SmitfraudFix and HijackThis log (for removing Critical System Errors warning icon )

SmitFraudFix v2.119 Scan done at 16:07:12.61, 2006/11/08 Run from C:\Documents and Settings\Tsena\デスクトップ\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\ ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\system ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\Web ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\system32 C:\WINDOWS\system32\okkmtv.dll FOUND ! ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\system32\LogFiles ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Documents and Settings\Tsena ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Documents and Settings\Tsena\Application Data ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Start Menu ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Desktop ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Program Files C:\Program Files\iVideoCodec\ FOUND ! ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Corrupted keys ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="現在のホーム ページ" ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask Scheduler] "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells" [HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} \InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ pe386-msguard-lzx32 ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Scanning wininet.dll infection ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ End Logfile of HijackThis v1.99.1 Scan saved at 16:17:26, on 2006/11/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\SigmaTel\SigmaTel AC97 オーディオ ドライバ\stacmon.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Documents and Settings\Tsena\デスクトップ\HiJackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: The翻訳インターネット V9.0 - {E22DDC73-5644-40b8-A62A-061EA0F5C7A6} - C:\Program Files\TTI_V9LE\def_bar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 オーディオ ドライバ\stacmon.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Bluesocket] "C:\Program Files\Bluesocket MS IPSec Config Tool\Bluesocket MS IPsec Config Tool.exe" O4 - HKLM\..\Run: [IMJPMIG9.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\imjprmzb.exe" /RmZombie O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V9LE\addins\Ie\afi_pagetran.htm O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V9LE\addins\Ie\afi_seltran.htm O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V9LE\addins\Ie\afi_setdlg.htm O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V9LE\addins\Ie\ttp_showdic.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe O9 - Extra 'Tools' menuitem: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: ページ翻訳 - {EE8CA0E1-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_pagetran.htm O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {EE8CA0E1-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_pagetran.htm O9 - Extra button: (no name) - {EE8CA0E7-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\ttp_showdic.htm O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {EE8CA0E7-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\ttp_showdic.htm O9 - Extra button: (no name) - {EE8CA0E8-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_seltran.htm O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {EE8CA0E8-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_seltran.htm O9 - Extra button: (no name) - {EE8CA0EA-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_setdlg.htm O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {EE8CA0EA-B126-4ee6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\addins\Ie\afi_setdlg.htm O9 - Extra button: 辞書バー - {EE8CA0EC-B126-4EE6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\IeTbandTate.dll O9 - Extra button: 翻訳バー - {EE8CA0EE-B126-4EE6-A74B-81491B91D579} - C:\Program Files\TTI_V9LE\IeTbandYoko.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htm O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: System - {2078918B-A0BF-407E-9CE6-67E9C686D7C5} - mcsys.dll (file missing) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe O23 - Service: Bluesocket IPSec Service (BlueService) - Unknown owner - C:\Program Files\Bluesocket MS IPSec Config Tool\BlueService.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe