1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser infected on Auntie's PC

Discussion in 'Virus & Other Malware Removal' started by indochine, Jan 26, 2011.

Thread Status:
Not open for further replies.
  1. indochine

    indochine Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    2
    Hi,
    My Auntie PC has been infected by some Trojan for a week and I'm not familiar with IT and I need your help to cleanup the virus.
    Her PC is a HP desktop model Pavilion a1440n, her PC has been reinstalled by her colleague with Windows XP SP3, MS office enterprise, AV Kaspersky and some utilities ... She told me that her PC has been infected due to her son download & play games online and she has to run the VPN whenever she needs to surf the NET :eek:. BTW, It looks so weird that the OS installed on D drive !!! :confused:

    Thanks advance.:)

    Here is the HijackThis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:36:57 PM, on 1/26/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    D:\WINDOWS\system32\bgsvcgen.exe
    D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    D:\Program Files\LogMeIn\x86\RaMaint.exe
    D:\Program Files\LogMeIn\x86\LogMeIn.exe
    D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    D:\Program Files\ActiveMultiwallpaper\Changer.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Java\jre6\bin\javaw.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Java\jre6\bin\javaw.exe
    D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
    D:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    D:\Program Files\Java\jre6\bin\javaw.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\WINDOWS\System32\svchost.exe
    C:\DownloadSoft\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: D - {8038432F-D406-32EC-B270-3769F3D28E36} - D:\WINDOWS\system32\xwr62923.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Startup: Changer.exe.lnk = D:\Program Files\ActiveMultiwallpaper\Changer.exe
    O4 - Global Startup: HD Writer.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247925920453
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - D:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Informatica Orchestration Server (InformaticaOrchestrationServer) - Unknown owner - D:\Informatica\PowerCenter8.6.1\OrchestrationServer\service\bin\wrapper.exe
    O23 - Service: InformaticaServices8.6.1 - Unknown owner - D:\Informatica\PowerCenter8.6.1\server\tomcat\bin\infasvcs.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Sybase Unified Agent (SybaseUAService) - Unknown owner - D:\Sybase\UAF-2_5\utility\ntautostart\release\uaservice.exe
    O23 - Service: Sybase BCKServer _ STELLAPCHOME_BS (SYBBCK_STELLAPCHOME_BS) - Unknown owner - D:\Sybase\ASE-15_0\bin\bcksrvr.exe
    O23 - Service: Sybase MONServer _ STELLAPCHOME_MS (SYBMON_STELLAPCHOME_MS) - Unknown owner - D:\Sybase\ASE-15_0\bin\monsrvr.exe
    O23 - Service: Sybase SQLServer _ STELLAPCHOME (SYBSQL_STELLAPCHOME) - Unknown owner - D:\Sybase\ASE-15_0\bin\sqlsrvr.exe
    O23 - Service: Sybase XPServer _ STELLAPCHOME_XP (SYBXPS_STELLAPCHOME_XP) - Unknown owner - D:\Sybase\ASE-15_0\bin\xpserver.exe

    --
    End of file - 10150 bytes
     
  2. indochine

    indochine Thread Starter

    Joined:
    Jan 26, 2011
    Messages:
    2
    everytime open IE ... it's auto popup 2 window IE with 2 differents sites (1sr one is google homepage and the other is random site)... please help :(
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977229

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice