Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pingppac.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 PhilMc

PhilMc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 26 October 2009 - 04:17 PM

Hi there

I'm an experienced user to some extent so feel free to explain in relatively technical language! Essentially I discovered the pingppac.exe virus in my startup entries (via msconfig) - I've disabled it but I'd like to get rid of it completely. In my experience where there's one there's several more. The computer has generally suddenly started running very slowly, a particular problem with Sibelius 5 (which I have reinstalled, am guessing its a problem with the program).

Any advice would be greatly appreciated. It may be that there doesn't appear to be anything wrong in which case don't worry about it. Would be great to have clearance that it's not a malware problem or advice on how to get rid of the malware! I've run panda antirootkit and it found nothing. I've also looked up every startup entry to check there isn't any other malware. I'm solving this problem remotely using teamviewer and the root repeal scan is taking FOREVER - I promise to have that uploaded asap.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Admin at 20:31:08.79 on 26/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.895.521 [GMT 0:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Jessops\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ShortKeys2\shklite.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Jessops Insert Detect] c:\program files\jessops\picture suite\InsDetect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\admin\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [Samsung SmartJet Monitor] RUNDLL32.EXE c:\windows\system32\SS43SHLL.DLL,AutoUpdatePnPValue
mRun: [AutoLoaderq0uc1QWlOKPK] "c:\windows\system32\dmsfaxui.exe"
mRun: [q75W3Ej] dmsfaxui.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunServices: [PPPOEO] pingppac.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortk~1.lnk - c:\program files\shortkeys2\shklite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/0409ca1448a164734105/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199817172036
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199817157044
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: LMIinit - LMIinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\gjwcf7bp.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2003-3-6 8768]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-24 45848]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2007-3-11 26752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-26 20:16:58 0 d-----w- c:\program files\Trend Micro
2009-10-05 20:22:06 3207333 ----a-w- c:\windows\{00000002-00000000-0000000A-00001102-00000004-00531102}.BAK
2009-10-05 17:14:34 0 d-----w- c:\program files\CCleaner
2009-10-05 17:12:09 0 d-----w- c:\docume~1\admin\applic~1\TeamViewer
2009-10-05 17:12:02 0 d-----w- c:\program files\TeamViewer
2009-10-05 17:11:33 0 d-----w- c:\documents and settings\admin\temp

==================== Find3M ====================

2009-10-25 05:38:31 82508 ----a-w- c:\windows\fonts\OPUSC___.TTF
2009-10-25 05:38:31 27896 ----a-w- c:\windows\fonts\OPUS____.TTF
2009-10-25 05:38:31 20400 ----a-w- c:\windows\fonts\OPUSFS__.TTF
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 14:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:38:30 79204 ----a-w- c:\windows\fonts\RPRSSPEC.TTF
2009-08-14 15:38:30 73580 ----a-w- c:\windows\fonts\RPRSSCRP.TTF
2009-08-14 15:38:29 81416 ----a-w- c:\windows\fonts\OPUSPC__.TTF
2009-08-14 15:38:29 34512 ----a-w- c:\windows\fonts\RPRS____.TTF
2009-08-14 15:38:29 130228 ----a-w- c:\windows\fonts\RPRSCHOR.TTF
2009-08-14 15:38:28 67036 ----a-w- c:\windows\fonts\OPUSCSC_.TTF
2009-08-14 15:38:28 66892 ----a-w- c:\windows\fonts\OPUSCS__.TTF
2009-08-14 15:38:28 20960 ----a-w- c:\windows\fonts\OPUSNN__.TTF
2009-08-14 15:38:27 97268 ----a-w- c:\windows\fonts\INK2CHOR.TTF
2009-08-14 15:38:27 76104 ----a-w- c:\windows\fonts\INK2SCRI.TTF
2009-08-06 18:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2003-04-25 14:30:03 205166 ----a-w- c:\program files\Audio 1_def_tk 3.ovw
2003-04-25 14:30:00 52518380 ----a-w- c:\program files\Audio 1_def_tk 3.wav
2003-04-25 14:24:45 274 ----a-w- c:\program files\Audio 1_def_tk 2.ovw
2003-04-25 14:24:41 66188 ----a-w- c:\program files\Audio 1_def_tk 2.wav
2003-04-25 14:24:11 3374 ----a-w- c:\program files\Audio 1_def.ovw
2003-04-25 14:24:10 859916 ----a-w- c:\program files\Audio 1_def.wav
1996-12-02 18:44:28 582144 ----a-w- c:\program files\common files\dao350.dll
2008-09-04 11:09:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 20:33:22.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 02 November 2009 - 03:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:22 PM

Posted 08 November 2009 - 11:21 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users