Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HijackThis log


  • Please log in to reply

#1
collectore

collectore

    New Member

  • Member
  • Pip
  • 2 posts
I have been getting annoying pop up ads for the past 3 weeks month.
I closed all the applications before I did the following.

I have downloaded ad aware and scanned my PC and deleted the files that had problem. I then downloaded the latest version of hijack this and ran it. Below is the hijackthis.log. Also I ran Hijack This analyzer. It created result.txt file. I am posting that as well.
PLEASE HELP ME!!!! This is my PC at work. I will be trouble if I dont get rid of the virus.

HIJACKTHIS.log

Logfile of HijackThis v1.99.0
Scan saved at 4:56:01 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\WINNT\UMCSTUB.EXE
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\nvsvc32.exe
C:\orant\bin\wdblsnr.exe
C:\orant\bin\ifsrv60.exe
C:\orant\bin\ifweb60.exe
C:\TNGRCO\RCManClient.exe
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\TNGSD\BIN\SDSERV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\SxpInst\sxplog32.exe
C:\WINNT\system32\svchost.exe
C:\TNGSD\BIN\TRIGGAG.EXE
\IS-NT-AMO1\AMAGENTS$\SWMWNT.EXE
\IS-NT-AMO1\AMAGENTS$\SWMNTDOG.EXE
C:\TNGSD\BIN\triggusr.exe
C:\Program Files\CA\eTrust\Antivirus\realmon.exe
C:\WINNT\system32\wsoptsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
C:\New Sbaskar\WinZip\WZQKPICK.EXE
C:\WINNT\explorer.exe
C:\New Sbaskar\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = indekalb;10.*;172.*;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {A290C541-8CBD-A670-FEDF-A8AFC765B5BE} - C:\WINNT\waifjf.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKCU\..\Run: [hBx2RTK8W] wsoptsvc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Session Authentication Agent 5.0.lnk = C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\New Sbaskar\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...43/QDow_AS2.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://isfmis2.co.de...tor/oajinit.exe
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Asset Management Agent - Computer Associates International, Inc. - C:\WINNT\UMCSTUB.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Oracle WebDb Listener - Unknown - C:\orant\bin\wdblsnr.exe
O23 - Service: OracleClientCache80 - Unknown - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Oracle Reports Server [Rep60_IS-1V1YN41] - Oracle Corp - C:\orant\bin\rwmts60.exe
O23 - Service: RCManClient - Computer Associates International, Inc. - C:\TNGRCO\RCManClient.exe
O23 - Service: Unicenter TNG RCO - Computer Associates International, Inc. - C:\TNGRCO\RCOService.exe
O23 - Service: Unicenter Software Delivery - Computer Accociates, Intl Inc. - C:\TNGSD\BIN\SDSERV.EXE


result.txt file from Hijackthis analyzer


===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/27/04
Get updates at http://www.greyknigh...ad.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:56:01 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\WINNT\UMCSTUB.EXE
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\orant\bin\wdblsnr.exe
C:\orant\bin\ifsrv60.exe
C:\orant\bin\ifweb60.exe
C:\TNGRCO\RCManClient.exe
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\TNGSD\BIN\SDSERV.EXE
C:\SxpInst\sxplog32.exe
C:\TNGSD\BIN\TRIGGAG.EXE
\IS-NT-AMO1\AMAGENTS$\SWMWNT.EXE
\IS-NT-AMO1\AMAGENTS$\SWMNTDOG.EXE
C:\TNGSD\BIN\triggusr.exe
C:\Program Files\CA\eTrust\Antivirus\realmon.exe
C:\WINNT\system32\wsoptsvc.exe
C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
C:\New Sbaskar\WinZip\WZQKPICK.EXE
C:\New Sbaskar\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = indekalb;10.*;172.*;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {A290C541-8CBD-A670-FEDF-A8AFC765B5BE} - C:\WINNT\waifjf.dll
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKCU\..\Run: [hBx2RTK8W] wsoptsvc.exe
O4 - Global Startup: Session Authentication Agent 5.0.lnk = C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\New Sbaskar\WinZip\WZQKPICK.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...43/QDow_AS2.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://isfmis2.co.de...tor/oajinit.exe
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Asset Management Agent - Computer Associates International, Inc. - C:\WINNT\UMCSTUB.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: Oracle WebDb Listener - Unknown - C:\orant\bin\wdblsnr.exe
O23 - Service: OracleClientCache80 - Unknown - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Oracle Reports Server [Rep60_IS-1V1YN41] - Oracle Corp - C:\orant\bin\rwmts60.exe
O23 - Service: RCManClient - Computer Associates International, Inc. - C:\TNGRCO\RCManClient.exe
O23 - Service: Unicenter TNG RCO - Computer Associates International, Inc. - C:\TNGRCO\RCOService.exe
O23 - Service: Unicenter Software Delivery - Computer Accociates, Intl Inc. - C:\TNGSD\BIN\SDSERV.EXE


End of HijackThis Analyzer Log.
===========================================================================================================================
  • 0

Advertisements


#2
ilhg245

ilhg245

    New Member

  • Member
  • Pip
  • 2 posts
Sorry - can't help. I'm just replying to say that I have the same problem with :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html

I delete them from hijack this, but they come right back!
  • 0

#3
collectore

collectore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Can someone take a look at the HiJackThis log and help me. This is on my PC at work. I am going to be in serious trouble if I do not get rid of it soon.


PLEASE HELP ME SOON.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP