Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis log

Started by collectore , Dec 29 2004 04:09 PM

  • Please log in to reply

#1
collectore
Posted 29 December 2004 - 04:09 PM

collectore

    New Member

  • Member
  • Pip
  • 2 posts
I have been getting annoying pop up ads for the past 3 weeks month.
I closed all the applications before I did the following.

I have downloaded ad aware and scanned my PC and deleted the files that had problem. I then downloaded the latest version of hijack this and ran it. Below is the hijackthis.log. Also I ran Hijack This analyzer. It created result.txt file. I am posting that as well.
PLEASE HELP ME!!!! This is my PC at work. I will be trouble if I dont get rid of the virus.

HIJACKTHIS.log

Logfile of HijackThis v1.99.0
Scan saved at 4:56:01 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\WINNT\UMCSTUB.EXE
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\nvsvc32.exe
C:\orant\bin\wdblsnr.exe
C:\orant\bin\ifsrv60.exe
C:\orant\bin\ifweb60.exe
C:\TNGRCO\RCManClient.exe
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\TNGSD\BIN\SDSERV.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\SxpInst\sxplog32.exe
C:\WINNT\system32\svchost.exe
C:\TNGSD\BIN\TRIGGAG.EXE
\IS-NT-AMO1\AMAGENTS$\SWMWNT.EXE
\IS-NT-AMO1\AMAGENTS$\SWMNTDOG.EXE
C:\TNGSD\BIN\triggusr.exe
C:\Program Files\CA\eTrust\Antivirus\realmon.exe
C:\WINNT\system32\wsoptsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
C:\New Sbaskar\WinZip\WZQKPICK.EXE
C:\WINNT\explorer.exe
C:\New Sbaskar\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = indekalb;10.*;172.*;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {A290C541-8CBD-A670-FEDF-A8AFC765B5BE} - C:\WINNT\waifjf.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKCU\..\Run: [hBx2RTK8W] wsoptsvc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Session Authentication Agent 5.0.lnk = C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\New Sbaskar\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...43/QDow_AS2.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://isfmis2.co.de...tor/oajinit.exe
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Asset Management Agent - Computer Associates International, Inc. - C:\WINNT\UMCSTUB.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Oracle WebDb Listener - Unknown - C:\orant\bin\wdblsnr.exe
O23 - Service: OracleClientCache80 - Unknown - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Oracle Reports Server [Rep60_IS-1V1YN41] - Oracle Corp - C:\orant\bin\rwmts60.exe
O23 - Service: RCManClient - Computer Associates International, Inc. - C:\TNGRCO\RCManClient.exe
O23 - Service: Unicenter TNG RCO - Computer Associates International, Inc. - C:\TNGRCO\RCOService.exe
O23 - Service: Unicenter Software Delivery - Computer Accociates, Intl Inc. - C:\TNGSD\BIN\SDSERV.EXE


result.txt file from Hijackthis analyzer


===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/27/04
Get updates at http://www.greyknigh...ad.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:56:01 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\CA\Common\Alert\ALERT.EXE
C:\WINNT\UMCSTUB.EXE
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\orant\bin\wdblsnr.exe
C:\orant\bin\ifsrv60.exe
C:\orant\bin\ifweb60.exe
C:\TNGRCO\RCManClient.exe
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\TNGSD\BIN\SDSERV.EXE
C:\SxpInst\sxplog32.exe
C:\TNGSD\BIN\TRIGGAG.EXE
\IS-NT-AMO1\AMAGENTS$\SWMWNT.EXE
\IS-NT-AMO1\AMAGENTS$\SWMNTDOG.EXE
C:\TNGSD\BIN\triggusr.exe
C:\Program Files\CA\eTrust\Antivirus\realmon.exe
C:\WINNT\system32\wsoptsvc.exe
C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
C:\New Sbaskar\WinZip\WZQKPICK.EXE
C:\New Sbaskar\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = indekalb;10.*;172.*;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: (no name) - {A290C541-8CBD-A670-FEDF-A8AFC765B5BE} - C:\WINNT\waifjf.dll
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKCU\..\Run: [hBx2RTK8W] wsoptsvc.exe
O4 - Global Startup: Session Authentication Agent 5.0.lnk = C:\Program Files\CheckPoint\Session Authentication Agent\PROGRAM\fwsession.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\New Sbaskar\WinZip\WZQKPICK.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...43/QDow_AS2.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://isfmis2.co.de...tor/oajinit.exe
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\Common\Alert\ALERT.EXE
O23 - Service: Asset Management Agent - Computer Associates International, Inc. - C:\WINNT\UMCSTUB.EXE
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: Oracle WebDb Listener - Unknown - C:\orant\bin\wdblsnr.exe
O23 - Service: OracleClientCache80 - Unknown - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Oracle Reports Server [Rep60_IS-1V1YN41] - Oracle Corp - C:\orant\bin\rwmts60.exe
O23 - Service: RCManClient - Computer Associates International, Inc. - C:\TNGRCO\RCManClient.exe
O23 - Service: Unicenter TNG RCO - Computer Associates International, Inc. - C:\TNGRCO\RCOService.exe
O23 - Service: Unicenter Software Delivery - Computer Accociates, Intl Inc. - C:\TNGSD\BIN\SDSERV.EXE


End of HijackThis Analyzer Log.
===========================================================================================================================
  • 0

Advertisements

#2
ilhg245
Posted 29 December 2004 - 06:54 PM

ilhg245

    New Member

  • Member
  • Pip
  • 2 posts
Sorry - can't help. I'm just replying to say that I have the same problem with :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html

I delete them from hijack this, but they come right back!
  • 0

#3
collectore
Posted 30 December 2004 - 09:37 AM

collectore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Can someone take a look at the HiJackThis log and help me. This is on my PC at work. I am going to be in serious trouble if I do not get rid of it soon.


PLEASE HELP ME SOON.

Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP