|
Logfile of HijackThis v1.99.1 - djadhd
Here is what you should do.
End the below suspicious process :
c: \ windows \ system32 \ ijogkui.exe
Remove these search keys:
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: fasterhomepage.com
R3 - URLSearchHook: (no name) - {04079856-5845-4dea-848C-3ECD647AA554} - C: \ Program Files \ MySearch \ SrchAstt \ 2.bin \ MYSRCHAS.DLL
Remove these additional browser plug-in keys (O2...O4):
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C: \ PROGRA~1 \ SPYWAR~1 \ tools \ iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C: \ PROGRA~1 \ SPYWAR~1 \ tools \ iesdpb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C: \ Program Files \ MySearch \ bar \ 2.bin \ S4BAR.DLL
Remove these extra items in IE menu (O8...O9):
O9 - Extra button: WASAY - {7CC7BC40-F3C1-11d5-92DC-0050BADF3970} - wasay.com (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C: \ Program Files \ IDA \ ida.exe (file missing)
O9 - Extra ´Tools´ menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C: \ Program Files \ IDA \ ida.exe (file missing)
Reboot the computer and put it to safe mode. Then delete these files from your C: drive.
c: \ windows \ system32 \ ijogkui.exe
Original log:
Scan saved at 8:37:53 PM, on 4 / 17 / 2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ netdde.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ System32 \ DRIVERS \ CDANTSRV.EXE
C: \ WINDOWS \ system32 \ clipsrv.exe
C: \ WINDOWS \ System32 \ dllhost.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ PROGRA~1 \ VCOM \ Fix-It \ mxtask.exe
C: \ WINDOWS \ System32 \ tcpsvcs.exe
C: \ WINDOWS \ System32 \ vssvc.exe
c: \ windows \ system32 \ ijogkui.exe
C: \ Wasay \ ProMagic \ wspmsv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ PROGRA~1 \ ALWILS~1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ Microsoft IntelliPoint \ point32.exe
C: \ WINDOWS \ Mixer.exe
C: \ WINDOWS \ System32 \ RunDll32.exe
C: \ PROGRA~1 \ MUSICM~1 \ MUSICM~2 \ MMDiag.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mim.exe
C: \ WINDOWS \ System32 \ ctfmon.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Documents and Settings \ squidley \ Desktop \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: fasterhomepage.com
R3 - URLSearchHook: (no name) - {04079856-5845-4dea-848C-3ECD647AA554} - C: \ Program Files \ MySearch \ SrchAstt \ 2.bin \ MYSRCHAS.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C: \ PROGRA~1 \ SPYWAR~1 \ tools \ iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C: \ PROGRA~1 \ SPYWAR~1 \ tools \ iesdpb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C: \ Program Files \ MySearch \ bar \ 2.bin \ S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ System32 \ msdxm.ocx
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA~1 \ ALWILS~1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [DiskeeperSystray] "C: \ Program Files \ Executive Software \ Diskeeper \ DkIcon.exe"
O4 - HKLM \ .. \ Run: [MimBoot] C: \ PROGRA~1 \ MUSICM~1 \ MUSICM~2 \ mimboot.exe
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ point32.exe"
O4 - HKLM \ .. \ Run: [C-Media Mixer] Mixer.exe / startup
O4 - HKLM \ .. \ Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM \ .. \ Run: [seaWDurlIE] C: \ WINDOWS \ System32 \ seaWDurlIE.exe
O4 - HKLM \ .. \ Run: [jfzwftr] c: \ windows \ system32 \ ijogkui.exe
O4 - HKCU \ .. \ Run: [Spyware Doctor] "C: \ Program Files \ Spyware Doctor \ swdoctor.exe" / Q
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ System32 \ ctfmon.exe
O8 - Extra context menu item: Download ALL with IDA - C: \ Program Files \ IDA \ idaieall.htm
O8 - Extra context menu item: Download with IDA - C: \ Program Files \ IDA \ idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res: / / C: \ PROGRA~1 \ MICROS~2 \ Office10 \ EXCEL.EXE / 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \ Program Files \ Java \ jre1.5.0_02 \ bin \ npjpi150_02dll
O9 - Extra ´Tools´ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \ Program Files \ Java \ jre1.5.0_02 \ bin \ npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C: \ PROGRA~1 \ SPYWAR~1 \ tools \ iesdpb.dll
O9 - Extra button: WASAY - {7CC7BC40-F3C1-11d5-92DC-0050BADF3970} - wasay.com (file missing)
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C: \ Program Files \ IDA \ ida.exe (file missing)
O9 - Extra ´Tools´ menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C: \ Program Files \ IDA \ ida.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C: \ WINDOWS \ System32 \ shdocvw.dll
O9 - Extra ´Tools´ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C: \ WINDOWS \ System32 \ shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O9 - Extra ´Tools´ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C: \ WINDOWS \ web \ related.htm
O16 - DPF: WebControlDeploy - https: / / grouper.com / v1 / GrouperSetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - website: a840.g.akamai.net / 7 / 840 / 537 / 2004061001 / housecall.trendmicro.com / housecall / xscan53.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe" / service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe" / service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C: \ WINDOWS \ System32 \ DRIVERS \ CDANTSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C: \ PROGRA~1 \ VCOM \ Fix-It \ mxtask.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C: \ WINDOWS \ System32 \ inetsrv \ inetinfo.exe (file missing)
O23 - Service: FTP Publishing (MSFtpsvc) - Unknown owner - C: \ WINDOWS \ System32 \ inetsrv \ inetinfo.exe (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C: \ WINDOWS \ System32 \ snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C: \ WINDOWS \ System32 \ snmptrap.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C: \ WINDOWS \ svcproc.exe
O23 - Service: WasayPMsv - WASAY Software Technology - C: \ Wasay \ ProMagic \ wspmsv.exe
Reference:
|
Post your comment