Jump to content

another ping.exe problem


Recommended Posts

Hi,

Like several others recently I've noticed that ping.exe is often going nuts and running at 100% cpu usage.

I've ran all the usual AVG, Spyboy, Malware Bytes, Ad-aware to no effect.

Here is my DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0

Run by ShanghaiKiwi at 8:33:00 on 2011-10-18

Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.3582.1976 [GMT 13:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost -k DoctorService

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\System32\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.nz/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ??à×FLVêó?μDáì??°?????§3?: {0ea37b17-6b8b-4085-8257-f3a4aa69c27a} - c:\program files\thunder network\thunder\bho\XlBrowserAddin1.0.3.55.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll

BHO: ??à×?????§3?: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\bho\XunleiBHO7.2.1.3140.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [cbssreg] c:\windows\temp\ambv.tmp\setup.exe

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: ???QQ??

IE: 使用迅雷下载 - c:\program files\thunder network\thunder\bho\geturl.htm

IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\bho\GetAllUrl.htm

IE: 使用迅雷看看播放器播放 - c:\users\public\thunder network\xmp4\core\program\XmpIEMenu.htm

IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

Trusted Zone: taobao.com

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D21E5D86-CDB0-42E5-9EF3-F7FC2094CB9A} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: jamirte - c:\windows\system32\config\systemprofile\appdata\local\jamirte.dll

Notify: kvmmmap - kvmmmap.dll

SEH: DesktopTipsStub Class: {4562b511-62e9-4533-b7b2-56a8bb10b482} - c:\program files\common files\thunder network\kankan\xappex.1.1.1.28.(581).dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shanghaikiwi\appdata\roaming\mozilla\firefox\profiles\1wr3b25y.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrl.3.1.0.1.(527).dll

FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrl.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\shanghaikiwi\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\shanghaikiwi\appdata\roaming\mozilla\firefox\profiles\1wr3b25y.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\aliedit\2.5.0.3\npaliedit.dll

FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-29 64512]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]

R2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost -k doctorservice --> c:\windows\system32\svchost -k DoctorService [?]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

R3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2011-8-26 20080]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-9-3 394856]

S2 AMService;AMService;c:\windows\temp\dhduue\setup.exe run --> c:\windows\temp\dhduue\setup.exe run [?]

S2 SetupARService;SetupARService;c:\program files\realtek\audio\SetupAfterRebootService.exe [2011-3-5 24576]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-4-27 84832]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-2 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-22 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2007-1-26 91496]

.

=============== Created Last 30 ================

.

2011-10-17 16:03:14 -------- d-----w- c:\users\shanghaikiwi\appdata\local\Thunder Network

2011-10-17 08:49:43 -------- d-----w- c:\users\shanghaikiwi\appdata\local\Google

2011-10-17 08:34:48 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{6D195CB9-F3A1-4533-9D0A-627D682C1144}

2011-10-17 08:34:36 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{E05EB2E2-CAC7-45ED-A9FE-A7084A750B09}

2011-10-17 02:08:25 -------- d-----w- c:\users\shanghaikiwi\appdata\local\Ubisoft Game Launcher

2011-10-17 02:08:23 -------- d-----w- c:\users\shanghaikiwi\appdata\roaming\Might & Magic Heroes VI

2011-10-16 07:10:38 -------- d-----w- c:\users\shanghaikiwi\appdata\roaming\Malwarebytes

2011-10-16 07:10:34 -------- d-----w- c:\programdata\Malwarebytes

2011-10-16 07:10:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 01:35:30 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{0B9EBF17-A7EC-4D65-91B9-E504127F68A8}

2011-10-15 01:35:14 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{4EC54A38-52E1-4C6F-9A9F-862F24174760}

2011-10-13 06:57:49 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 06:57:49 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 06:57:48 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 06:57:48 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 06:57:44 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 19:12:41 -------- d-----w- c:\users\shanghaikiwi\appdata\roaming\AVG2012

2011-10-12 19:11:42 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-12 19:11:42 -------- d-----w- c:\programdata\AVG2012

2011-10-12 19:02:33 -------- d-----w- c:\programdata\MFAData

2011-10-11 08:09:36 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{F6E98F80-DCA7-466E-B7C5-3C462621301A}

2011-10-11 08:09:25 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{F0F85E4E-37BD-4040-BA4B-6790A988D718}

2011-10-09 03:31:44 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{816C8584-2B42-4A92-8CC4-85FC1877A880}

2011-10-09 03:31:32 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{85F78095-F1D6-43FD-A90D-305368CF9D40}

2011-10-08 04:44:49 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{5D082990-794F-494E-9991-9D734D7444C0}

2011-10-08 04:44:37 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{B77B0C1A-4F2E-4189-82EB-AC4B47359E6A}

2011-10-07 08:54:01 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{795E72C6-A537-42CD-84AC-FBA1A98A06AD}

2011-10-07 08:53:50 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{0B5697CF-FFAD-4752-8DC6-C0382CCA6632}

2011-10-03 08:01:57 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{DEFFD884-3435-48B9-BDD4-F91EE75B0744}

2011-10-03 08:01:37 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{A07CCC81-7A73-4F8B-AB9A-B435F48EFBD1}

2011-09-30 05:41:14 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cc382dfc-f3d9-421d-9049-9861071d9f33}\mpengine.dll

2011-09-29 08:09:55 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-09-25 02:51:35 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{D56902CD-FBD2-41AD-9430-195273D2E0F5}

2011-09-25 02:51:23 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{F5EE85D9-9D5F-4C68-B081-030362B07A0E}

2011-09-24 01:43:45 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{307108F5-DD89-45BC-B313-84ABA80E6F1C}

2011-09-24 01:43:33 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{65877BE7-BFDE-406F-94AC-21C4E47CDBD1}

2011-09-21 06:31:22 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{B34FB23C-64BC-4F55-9CAE-3B4251EDA66F}

2011-09-21 06:31:11 -------- d-----w- c:\users\shanghaikiwi\appdata\local\{85F0476A-893B-4062-9D66-F0A59030EE6F}

2011-09-21 04:49:15 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-09-21 04:46:54 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-21 04:46:54 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-21 04:46:54 153088 ----a-w- c:\windows\system32\xvid.ax

2011-09-19 02:39:33 -------- d-----w- C:\~BCWipe.stu

.

==================== Find3M ====================

.

2011-10-17 18:41:12 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-17 08:49:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 17:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-28 20:45:24 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-08-18 03:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-10 04:27:02 79568 ----a-w- c:\windows\xinstaller.dll

2011-08-10 04:27:02 34512 ----a-w- c:\windows\xinstaller.exe

2011-08-03 21:40:40 503808 ----a-w- c:\windows\system32\msvcp71.dll

2011-08-03 21:40:40 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-08-03 21:40:38 90112 ----a-w- c:\windows\system32\atl71.dll

.

============= FINISH: 8:33:31.99 ===============

Thanks

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Lavasoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.