Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PING.EXE


  • This topic is locked This topic is locked
3 replies to this topic

#1 xboi209

xboi209

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 12 March 2012 - 04:33 PM

I've noticed PING.exe in my task manager and I suspect it as a virus because it's using up my internet considerably. MBAM did not help at all :/
Oh and at the time of the DDS scan thingy, I killed the ping.exe process from the task manager.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29
Run by g1 at 14:45:17 on 2012-03-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.949.82.1033.18.6142.4569 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\Documents\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Users\g1.Sister\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Users\g1.Sister\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
C:\Windows\explorer.exe
C:\Users\g1.Sister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\g1.Sister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\g1.Sister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\g1.Sister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\g1.Sister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\g1.Sister\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send by Bluetooth - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{391BC47A-CD91-44F4-82F6-BA60320E469A} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{391BC47A-CD91-44F4-82F6-BA60320E469A} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\g1.Sister\AppData\Roaming\Mozilla\Firefox\Profiles\wv94wllj.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\g1.Sister\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-12-15 143467]
R2 MBAMService;MBAMService;C:\Users\User\Documents\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-27 652360]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys --> C:\Windows\system32\DRIVERS\point64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-6-20 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-12 15:43:16 -------- d-----w- C:\Users\g1.Sister\AppData\Roaming\Media Finder
2012-03-12 15:36:15 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-12 15:35:08 -------- d-----we C:\Windows\system64
2012-03-10 17:07:40 -------- d-----w- C:\Users\g1.Sister\AppData\Roaming\codeblocks
2012-03-08 00:43:20 -------- d-----w- C:\Users\g1.Sister\AppData\Local\Geckofx
2012-03-08 00:43:09 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-02-28 06:18:23 33792 ----a-w- C:\Windows\System32\drivers\lgx64modem.sys
2012-02-28 06:18:23 27136 ----a-w- C:\Windows\System32\drivers\lgx64diag.sys
2012-02-28 06:18:23 17920 ----a-w- C:\Windows\System32\drivers\lgx64bus.sys
2012-02-28 06:08:48 -------- d-----w- C:\Program Files (x86)\LG Electronics
2012-02-28 06:08:15 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-28 06:08:15 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-28 06:08:15 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-28 06:08:15 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-28 06:08:15 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-26 22:03:04 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-02-26 22:03:01 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-02-26 19:02:27 -------- d-----w- C:\Users\g1.Sister\AppData\Local\dantarion.com
2012-02-26 17:20:18 -------- d-----w- C:\Program Files (x86)\Wiimm
2012-02-25 06:49:57 -------- d-----w- C:\Users\g1.Sister\AppData\Local\AutoShutdown
2012-02-24 05:42:29 -------- d-----w- C:\ProgramData\Web Installer
2012-02-24 01:06:51 -------- d-----w- C:\Program Files (x86)\JDownloader
.
==================== Find3M ====================
.
2012-03-12 15:36:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:45:55.36 ===============

Edited by xboi209, 12 March 2012 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 xboi209

xboi209
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 12 March 2012 - 05:39 PM

nvm, I did a system restore and surprisingly it worked o.O

#3 Will Watts

Will Watts

  • Malware Response Team
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 14 March 2012 - 01:14 PM

Hi xboi209,

I'm glad you were able to resolve the problem. If you wish, please post a new set of DDS logs so we can verify the infection has been removed. Alternatively, let me know if there are no remaining issues and we'll mark the topic as Resolved.

#4 Will Watts

Will Watts

  • Malware Response Team
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 22 March 2012 - 06:54 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users