Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Smurf Virus; ok to post log in this forum?

  • Please log in to reply
10 replies to this topic

#1 wondernanny1


  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 04 November 2013 - 10:49 PM

Hi.  My internet provider sent trouble-shooters to see why I have been having trouble staying connected to my 4G high speed internet service; since I have only had this service a couple of months, I have been thinking that the provider was having tower transmission issues, or that I was having router issues.  However, the internet provider now says that they saw a line of code which told them that I have a bad Smurf virus, and I need to get a program to remove it from my computer(s). 


I have 3 computers, my desktop is Windows 7, I downloaded Malwarebytes program, removed what it recommended.  My personal laptop is Windows XP, I also ran Malwarebytes on it yesterday....thought I had the problem solved, but upon reboot the "deleted" files reappeared. 


Today I spoke to a friend who is also a computer geek, and she advised me to download ComboFix and run it...so I did.  I therefore have a log that resulted from that action, is it okay to post it here on this forum?

Attached File  ComboFix.txt   22.69KB   2 downloads

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,490 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 08 November 2013 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===
    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.


    Please just paste the contents of the DDS.txt log in your next post.

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please restart the computer before running this security check..

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.

Edited by nasdaq, 08 November 2013 - 09:20 AM.

#3 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 11 November 2013 - 03:50 PM

Hi I am posting resultant logs here:




DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2

Run by Tina at 14:37:31 on 2013-11-11

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1197 [GMT -6:00]



============== Running Processes ================


C:\Program Files\Windows Defender\MsMpEng.exe




C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre7\bin\jqs.exe


C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE





C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe



C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe


C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe




C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\DellSupport\DSAgnt.exe


C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe

C:\Documents and Settings\All Users\Application Data\RHelpers\FireFoxHelper\FireFoxHelper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\All Users\Application Data\RHelpers\IEHelper\IeHelper.exe

C:\Program Files\HP\digital imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe


C:\Documents and Settings\All Users\Application Data\Updater\updater.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter


============== Pseudo HJT Report ===============


uStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071121

uProxyServer = hxxp=;https=;

uProxyOverride = <-loopback>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Social Privacy: {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} -

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Updater] c:\documents and settings\all users\application data\updater\updater.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"

mRun: [AppMgrGui] c:\program files\appstream\windowsclient\bin\exeForService.exe

mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [SigmatelSysTrayApp] stsystra.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe

mRun: [HPHmon06] c:\windows\system32\hphmon06.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [dnsshield] c:\program files\social privacy  dns\dnswatch.exe

mRun: [Updater] c:\documents and settings\all users\application data\updater\Updater.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTU0ODY0MzA1LUZMKzgtRkwxMCsxLVNQMVRCKzEtU1VQKzQtU1AxUzQrMS1ERFQrNTM1OS1UQlZVUEcrMTItRjEwTTEyRlQrMS1UQk4rMS1DSUQxMCsxLUNJRCsxMC1DSUFWKzctQ0lBMTArMi1UQkNWKzE2Ny1TUCsxMC1DMTBVKzgxMTEyLUYxMFUxMysxLUYxMFUxM1YrMS1GMTBVMTNTKzEwLUNJRDY1KzItVEJDMTArMg"&"prod=90"&"ver=10.0.1432

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196409671596

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E592A269-51E1-4357-8656-F2B367010F4D} - hxxp://www.mpix.com/customer/uploading8/scriptsActiveXJava/Uploader8.cab

TCP: NameServer =

TCP: Interfaces\{DA76A509-13C4-4768-A028-B49C8DD3D2EB} : DHCPNameServer =


SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll


================= FIREFOX ===================


FF - ProfilePath - c:\documents and settings\tina\application data\mozilla\firefox\profiles\yviej9tc.default\

FF - prefs.js: keyword.URL -

FF - prefs.js: network.proxy.http -

FF - prefs.js: network.proxy.http_port - 57273

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-10-22 14:29; firefox@batbrowse.com; c:\documents and settings\tina\application data\mozilla\firefox\profiles\yviej9tc.default\extensions\firefox@batbrowse.com.xpi

FF - ExtSQL: !HIDDEN! 2009-06-23 17:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension


============= SERVICES / DRIVERS ===============


R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [2007-5-13 115284]

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]

R2 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\appstream\windowsclient\bin\AppMgrService.exe [2006-9-27 1990656]

R2 Level Quality Watcher;Level Quality Watcher;c:\windows\installer\msi79.tmp run sourceguid=422332b5-f3a6-47f6-93ef-792299ef24dc --> c:\windows\installer\MSI79.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC [?]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-1 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-1 701512]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-11 63488]

R2 REGHOOK;REGHOOK;c:\windows\system32\drivers\RegHook.sys [2006-9-27 54879]

R2 VSPD;VSPD;c:\windows\system32\drivers\VSPD.sys [2006-9-27 31321]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-1 22856]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-28 11520]

S2 ca82e1a5;Optimizer Pro Crash Monitor;"c:\progra~1\optimi~1\optprocrash.exe" --> c:\progra~1\optimi~1\OptProCrash.exe [?]


=============== Created Last 30 ================


2013-11-11 20:03:48   62576  ----a-w-           c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f49e5d95-d636-42ba-b8b2-2322ad3a4137}\offreg.dll

2013-11-11 20:01:59   --------            d-----w-          c:\windows\ERUNT

2013-11-11 19:43:30   --------            d-----w-          c:\documents and settings\tina\local settings\application data\WordExtra

2013-11-11 19:43:07   --------            d-----w-          c:\program files\Level Quality Watcher

2013-11-11 19:42:42   --------            d-----w-          c:\documents and settings\all users\application data\Updater

2013-11-11 19:42:42   --------            d-----w-          c:\documents and settings\all users\application data\RHelpers

2013-11-11 19:42:40   --------            d-----w-          c:\documents and settings\all users\application data\TubeDimmer

2013-11-11 19:40:41   --------            d-----w-          c:\program files\Social Privacy  DNS

2013-11-11 19:40:38   --------            d-----w-          c:\program files\sp

2013-11-11 19:36:01   --------            d-----w-          C:\AdwCleaner

2013-11-11 01:21:10   --------            d-----w-          c:\documents and settings\tina\application data\AVG2014

2013-11-11 01:18:19   --------            d-----w-          c:\documents and settings\all users\application data\AVG2014

2013-11-11 00:53:31   --------            d-----w-          c:\documents and settings\tina\local settings\application data\MFAData

2013-11-11 00:53:31   --------            d-----w-          c:\documents and settings\tina\local settings\application data\Avg2014

2013-11-10 01:36:37   7796464          ----a-w-           c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f49e5d95-d636-42ba-b8b2-2322ad3a4137}\mpengine.dll

2013-11-04 22:04:12   --------            d-sha-r-           C:\cmdcons

2013-11-04 22:01:24   98816  ----a-w-           c:\windows\sed.exe

2013-11-04 22:01:24   256000            ----a-w-           c:\windows\PEV.exe

2013-11-04 22:01:24   208896            ----a-w-           c:\windows\MBR.exe

2013-11-04 21:59:27   --------            d-----w-          c:\documents and settings\tina\application data\TuneUp Software

2013-11-01 18:21:19   22856  ----a-w-           c:\windows\system32\drivers\mbam.sys

2013-11-01 17:57:46   --------            d-----w-          c:\windows\system32\wbem\repository\FS

2013-11-01 17:57:46   --------            d-----w-          c:\windows\system32\wbem\Repository

2013-11-01 17:25:58   --------            d-----w-          c:\documents and settings\tina\application data\Malwarebytes

2013-11-01 17:25:49   --------            d-----w-          c:\documents and settings\all users\application data\Malwarebytes

2013-11-01 17:25:47   --------            d-----w-          c:\program files\Malwarebytes' Anti-Malware

2013-11-01 17:21:17   --------            d-----w-          c:\documents and settings\tina\local settings\application data\cache

2013-11-01 17:21:13   --------            d-----w-          c:\documents and settings\tina\local settings\application data\Mobogenie

2013-11-01 17:20:13   --------            d-----w-          c:\program files\Mobogenie


==================== Find3M  ====================


2013-10-09 15:59:09   71048  ----a-w-           c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 15:59:09   692616            ----a-w-           c:\windows\system32\FlashPlayerApp.exe

2013-09-23 18:33:58   920064            ----a-w-           c:\windows\system32\wininet.dll

2013-09-23 18:33:57   43520  ----a-w-           c:\windows\system32\licmgr10.dll

2013-09-23 18:33:57   1469440          ------w-           c:\windows\system32\inetcpl.cpl

2013-09-23 18:33:56   18944  ----a-w-           c:\windows\system32\corpol.dll

2013-09-23 18:06:48   385024            ----a-w-           c:\windows\system32\html.iec

2013-09-06 17:27:14   94632  ----a-w-           c:\windows\system32\WindowsAccessBridge.dll

2013-09-06 17:27:12   867240            ----a-w-           c:\windows\system32\npDeployJava1.dll

2013-09-06 17:27:12   789416            ----a-w-           c:\windows\system32\deployJava1.dll

2013-09-06 17:27:12   144896            ----a-w-           c:\windows\system32\javacpl.cpl

2013-09-03 19:35:12   238872            ------w-           c:\windows\system32\MpSigStub.exe

2013-08-29 01:31:44   1878656          ----a-w-           c:\windows\system32\win32k.sys


============= FINISH: 14:38:11.31 ===============




Security Check Log


Results of screen317's Security Check version 0.99.76 

 Windows XP Service Pack 3 x86  

 Internet Explorer 8 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

`````````Anti-malware/Other Utilities Check:`````````

 Windows Defender   

 Malwarebytes Anti-Malware version 

 JavaFX 2.1.1   

 Java™ 6 Update 17 

 Java 7 Update 25 

 Java™ 6 Update 3 

 Java version out of Date!

 Adobe Flash Player     11.9.900.117 

 Adobe Reader 10.1.8 Adobe Reader out of Date! 

 Mozilla Firefox 23.0.1 Firefox out of Date! 

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe  

 Windows Defender MsMpEng.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````




Junkware Removal Tool


Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Tina on Mon 11/11/2013 at 14:02:02.79






~~~ Services




~~~ Registry Values


Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL




~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}




~~~ Files




~~~ Folders


Successfully deleted: [Folder] "C:\Program Files\browsersafeguard"

Successfully deleted: [Folder] "C:\Program Files\social privacy"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\pc fix speed"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\we-care reminder"







Scan was completed on Mon 11/11/2013 at 14:11:15.29

End of JRT log




Log after cleaning off Search Protect by Conduit Service CltMngSvc

# AdwCleaner v3.012 - Report created 11/11/2013 at 13:50:29

# Updated 11/11/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Tina - PEEVYHOUSE

# Running from : C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\BMP2C6Q0\AdwCleaner[1].exe

# Option : Clean


***** [ Services ] *****


Service Deleted : CltMngSvc


***** [ Files / Folders ] *****


Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2

Folder Deleted : C:\Program Files\BatBrowse

Folder Deleted : C:\Program Files\MyPC Backup

Folder Deleted : C:\Program Files\Mysearchdial

Folder Deleted : C:\Program Files\optimizer pro

Folder Deleted : C:\Program Files\PCFixSpeed

Folder Deleted : C:\Program Files\Searchprotect

Folder Deleted : C:\Documents and Settings\Tina\Local Settings\Application Data\Searchprotect

Folder Deleted : C:\Documents and Settings\Tina\Application Data\24x7 help

Folder Deleted : C:\Documents and Settings\Tina\Application Data\optimizer pro

Folder Deleted : C:\Documents and Settings\Tina\Application Data\PCFixSpeed

Folder Deleted : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

Folder Deleted : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\Extensions\ffxtlbr@mysearchdial.com

File Deleted : C:\DOCUME~1\Tina\LOCALS~1\Temp\Uninstall.exe

File Deleted : C:\Documents and Settings\Tina\Desktop\Optimizer Pro.lnk

File Deleted : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\searchplugins\conduit-search.xml

File Deleted : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\searchplugins\Mysearchdial.xml

File Deleted : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\user.js


***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1


***** [ Browsers ] *****


-\\ Internet Explorer v8.0.6001.18702


Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]


-\\ Mozilla Firefox v23.0.1 (en-US)


[ File : C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\yviej9tc.default\prefs.js ]


Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1A5D84E0-629D-4A09-B8F2-F45116FF4EED&SSPV=sspvC_sp_ff");

Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0DyCtDtCzz0E0CtBtB0Fzzzz0AtN0D0Tzu0CyCyBtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");

Line Deleted : user_pref("extensions.mysearchdial.cr", "846310637");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtCzz0E0CtBtB0Fzzzz0AtN0D0Tzu0CyCyBtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]

Line Deleted : user_pref("extensions.mysearchdial.id", "001D6018EC22F88A");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16010");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtCzz0E0CtBtB0Fzzzz0AtN0D0Tzu0CyCyBtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtCzz0E0CtBtB0Fzzzz0AtN0D0Tzu0CyCyBtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "");

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=sspvC_sp_ff&Lay=1&UM=2&UP=SP1A5D84E0-629D-4A09-B8F2-F45116FF4EED");




AdwCleaner[R0].txt - [9383 octets] - [11/11/2013 13:41:43]

AdwCleaner[S0].txt - [9367 octets] - [11/11/2013 13:50:29]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9427 octets] ##########


#4 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 11 November 2013 - 03:53 PM

1) What should I do now? Is my laptop clean (these logs from my laptop)

2) Internet explorer not working now

3) Should I run these same programs you suggested on my desktop computer?

4) What should I do to prevent this type of problem in the future?

#5 nasdaq


  • Malware Response Team
  • 40,490 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 12 November 2013 - 09:32 AM

From the Start > RUN box, type MSCONFIG
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Did you installed these files that are running as a process?
C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Documents and Settings\All Users\Application Data\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\Documents and Settings\All Users\Application Data\RHelpers\IEHelper\IeHelper.exe


Did you set these proxys?
uProxyServer = hxxp=;https=;
FF - prefs.js: network.proxy.http_port - 57273

Open Firefox look at this extension in bold in the Tools > Ad-ons > extention.
If present remove it.

Delete the file in bold if present.
c:\documents and settings\tina\application data\mozilla\firefox\profiles\yviej9tc.default\extensions\firefox@batbrowse.com.xpi

Reset the Internet Explorer setting.
How is it now?

Post a fresh DDS log for my review.

p.s. for the other computers please start 2 new topics one for each computer.
Paste the DDS log for the computer in it's topic.

Give me the URL in the next reply and I will expedite the matter.

#6 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 13 November 2013 - 06:38 PM

Hi.  I just posted attempted to post a reply to this thread, that reply included the text from a "debug.log" that appeared after attempting to run RogueKiller on that laptop.  Now my laptop will not accept any keystrokes, although it appeared to boot up after RogueKiller.  I am sitting at my desktop now, and don't see the reply I posted, therefore I assume it was lost due to problems with that computer. 


The short story is that after I ran RogueKiller, my laptop computer unexpectedly shut down, then rebooted, giving me some error messages which flew by too quickly to read.  However there was a file called RK_quarantine, which contained a debug.log.  Since my laptop appeared to boot up but will no longer accept keystrokes, I'm not sure what to do.


What now?

#7 nasdaq


  • Malware Response Team
  • 40,490 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 14 November 2013 - 08:50 AM

I never seen RogueKiller act this way.
Something else may have caused this.

See if you can restore a previous state.

How to restore Windows XP to a previous state

Keep me posted.

#8 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 14 November 2013 - 10:05 AM

Thank you for your reply.

#9 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 14 November 2013 - 10:08 AM

However, I cannot even enter any keystrokes on the computer, so I don't see how I can restore to a previous point.  To turn computer off, or reset, I have to remove the battery. 


What anti virus do you think is the best?

#10 wondernanny1

  • Topic Starter

  • Members
  • 8 posts
  • Local time:09:01 PM

Posted 14 November 2013 - 10:09 AM

I am operating from my Windows 7 desktop right now, and I'd like to get the best anti virus for it.

#11 nasdaq


  • Malware Response Team
  • 40,490 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 14 November 2013 - 01:52 PM

If the problem computer is in a Computer box with an external Keyboard see if you can borrow a keyboard from a friend.
Make sure also that you your current keyboard is connected and seated well.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users