Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log For Diagnosis


  • Please log in to reply
1 reply to this topic

#1 Arunz

Arunz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 04 October 2006 - 01:25 AM

Pls help me

Logfile of HijackThis v1.99.1
Scan saved at 15:05:26, on 2006/10/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update1.exe2560.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\plustlnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\LogoVista\KoryaIppatsu\TouchTrans\LogoVista TouchTrans.exe
C:\PROGRA~1\LOGOVI~1\KORYAI~1\KWTRAN~1\KWTRAN~1.EXE
C:\PROGRA~1\LOGOVI~1\KORYAI~1\KWTRAN~1\TRLD95.DLL
C:\PROGRA~1\LOGOVI~1\KORYAI~1\KWTRAN~1\KEIT95.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hijackthis.zip の一時ディレクトリ 2\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17F8ACF9-D092-180A-23FF-0B622CCD65DB} - C:\WINDOWS\System32\ldjfgpb.dll
O2 - BHO: (no name) - {23FFE7CD-6B82-94D2-B88B-070DD4C7D899} - C:\WINDOWS\System32\myykfci.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [myykfci.dll] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\myykfci.dll,yhlqjzf
O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update1.exe2560.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: コリャ英和!(&A) ホームページ翻訳(英和文) - res://C:\PROGRA~1\LOGOVI~1\KORYAI~1\KEWEBP~1\KEWEBC~1.EXE/208
O8 - Extra context menu item: コリャ英和!(&:thumbsup: ホームページ翻訳(和文) - res://C:\PROGRA~1\LOGOVI~1\KORYAI~1\KEWEBP~1\KEWEBC~1.EXE/207
O8 - Extra context menu item: コリャ英和!(&C) 電子辞書 - res://C:\PROGRA~1\LOGOVI~1\KORYAI~1\EWDICT~1\EWDICT~1.EXE/160
O8 - Extra context menu item: コリャ英和!(&D) 英文読み上げ - res://C:\PROGRA~1\LOGOVI~1\KORYAI~1\TAMASP~1\TAMASP~1.EXE/210
O8 - Extra context menu item: コリャ英和!(&E) 音声設定 - res://C:\PROGRA~1\LOGOVI~1\KORYAI~1\TAMASP~1\TAMASP~1.EXE/211
O8 - Extra context menu item: コリャ英和!(&F) 辞書バーで辞書引き - res://C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll/242
O8 - Extra context menu item: コリャ英和!(&G) 翻訳タテバーで翻訳 - res://C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll/243
O8 - Extra context menu item: コリャ英和!(&H) 翻訳ヨコバーで翻訳 - res://C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll/244
O9 - Extra button: Korya Translate H Bar - {CC726B41-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya Translate H Bar - {CC726B41-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya Translate V Bar - {CC726B42-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya Translate V Bar - {CC726B42-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya Dictionary V Bar - {CC726B43-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya Dictionary V Bar - {CC726B43-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya dictionary browser - {CC726B51-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya &dictionary browser - {CC726B51-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya preferences editor - {CC726B52-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya p&references editor - {CC726B52-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya User Dictionary Editor - {CC726B53-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya &User Dictionary Editor - {CC726B53-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya Translate Page - {CC726B55-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya Translate &Page - {CC726B55-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya Translate Page - {CC726B56-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya Translate &Page - {CC726B56-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya &speak English - {CC726B61-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya &speak English - {CC726B61-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Korya &speak setting - {CC726B62-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra 'Tools' menuitem: Korya &speak setting - {CC726B62-5F63-11d3-A83F-00E0292B5772} - C:\Program Files\LogoVista\KoryaIppatsu\KETransBar\KETransBar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158478929218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158478919609
O20 - AppInit_DLLs: ole2ir41.dll cpuifile.dll
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: plustlnt - C:\WINDOWS\System32\plustlnt.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: fNeLX - {88E3645B-2249-CEF1-D1A3-08A68E07B4FF} - (no file)
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by Arunz, 04 October 2006 - 01:44 AM.


BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:44 AM

Posted 11 October 2006 - 07:26 PM

Hello Arunz and welcome to the BC HijackThis forum. Let's start out with a scan by Ewido.

First download ewido anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode.
Now run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with the results of the Ewido scan and details of any problems you encountered performing the above steps and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users