Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Toshido

Toshido

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 19 July 2010 - 09:26 PM

Earlier today seemed to get myself a virus.

Google Chrome as default browser.

Would open up Chrome and show an ad for adult friend finder. Seems to do it at random times not triggered by an action. Also get a DOS run screen in a window with file name ppi1.exe or ppi2.exe and error message.

When running GMER.exe it would reboot with a blue screen flashing.

I did successfully run GMER.exe by unchecking the files box and am including the ark.txt file from that scan. Of course that also locked up chrome. After losing chrome I tried to start up chrome again and got anther blue screen flash on the screen and reboot.

Finally got all the files together and chrome running long enough to get this message for help up.


Sorry I do not have more like virus name or information from the blue screens but they flash past too quick.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Wanda at 14:02:31.53 on Mon 07/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1323 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Wanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Wanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\IXP000.TMP\.Download-Server.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\IXP001.TMP\.Download-Server.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\IXP002.TMP\.Download-Server.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\IXP003.TMP\.Download-Server.exe
C:\WINDOWS\system32\rundll32.exe
"C:\WINDOWS\System32\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\ajvq.exe
C:\DOCUME~1\Wanda\LOCALS~1\Temp\ajvq.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Wanda\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {3c22dad5-f7c2-4f61-a795-eeac10e756e6} - c:\windows\system32\qqjip.dll
BHO: adShotHlpr Object: {5671e1e3-3cfc-49ba-a432-a45896f9e794} - c:\windows\system32\uqjip.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\wanda\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [AdobeBridge]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Tpejexetedabexob] rundll32.exe "c:\windows\wiuind.dll",Startup
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxccmon.exe] "c:\program files\lexmark 3300 series\lxccmon.exe"
mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [sta] rundll32 "uqjip.dll",,Run
mRun: [MChk] c:\windows\system32\hqjip.exe
mRun: [Lqejuxisetacok] rundll32.exe "c:\windows\ahetidedugugek.dll",Startup
mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\wanda\locals~1\temp\ixp000.tmp\"
mRunOnce: [wextract_cleanup1] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\wanda\locals~1\temp\ixp001.tmp\"
mRunOnce: [wextract_cleanup2] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\wanda\locals~1\temp\ixp002.tmp\"
mRunOnce: [wextract_cleanup3] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\wanda\locals~1\temp\ixp003.tmp\"
StartupFolder: c:\documents and settings\wanda\start menu\programs\startup\0B44F.exe.exe
StartupFolder: c:\documents and settings\wanda\start menu\programs\startup\634A7.exe.exe
StartupFolder: c:\documents and settings\wanda\start menu\programs\startup\BA27A.exe.exe
StartupFolder: c:\documents and settings\wanda\start menu\programs\startup\E9711.exe.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-28 10448]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-5-27 1423360]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10448]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-07-19 17:39:27 120 ----a-w- c:\windows\Xhibogutagesag.dat
2010-07-19 17:39:27 0 ----a-w- c:\windows\Lwupuqanalepet.bin
2010-07-19 17:38:49 768000 ----a-w- c:\windows\system32\drivers\odlbre.sys
2010-07-19 17:37:57 0 d-----w- c:\docume~1\wanda\applic~1\Street-Ads
2010-07-19 17:37:57 0 d-----w- c:\docume~1\wanda\applic~1\Sky-Banners
2010-07-19 17:37:52 17408 ----a-w- c:\windows\ppi2.exe
2010-07-19 17:37:52 150 ----a-w- C:\zrpt.xml
2010-07-19 17:37:44 17408 ----a-w- c:\windows\ppi1.exe
2010-07-19 17:37:43 5756 --sha-w- c:\windows\E88D4.exe
2010-07-19 17:27:31 0 d-----w- c:\program files\Imagenomic
2010-07-16 04:06:20 246784 ----a-w- c:\windows\system32\qqjip.dll
2010-07-16 04:06:04 294912 ----a-w- c:\windows\system32\uqjip.dll
2010-07-14 00:43:22 40581 ----a-w- c:\windows\system32\hqjip.exe
2010-07-13 22:31:16 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 05:04:40 0 d-----w- C:\Photos
2010-07-08 14:43:44 0 d-----w- C:\Lightroom Cats
2010-07-06 15:21:22 56532 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-06 15:21:04 0 d-----w- c:\docume~1\wanda\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-04 21:04:04 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-04 21:04:03 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-04 21:04:03 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-04 21:04:03 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-04 20:33:33 0 d-----w- c:\docume~1\wanda\applic~1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-07-04 20:33:33 0 d-----w- c:\docume~1\wanda\applic~1\Adobe Mini Bridge CS5
2010-06-30 17:54:06 0 d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-06-29 15:07:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-29 15:07:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 19:08:36 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-06-28 19:08:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-28 19:08:34 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-28 19:08:14 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-06-28 19:07:41 0 d-----w- c:\docume~1\wanda\applic~1\Logishrd
2010-06-28 15:20:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-06-28 15:20:26 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-27 02:43:21 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-06-27 02:43:21 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-06-27 02:43:21 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-06-27 02:43:21 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-06-27 02:43:20 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-06-27 02:43:20 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-06-27 02:43:20 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-06-27 02:43:20 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-06-27 02:40:57 0 d-----w- c:\program files\Break For Games
2010-06-27 01:19:48 0 d-----w- c:\program files\PowerISO

==================== Find3M ====================

2010-06-07 23:57:00 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-07 23:57:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-07 23:57:00 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57:00 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 21:34:52 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 21:34:42 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 21:34:42 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 21:34:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 21:34:40 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 21:34:40 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-05-28 16:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-27 17:21:02 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-27 17:21:02 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-27 01:14:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 22:29:24 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll

============= FINISH: 14:02:59.51 ===============

Soon as I posted the above 6 screens popped up. Took a screenshot with all the information on it for all to see. Larger version available if needed.



Merged posts. ~ OB

Edited by Orange Blossom, 20 July 2010 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 Toshido

Toshido
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 24 July 2010 - 12:19 AM

Seems I was infected with Defense center..

COmputer was getting so bad it would not stay on and at times block me from running any programs. So I decided to format and re-install.

So i guess you can lock this thread since I am no longer needing the help.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 AM

Posted 26 July 2010 - 07:28 AM

Thanks for letting us know



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users