fh2000

Hi, Elite engineers from Malwarebytes, I read thru some of the old threads and saw suggestions to run ComboFix. So, I downloaded ComboFix, and run it. I watched it for 2 hours, and it appears that ping.exe no longer showing up in Task Manager. I will keep watching it and hope it won't come back. For now, no need to reply to my request. If my problem comes back again, I will post again. Thanks

Hi, I am still trying to do this step from your instruction email, but when I click on DDS, nothing happens to me. Maybe the virus blocked that site from me. Is there another way to get DDS downloaded to my PC? Thanks for your help fh2000 ======================================================= Download DDS and save it to your desktop Disable any script blocker if your Anti-Virus/Anti-Malware has it. Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed. Then double click dds.scr to run the tool. When done, the DDS.txt file will open. Click Yes at the next prompt for Optional Scan. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop Please include the following logs in your new topic that you will create: DDS.txt and Attach.txt

Hi, My computer keeps showing ping.exe in Task Manager even after I killed it repeatedly. I ran the Malwarebytes Anti-Malware (see below log). But I am not able to download DDS. Can you help me what I should do next? Thanks fh2000 ========================================================================================= Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8339 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 12/8/2011 10:56:26 PM mbam-log-2011-12-08 (22-56-26).txt Scan type: Quick scan Objects scanned: 251804 Time elapsed: 33 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\acroiehelpe.dll (Trojan.Passwords) -> Quarantined and deleted successfully. c:\windows\temp\ydgrdc\setup.exe (Trojan.Email) -> Quarantined and deleted successfully. c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.