BleepingComputer.com: Computer with ping.exe virus HELP PLEEEASE

alright. i got this stupid ping.exe virus thing. this is the deal. got this computer from my bro like an hour ago. its got this virus thing on it. i open the task manager and there it is, ping.exe. its taking 100% of my cpu so i end it. 2 minuets later, its back. i keep doing this and i been doing it and it keeps returning. so i look up videos and tutorials. i follow them. its still here. i find the ping in system32 of the computer. i delete it. it comes back again. i know ping is "important" to the computer but i dont care. i just want this virus gone even if i have to delete this ping thing forever. i restored the computer and its still here too. i dont know what to do. theres also like 9 svchost.exe things if that means anything.HELP!!!!

Hers a DDS scan thing. if you see something called "poop" or "poop1" thats "ping" and "ping6" i just tried to rename it hoping it would fix it. theres also stuff attached for anyone that can help. i hope this stuff helps.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Delli at 0:36:52 on 2011-12-22
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Delli\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\Delli\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe c:\windows\config\csrss.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{B07E9DD3-F279-4C60-A37A-610178AA7A99} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\delli\application data\mozilla\firefox\profiles\lfasmjv1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://filefap.com/|http://cumonprintedpics.com/index.php|http://gallery.cumonprintedpics.com/index.php
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=20&systemid=2&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\delli\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\delli\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? BBUpdate;BBUpdate
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz134;cpuz134
R? MBAMProtector;MBAMProtector
R? MBAMService;MBAMService
R? NPF;WinPcap Packet Driver (NPF)
R? SwitchBoard;Adobe SwitchBoard
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
.
=============== Created Last 30 ================
.
2011-12-21 23:35:21 -------- d-----w- c:\documents and settings\delli\application data\Malwarebytes
2011-12-21 23:34:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-21 23:34:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 23:34:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-21 23:09:21 -------- d-----w- C:\rei
2011-12-21 23:08:26 -------- d-----w- c:\program files\Reimage
2011-12-21 22:28:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-21 22:28:45 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-21 22:28:45 814040 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-21 22:28:45 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-21 22:28:45 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-21 22:28:45 486360 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-21 22:28:45 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-21 22:28:45 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-21 22:28:45 2124760 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-12-21 22:28:45 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-21 22:28:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-21 22:28:45 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-12-20 15:06:49 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-20 15:06:49 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-12-20 15:06:49 100880 ----a-w- c:\windows\system32\Packet.dll
2011-12-16 06:51:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-16 06:51:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-06 00:26:51 -------- d-----w- c:\documents and settings\all users\application data\UAB
2011-12-06 00:26:27 -------- d-----w- c:\documents and settings\delli\local settings\application data\PC_Drivers_Headquarters
2011-12-05 23:23:37 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2011-12-05 23:22:07 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-12-04 19:58:07 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-12-22 08:07:15 33280 ----a-w- c:\windows\system32\poop1 .exe
2011-12-22 08:06:45 17920 ----a-w- c:\windows\system32\poop.exe
2011-12-21 22:24:19 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-15 00:01:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 0:39:45.70 ===============

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Greetings


It has been a few days so I am checking up on you - how are things going?


gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.