Jump to content
Sign in to follow this  
Razor

Please help...hijackthis log included...would appreciate it!

Recommended Posts

Hi Guys,

 

I need help, sorry for the long post...

 

My laptop is running XP Media Edition

Running Trend Micro PC-Cillin Internet Security 2006

Notification window pops up from Trend Micro

 

Notification

 

 

Real-time Protection

Real-time Protection has detected a virus, spyware, or other security risk, and performed the action specified.

 

.

Action taken: Denied Access.

.

Incident name: C:\WINDOWS\TEMP\win57.tmp

Detection name: DIAL_RELAID.J

User name: Xxxxx

Note: If Search for and clean Trojans is turned on and executed after scanning, click Next to view the final action taken.

 

 

 

 

also trend micro pops up an attention bubble on the task bar stating that the website that your accessing cannot be rated. A server or internet connection error occured. Check your internet connection and try again.

 

my internet connection is kinda slow as well not like normal (Broadband 2).

 

 

I've used/run to try and get rid of it with the following softwares with new version and updates:

 

A2 Guard

Spybot

Look2Me-Destroyer

Ad-Aware Se

CounterSpy

Trojan Remover

Trojan Hunter (keeps hanging whenever i try to do scan)

 

Can anyone please help or advice to what I should try to make this trojan/virus off my computer?

 

Thanks in advance

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 7:31:17 PM, on 15/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\00THotkey.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared\a2guard.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

 

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

O4 - HKLM\..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Dmos] "C:\WINDOWS\YSTEM~1\javaw.exe" -vt yax

O4 - HKCU\..\Run: [iapykba] C:\WINDOWS\system32\??crosoft\w?auclt.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1162

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14AEDB8D-1AF2-4430-B871-5853E0E7C3CC}: NameServer = 192.168.1.1

O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Share this post


Link to post
Share on other sites

Hi, I am currently running PC Chillin (Trend) as well and am getting the same message and am having the same problem trying to remove it......I am comming to my wits end and about to say the hell with it and re format the computer because of this damn thing. Anyhow if anyone has a fix I would like to hear about it as well. I noticed Trends Japanese website has an entry referring to dial_relaid.j but the solution they give does not seem to work.

 

 

Bradsf,

 

:nono:

 

Please start your own post with a HijackThis log:

http://pcpitstop.invisionzone.com/index.php?showforum=25

 

Thank you.

Edited by FZWG

Share this post


Link to post
Share on other sites

Razor,

 

Please download Ewido Anti-Malware:

http://www.ewido.net/en/download/

Press: Download Now

In the folder where Ewido is located, double click the Ewido Setup file

Follow the prompts and reboot when done.

When the prompt with Additional Options appears, uncheck:

Install background guard

Install scan via context menu

 

Now, double click the ‘e’ on the Desktop, or, go to Start > All Programs > Ewido

When the program starts, do an online update for the latest signature files

Close the program for now.

 

Run HijackThis, Scan

Check box for:

 

O4 - HKCU\..\Run: [iapykba] C:\WINDOWS\system32\??crosoft\w?auclt.exe

 

O20 - Winlogon Notify: winjks32 - C:\WINDOWS\SYSTEM32\winjks32.dll

 

Select: Fix checked

 

Next, enable the viewing of Hidden Files and Folders :

-At your Desktop, go to Start>My Computer

-Select the Tools menu and then Folder Options

-After the new window appears select the View tab

-Select: Display the contents of system folders

-Under the Hidden files and folders section select: Show hidden files and folders

-Remove the checkmark from Hide file extensions for known file types

-Remove the checkmark from Hide protected operating system files (Recommended)

-Press the Apply button

Click OK

 

Then, reboot to Safe Mode :

-Restart your computer.

-When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.

-Select the option for Safe Mode using the arrow keys.

-Press Enter to boot into Safe Mode.

 

Search for and delete the following files (bold):

C:\WINDOWS\SYSTEM32\winjks32.dll

C:\WINDOWS\system32\??crosoft\w?auclt.exe <-Note the spelling!!

 

Run Ewido.

Next, click on: Complete System Scan

 

The scan may find malware entries and request action to clean up. Agree.

 

Once the scan has completed, click: Save Report

Save the report to the Ewido folder

 

When Ewido is done, reboot.

 

Run a Panda online ActiveScan

http://www.pandasoftware.com/products/activescan.htm

 

On the top right go to: Free Use ActiveScan

Select: Free online virus scan

 

In the prompt that appears: Panda ActiveScan, select the green button: Check Now! At no cost.

 

Follow the prompts, provide the required info, select: Scan Now!

Allow the ActiveX download.

 

Select a device to scan: Local Disks

 

Next, select: See Report

Then select, Save Report and save to a location where you can find it.

 

Please provide the Panda ActiveScan report, the Ewido report, and a new HijackThis log in your response.

Share this post


Link to post
Share on other sites

Hello again, I read the reply to Razors post and I went about doing it on my computer, updated Ewido ran in safe mode has seemed to eliminate dial_relaid.j I am current not getting any more popups from Trend and things seem to be back to normal. Just my two bits.

 

Thanks

Brad

Share this post


Link to post
Share on other sites

Bradsf,

 

Glad this worked for you, however, I still think you should start your own topic, and post your own HijackThis log to make sure all is well.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...