Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search/mail Infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 svanga

svanga

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 27 June 2008 - 03:14 AM

I am having issues running searches on google and logging into gmail. Please see below for my HijackThis log and help me clean up my computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:30 AM, on 6/27/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mksauth.exe
C:\WINNT\temp\winsdx.exe
C:\WINNT\system32\nutsrv4.exe
C:\WINNT\system32\nvsvc32.exe
C:\oracle\92\bin\omtsreco.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\MKS Toolkit\bin\secshd.exe
C:\Program Files\MKS Toolkit\bin\snmptrapd.exe
C:\WINNT\system32\telnetd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\sysvmwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EMC Corp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 128.221.*.*;128.222.*.*;152.62.*.*;199.245.235.*;*.dg.com;*.clariion.com;infolibs;*.*.emc.com;<local>
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\xwusuhzh.exe,
O2 - BHO: (no name) - {05177486-D574-E1BE-FFA0-8CA436DF4997} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {31E1D235-EFBF-90E2-5374-74CB90B69B09} - (no file)
O2 - BHO: (no name) - {35EB9C91-1CA6-11d5-8B2B-00C04F779127} - (no file)
O2 - BHO: (no name) - {3DB4093C-B8C2-1892-FC1E-847585F4982A} - (no file)
O2 - BHO: (no name) - {3E2A2E1C-3395-677F-5F8E-F3812592CEAB} - (no file)
O2 - BHO: (no name) - {48AB82F0-2AA0-F984-03CE-FA53C8EBC89C} - (no file)
O2 - BHO: (no name) - {4FFD483F-9C3A-8E4F-AFD7-4F895F591FF8} - (no file)
O2 - BHO: (no name) - {62CADE6C-117F-91A9-1038-2CD0655D4D48} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {7802D689-9DE1-3EE6-4A7D-2E5809807F08} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7AADD070-6960-6A11-5024-32FA51E2C0B1} - (no file)
O2 - BHO: (no name) - {84ADD2FD-91B6-7F23-08D3-F73DB791F459} - (no file)
O2 - BHO: (no name) - {8AD1506D-CCD8-0D90-5B17-80691EC95FBB} - (no file)
O2 - BHO: (no name) - {976A4D9D-D89E-AED7-941A-E124F8A5663D} - (no file)
O2 - BHO: (no name) - {9C5E81B2-221F-0A94-76DB-1C132F91D7C7} - (no file)
O2 - BHO: (no name) - {A4F5B924-7122-BD38-253B-53F228A233D7} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {DB9971EC-7C5C-2BEB-6A96-21057D599A2B} - (no file)
O2 - BHO: (no name) - {E015B3F6-1DB4-07DE-D960-B0EBF1CA12C9} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {E41AE503-1CF4-604D-9871-188E2696FB50} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINNT\system32\cssrss.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-42206656-1643397758-1825112941-1000 Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE (User 'EMCSI')
O4 - S-1-5-21-42206656-1643397758-1825112941-1000 User Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE (User 'EMCSI')
O4 - Global Startup: EMCSI.lnk = C:\EMCSoftware\EMCSIUser.exe
O4 - Global Startup: VitalAgent.lnk = C:\Program Files\INS\VitalAgent\Program\VtlAgent.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.andhrajyothy.com/wfplayer/tdserver.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eng.emc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eng.emc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eng.emc.com,lss.emc.com,corp.emc.com,isus.emc.com,legato.com,documentum.com,vmware.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eng.emc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eng.emc.com,lss.emc.com,corp.emc.com,isus.emc.com,legato.com,documentum.com,vmware.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eng.emc.com,lss.emc.com,corp.emc.com,isus.emc.com,legato.com,documentum.com,vmware.com
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EMC Software Install Manager (EMCSI) - EMC - C:\EMCSoftware\EMCSI.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINNT\system32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\MKS Toolkit\bin\secshd.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\Program Files\MKS Toolkit\bin\snmptrapd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINNT\system32\telnetd.exe
O23 - Service: MsSecurity (MsSecurity1.203.2) - Unknown owner - C:\WINNT\temp\winsdx.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\system32\nutsrv4.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\92\BIN\ONRSD.EXE
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINNT\sysvmwin.exe

--
End of file - 10660 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:50 PM

Posted 20 July 2008 - 03:33 PM

Hello svanga,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:50 PM

Posted 07 August 2008 - 07:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users