 66944]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-21 24652]

R3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [2010-7-7 1811288]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-3-6 198232]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-6 1353304]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-6 73816]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-3-6 1227352]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-19 119656]

S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2004-8-4 14336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-27 2253120]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-6 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-1-11 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-3-6 198232]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-12 143936]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-3-6 1353304]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-3-6 73816]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [2011-1-12 274624]

.

=============== Created Last 30 ================

.

2012-01-11 22:28:14 -------- d-sha-r- C:\cmdcons

2012-01-11 22:26:11 98816 ----a-w- c:\windows\sed.exe

2012-01-11 22:26:11 518144 ----a-w- c:\windows\SWREG.exe

2012-01-11 22:26:11 256000 ----a-w- c:\windows\PEV.exe

2012-01-11 22:26:11 208896 ----a-w- c:\windows\MBR.exe

2011-12-19 23:42:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-19 23:42:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-12-17 16:31:30 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-17 16:31:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-10-25 23:42:00 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-10-25 23:42:00 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-10-25 23:41:56 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

.

============= FINISH: 22:40:39.48 ===============

thanks again. sorry i have problems following directions...

Link to post
Share on other sites

when you say a fresh copy, you mean i should download the executable again from http://www.bleepingc...to-use-combofix and then run it again? thats exactly what i did, though the fresh copy didnt seem any different that what i already had. i ran it, but nothing changed as far as the windows firewall, my IP and my internet connection. everything is still the same. here is the log:

ComboFix 12-01-16.05 - Theo 01/16/2012 21:37:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1109 [GMT -5:00]

Running from: I:\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))

.

.

2011-12-24 17:46 . 2011-12-24 17:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Stardock

2011-12-24 17:46 . 2011-12-24 17:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Stardock

2011-12-19 23:42 . 2012-01-04 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-19 23:42 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 16:31 . 2010-03-06 06:07 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-12-17 16:31 . 2005-07-26 11:02 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-11-10 14:49 . 2011-05-25 13:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-11_23.47.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-15 16:09 . 2012-01-15 16:09 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat

+ 2004-08-04 12:00 . 2012-01-13 01:00 68764 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2011-12-12 18:27 68764 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2012-01-13 01:00 436048 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2011-12-12 18:27 436048 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]

"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-08-28 426140]

"V0610Mon.exe"="c:\windows\V0610Mon.exe" [2009-08-06 24576]

"DeltTray"="DeltTray.exe" [2004-08-27 56320]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

108Mbps Wireless LAN Adapter Configuration Utility.lnk - c:\program files\108Mbps Wireless LAN Adapter\WLANPRO.exe [2008-8-11 2678784]

Reg.lnk - c:\program files\108Mbps Wireless LAN Adapter\Reg.exe [2008-8-11 24576]

TruDirectTray.lnk - c:\program files\TruDirect\TruDirectTray.exe [2008-2-18 421888]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 13:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Nw32]

[bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16561\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=

"c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Documents and Settings\\Theo\\Local Settings\\Apps\\2.0\\N88RJ1BE.W1J\\NRCZAXTT.8HW\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

.

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/3/2011 6:37 PM 16384]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2008 1:04 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2010 9:53 PM 243152]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 8:07 AM 308136]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]

R2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [3/25/2011 4:17 AM 2784768]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [10/4/2011 10:44 PM 66944]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/21/2008 10:18 AM 24652]

R3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [7/7/2010 10:15 PM 1811288]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [3/6/2010 1:07 AM 198232]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [3/6/2010 1:07 AM 1353304]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [3/6/2010 1:07 AM 73816]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [3/6/2010 1:07 AM 1227352]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/19/2010 8:21 PM 119656]

S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [8/4/2004 7:00 AM 14336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/27/2011 5:49 PM 2253120]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/6/2010 1:05 AM 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [1/11/2011 2:56 PM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [3/6/2010 1:07 AM 198232]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/12/2011 2:08 AM 143936]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [3/6/2010 1:07 AM 1353304]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [3/6/2010 1:07 AM 73816]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [1/12/2011 2:10 AM 274624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NecUsbSevice REG_MULTI_SZ NecUsb

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-113007714-1801674531-1003Core.job

- c:\documents and settings\Theo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 02:48]

.

2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-113007714-1801674531-1003UA.job

- c:\documents and settings\Theo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-25 02:48]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Theo\Application Data\Mozilla\Firefox\Profiles\cx3isd22.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-16 21:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0a\06\1d\12\1b\1aË"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2572)

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

Completion time: 2012-01-16 21:51:03

ComboFix-quarantined-files.txt 2012-01-17 02:50

ComboFix2.txt 2012-01-11 23:55

.

Pre-Run: 275,348,566,016 bytes free

Post-Run: 275,318,583,296 bytes free

.

- - End Of File - - 1DBAB825BB84F7C5F0BA2BE82079517C

thanks again

Link to post
Share on other sites

  • 2 months later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.