Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

acerider

1 Message

675

June 28th, 2011 06:00

Repeated Just in time Debugger popup - Internet redirects

Good morning,

I found a previous response from kevinf80 on a similar topic in Dec 2010 and he was very helpful to the end user so I figured I'd see if you could help me.   Below are the logs from HJT.    I already tried to run the Malwarebytes software and have included the log from there also.    This is my wife's laptop.   It is a DELL Latitude D620 with Windows XP Professional Version 2002 Service Pack 3 running on an Intel Core 2 CPU 1.66ghz.

I have the following Norton AV installed from Comcast:

Product Name: Norton Security Suite

  • Version: 4.3.0.5
  • Serial Number: 123
  • Media SKU: 20999865
  • Current SKU: 20999865
  • Family SKU: 0000000
  • End Point ID: {B581CC2E-7671-11DF-AC06-00188BB34F2E}
  • OEM Partner Name: 123
  • Vendor Name: Comcast

Any and all help would be unbelievably appreciated - Thank you!

--------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:03 AM, on 6/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\UMCSTUB.EXE
C:\PROGRA~1\CA\SHARED~1\CAM\bin\cam.exe
C:\WINDOWS\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Cisco Systems\VPN Client 4\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\DTS\bin\tngdoba.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\Program Files\CA\SharedComponents\DTS\bin\tngdta.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\CryptoEx\common\CexTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CA\SharedComponents\DTS\bin\dtstray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\Unicenter Asset Management\Agents\umclogin.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\CA\SHARED~1\CAM\bin\caftf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,CatUInit,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Migrator] "C:\Program Files\CryptoEx\Migrator\Migrator.exe" -StartUp
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [UAMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe us
O4 - HKLM\..\Run: [JavaProfileFix] "C:\Program Files\Java\Profile Fix\JAVA_Fix 4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Data Transport Service Monitor.lnk = C:\Program Files\CA\SharedComponents\DTS\bin\dtstray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.authoria.com
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEVDI.local
O17 - HKLM\Software\..\Telephony: DomainName = DEVDI.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DEVDI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DEVDI.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DEVDI.local
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O20 - Winlogon Notify: ssqnmnk - ssqnmnk.dll (file missing)
O20 - Winlogon Notify: vtursqn - vtursqn.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\PROGRA~1\CA\SHARED~1\CAM\bin\cam.exe
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINDOWS\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\Lic98Rmt.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\Lic98RmtD.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client 4\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V5 - dmgr (IBMWAS5Service - dmgr) - Unknown owner - d:\was\v51\DeploymentManager\bin\wasservice.exe
O23 - Service: IBM WebSphere Application Server V5 - nodeagent (IBMWAS5Service - nodeagent) - Unknown owner - d:\was\v51\Appserver\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: SMED Shared Audit Trail Agent Service  ID=1.3.10 - Unknown owner - D:\siemens\ANA\1.5.100\BIN\SatAgent.exe (file missing)
O23 - Service: DTS Browser (TNG-DOBA) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\DTS\bin\tngdoba.exe
O23 - Service: DTS Metrics Gatherer (TNG-DTMG) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\DTS\bin\tngdtmg.exe
O23 - Service: DTS Agent (TNG-DTS) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\DTS\bin\tngdta.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13937 bytes

 

======================

MALWARE BYTES LOG

=====================

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6966

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/28/2011 8:03:43 AM
mbam-log-2011-06-28 (08-03-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 492196
Time elapsed: 1 hour(s), 48 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{51C58711-1B4B-41c0-A08B-D4C659E0C94D} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1B6062A1-4CCD-400c-B2B4-E73A052D110C} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D040E740-91CC-4049-9136-3D84A4817270} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1B6062A1-4CCD-400C-B2B4-E73A052D110C} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E4881AC-49E2-4761-9542-7E40C73CFB96} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E4881AC-49E2-4761-9542-7E40C73CFB96} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E4881AC-49E2-4761-9542-7E40C73CFB96} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9383002-FC55-4330-B9C9-67E03BC5C840} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndVeano4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISM (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E9383002-FC55-4330-B9C9-67E03BC5C840} (Trojan.Vundo) -> Value: {E9383002-FC55-4330-B9C9-67E03BC5C840} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E9383002-FC55-4330-B9C9-67E03BC5C840} (Trojan.Vundo) -> Value: {E9383002-FC55-4330-B9C9-67E03BC5C840} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\chhera00.devdi\application data\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\temporary (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\start menu\Programs\internet speed monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\chhera00.devdi\application data\registrysmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_21_09_31_50.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_19_11_41_19.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_19_14_49_51.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_20_09_25_22.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_20_19_52_24.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_21_09_53_21.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_22_09_40_48.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_23_08_48_57.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_24_14_33_33.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_25_16_27_08.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_25_23_08_07.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_26_09_26_04.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_27_09_25_35.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_27_15_29_45.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_27_20_20_40.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_27_23_40_23.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_28_09_26_04.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_28_16_49_39.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_28_19_45_05.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_02_28_22_18_12.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_03_01_09_40_21.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_03_01_11_59_25.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_03_01_13_01_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_03_02_09_43_35.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\application data\registrysmart\Log\log_2007_03_02_20_31_50.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registrysmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\start menu\Programs\internet speed monitor\check now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
c:\documents and settings\chhera00.devdi\start menu\Programs\internet speed monitor\uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.

kevin27_b3d29f

1.5K Posts

July 20th, 2011 14:00

Hi,

Sorry for the delay in getting to you.

If you are still in need of assistance, please post a fresh HJT log.

Thanks

kevin27_b3d29f

1.5K Posts

July 24th, 2011 13:00

This topic is now Inactive.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you are the original poster and would like further assistance please post a fresh HJT log in a NEW topic along with details of the problems you are having.

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the DCFnewpost.png button.

View More

View All

No Events found!

Top