View Full Version : Torpig, Viruses
mhow2006
2006-08-26, 23:14
Here is my Online Scan Log:
BitDefender Online Scanner
Scan report generated at: Sat, Aug 26, 2006 - 03:20:48
Scan path: A:\;C:\;M:\;N:\;
Statistics
Time
01:15:25
Files
322027
Folders
3712
Boot Sectors
2
Archives
6948
Packed Files
41531
Results
Identified Viruses
26
Infected Files
99
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
156
Engines Info
Virus Definitions
450809
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\TEMP\msn.exe
Infected with: Trojan.PWS.Sinowal.AH
C:\WINDOWS\TEMP\msn.exe
Disinfection failed
C:\WINDOWS\TEMP\msn.exe
Deleted
C:\WINDOWS\TEMP\$_3472452.EXE
Infected with: Trojan.PWS.Sinowal.AK
C:\WINDOWS\TEMP\$_3472452.EXE
Disinfection failed
C:\WINDOWS\TEMP\$_3472452.EXE
Deleted
C:\WINDOWS\SYSTEM\ibm00005.exe
Infected with: Trojan.PWS.Sinowal.AJ
C:\WINDOWS\SYSTEM\ibm00005.exe
Disinfection failed
C:\WINDOWS\SYSTEM\ibm00005.exe
Deleted
C:\WINDOWS\SYSTEM\ibm00005.dll
Infected with: Generic.PWStealer.271774E6
C:\WINDOWS\SYSTEM\ibm00005.dll
Disinfection failed
C:\WINDOWS\SYSTEM\ibm00005.dll
Delete failed
C:\WINDOWS\SYSTEM\ibm00002.dll
Infected with: Trojan.PWS.Sinowal.AH
C:\WINDOWS\SYSTEM\ibm00002.dll
Disinfection failed
C:\WINDOWS\SYSTEM\ibm00002.dll
Deleted
C:\WINDOWS\SYSTEM\ibm00003.dll
Infected with: Generic.PWStealer.271774E6
C:\WINDOWS\SYSTEM\ibm00003.dll
Disinfection failed
C:\WINDOWS\SYSTEM\ibm00003.dll
Deleted
C:\WINDOWS\SYSTEM\ibm00006.dll
Infected with: Trojan.PWS.Sinowal.AK
C:\WINDOWS\SYSTEM\ibm00006.dll
Disinfection failed
C:\WINDOWS\SYSTEM\ibm00006.dll
Delete failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\B181.TMP=>(Quarantine-4)
Infected with: Win32.Klez.H@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\B181.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\B173.TMP=>(Quarantine-4)
Infected with: Win32.Klez.H@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\B173.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\74.TMP=>(Quarantine-4)
Infected with: Win32.Klez.H@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\74.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Ty9070.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Ty9070.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Mpd42B5.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Mpd42B5.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Sm7212.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
mhow2006
2006-08-26, 23:15
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Sm7212.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\MkC185.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\MkC185.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Yfn7352.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Yfn7352.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Oac20B5.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Oac20B5.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Fq5321.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Fq5321.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Kd133.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Kd133.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Hbp3235.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Hbp3235.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Uca8383.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Uca8383.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\FfE024.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\FfE024.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Lna4186.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Lna4186.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Qkm71F0.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Qkm71F0.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Gfc90D1.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Gfc90D1.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\ManA310.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\ManA310.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Dnv3060.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Dnv3060.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Gw41B2.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Gw41B2.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Xon7101.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\Xon7101.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144213.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144213.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144214.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144214.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144215.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144215.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144216.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144216.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144217.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144217.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144218.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144218.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144219.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144219.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144220.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144220.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144221.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144221.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144222.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144222.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144223.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144223.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144224.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144224.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144225.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144225.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144226.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144226.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144227.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144227.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144228.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144228.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144229.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144229.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144230.RB0=>(Quarantine-4)
Infected with: Win32.Elkern.C
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\Backup\A0144230.RB0=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\30C4.TMP=>(Quarantine-4)
Infected with: Trojan.Killapp.30208.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\30C4.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\30C4.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\8304.TMP=>(Quarantine-4)
Infected with: Win32.Klez.H@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\8304.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\D194.TMP=>(Quarantine-4)
Infected with: Trojan.Downloader.Siboco.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\D194.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2304.TMP=>(Quarantine-4)
Infected with: Trojan.Dropper.Siboco.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2304.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2304.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D4.TMP=>(Quarantine-4)
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D4.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D4.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D3.TMP=>(Quarantine-4)
Detected with: Adware.Statmedia.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D3.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11D3.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11E0.TMP=>(Quarantine-4)
Infected with: Trojan.Small.I
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11E0.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\11E0.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F271.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F271.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F271.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1245.TMP=>(Quarantine-4)
Detected with: Adware.StatBlaster.WD
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1245.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1245.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F1E4.TMP=>(Quarantine-4)
Infected with: Trojan.Imk.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F1E4.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F1E4.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128274.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128274.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128274.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128293.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128293.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)=>A0128293.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\213.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F274.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F274.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F274.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F292.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F292.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\F292.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B0.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B0.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B0.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B2.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B2.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B2.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B3.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B3.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B3.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B4.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B4.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10B4.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C1.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C1.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C1.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C3.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C3.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10C3.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10F5.TMP=>(Quarantine-4)
Infected with: JS.Seeker.W
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10F5.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\10F5.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128274.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128274.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128274.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128293.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128293.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)=>A0128293.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\276.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128274.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128274.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128274.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128293.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128293.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)=>A0128293.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\331.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130399.CPY
Infected with: Trojan.SecondThought.L
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130399.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130399.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130403.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130403.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130403.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130655.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130655.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130655.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130670.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130670.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)=>A0130670.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1141.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130399.CPY
Infected with: Trojan.SecondThought.L
mhow2006
2006-08-26, 23:16
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130399.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130399.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130403.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130403.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130403.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130655.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130655.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130655.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130670.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130670.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)=>A0130670.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1174.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130950.CPY
Infected with: Trojan.SecondThought.L
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130950.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130950.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130955.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130955.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130955.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130956.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130956.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)=>A0130956.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1262.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1302.TMP=>(Quarantine-4)=>A0131487.CPY
Infected with: Trojan.STILEN.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1302.TMP=>(Quarantine-4)=>A0131487.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1302.TMP=>(Quarantine-4)=>A0131487.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\1302.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2053.TMP=>(Quarantine-4)=>A0132057.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2053.TMP=>(Quarantine-4)=>A0132057.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2053.TMP=>(Quarantine-4)=>A0132057.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\2053.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\20A4.TMP=>(Quarantine-4)=>A0132057.CPY
Infected with: MemScan:Trojan.Downloader.Small.ID
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\20A4.TMP=>(Quarantine-4)=>A0132057.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\20A4.TMP=>(Quarantine-4)=>A0132057.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\20A4.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137733.CPY
Infected with: Trojan.Sectho.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137733.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137733.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137734.CPY
Infected with: Trojan.Secondthought.A.Dam.2
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137734.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137734.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137735.CPY
Infected with: Dropped:Backdoor.Ruledor.E
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137735.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137735.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137737.CPY
Infected with: Trojan.Downloader.Agent.BB
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137737.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137737.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137738.CPY
Infected with: Trojan.Downloader.Small.PY
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137738.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137739.CPY
Infected with: Trojan.Secondthought.AB
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137739.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137739.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137740.CPY
Infected with: Trojan.Secondthought.AB
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137740.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137740.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137741.CPY
Infected with: Trojan.Secondthought.AB
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137741.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)=>A0137741.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\3140.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\32E2.TMP=>(Quarantine-4)=>A0148513.CPY
Infected with: Trojan.Killapp.30208.A
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\32E2.TMP=>(Quarantine-4)=>A0148513.CPY
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\32E2.TMP=>(Quarantine-4)=>A0148513.CPY
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\32E2.TMP=>(Quarantine-4)
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\60C3.TMP=>(Quarantine-4)
Infected with: Trojan.Spy.Delf.DX
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\60C3.TMP=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\60C3.TMP=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\334.TMP
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\325.TMP
Update failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Infected with: Win32.Sober.P@mm
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Disinfection failed
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip=>Winzipped-Text_Data.txt .pif
Deleted
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)=>account_info-text.zip
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)=>[Subject: Registration Confirmation][Date: Mon, 02 May 2005 23:11:47 GMT]=>(MIME part)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\333.TMP
Update failed
C:\23100247.exe
Infected with: Generic.Malware.dld!!.BD6CAA88
C:\23100247.exe
Disinfection failed
C:\23100247.exe
Deleted
mhow2006
2006-08-26, 23:18
Here is my Hijackthis Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:50:09 PM, on 8/26/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [shell] "C:\WINDOWS\SYSTEM\ibm00005.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AusVegas Games Update.lnk = C:\Program Files\Ausvegas\WiseUpdt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: CDpoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDpoker\casino.exe
O9 - Extra 'Tools' menuitem: CDpoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDpoker\casino.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Program Files\PurpleloungeMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Can someone please help me!! :eek:
Thanks,
Mary
mhow2006
2006-08-26, 23:48
Forgot to mention, my computer keeps freezing up and runs real slow. When I startup it displays an IBM00005 error. Spybot finds 2 entries for torpig, says it fixes them, but it is still there when i do the scan again and the IBM error is still there as well.
Thanks is advance for you help.
Mary
Hello,
If you have not resolved the problem, we have this sticky topic:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
LonnyRJones
2006-09-01, 12:56
Hello
Start Hijackthis and place a check next to these items If there.
http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKCU\..\Run: [shell] "C:\WINDOWS\SYSTEM\ibm00005.exe"
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan and fix with SpyBot then you antivirus program
Post a fresh hijackthis log please, be sure to mention any current problems.
mhow2006
2006-09-02, 13:06
I did everthing you said. I got an all clean from Spybot, but I still get an error at startup. It is a little different now though, it says:
"Windows cannot find "idm00005.exe". You may have typed the name incorrectly in the Run dialog, or another open program cannot find a system file. To search for a file, click the start button, and then click search."
New Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:05:17 AM, on 9/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AusVegas Games Update.lnk = C:\Program Files\Ausvegas\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Thanks again for your help,
Mary
LonnyRJones
2006-09-02, 16:25
Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.
type %windir%\system.ini >>logit.txt
echo.>>logit.txt
echo....................................... >>logit.txt
dir /b %windir%\SYSTEM\ibm0000* >>logit.txt
cls
echo finished.
notepad logit.txt
exit
Run check.bat and post back with the text that will open and close the dos box
mhow2006
2006-09-02, 22:33
Here is the report it gave me:
[boot]
oemfonts.fon=vgaoem.fon
shell=explorer.exe ibm00005.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\CURVES~1.SCR
[keyboard]
keyboard.dll=
oemansi.bin=
subtype=
type=4
[boot.description]
system.drv=Standard PC
keyboard.typ=Standard 101/102-Key or Microsoft Natural Keyboard
mouse.drv=Standard mouse
aspect=100,96,96
display.drv=NVIDIA GeForce2 GTS (HP)
[386Enh]
ebios=*ebios
woafont=dosapp.fon
mouse=*vmouse, msmouse.vxd
device=*dynapage
device=*vcd
device=*vpd
device=*int13
device=*enable
keyboard=*vkd
display=*vdd,*vflatd
EMMExclude=C000-CFFF
[NonWindowsApp]
TTInitialSizes=4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22
[power.drv]
[drivers]
wavemapper=*.drv
MSACM.imaadpcm=*.acm
MSACM.msadpcm=*.acm
wave=mmsystem.dll
midi=mmsystem.dll
[iccvid.drv]
[mciseq.drv]
[mci]
cdaudio=mcicda.drv
sequencer=mciseq.drv
waveaudio=mciwave.drv
avivideo=mciavi.drv
videodisc=mcipionr.drv
vcr=mcivisca.drv
MPEGVideo=mciqtz.drv
MPEGVideo2=mciqtz.drv
WinDVD=ivimci.drv
[vcache]
[MSNP32]
[Password Lists]
default=C:\WINDOWS\default.PWL
HP AUTHORIZED CUSTOM=C:\WINDOWS\Hpauthor.pwl
HP CUSTOMER=C:\WINDOWS\HPCUSTOM.PWL
[MSNP32]
[drivers32]
msacm.lhacm=lhacm.acm
VIDC.VDOM=vdowave.drv
msacm.msaudio1=msaud32.acm
msacm.sl_anet=sl_anet.acm
MSACM.imaadpcm=imaadp32.acm
MSACM.msadpcm=msadp32.acm
MSACM.msgsm610=msgsm32.acm
MSACM.msg711=msg711.acm
MSACM.trspch=tssoft32.acm
vidc.CVID=iccvid.dll
VIDC.IV31=ir32_32.dll
VIDC.IV32=ir32_32.dll
vidc.MSVC=msvidc32.dll
VIDC.MRLE=msrle32.dll
msacm.msg723=msg723.acm
vidc.M263=msh263.drv
vidc.M261=msh261.drv
VIDC.IV50=ir50_32.dll
msacm.iac2=C:\WINDOWS\SYSTEM\IAC25_32.AX
msacm.l3acm=C:\WINDOWS\SYSTEM\L3CODECA.ACM
msacm.msadpcm1=msadp32.acm
VIDC.YUY2=msyuv.dll
VIDC.UYVY=msyuv.dll
VIDC.YVYU=msyuv.dll
VIDC.WMV3=wmv9vcm.dll
[TTFontDimenCache]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22
......................................
ibm00005.dll
ibm00006.dll
LonnyRJones
2006-09-03, 00:51
Thanks
Manualy delete these two files
C:\WINDOWS\SYSTEM\ibm00005.dll
C:\WINDOWS\SYSTEM\ibm00006.dll
Go start run copy then paste in (or type in)
notepad %windir%\system.ini
hit enter or press ok
on this line >> shell=explorer.exe ibm00005.exe
edit out ibm00005.exe
exit notepad and save as exiting
be sure to leave shell=explorer.exe
mhow2006
2006-09-03, 03:33
Thank you, thank you, THANK YOU!!! :D: That did the trick. :bigthumb: Is my system clean now?
Fresh Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:32:42 PM, on 9/2/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\SYSTEM\HPZTSB01.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb01.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AusVegas Games Update.lnk = C:\Program Files\Ausvegas\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
Thanks again,
Mary
LonnyRJones
2006-09-03, 13:35
Looks fine Mary
C:\Program Files\Trend Micro\Internet Security\QUARANTINE < delete contents
C:\WINDOWS\TEMP < delete contents
If after a week there are no problems it would be a good idea to purge system restore
Right-click the My Computer icon on the Desktop and click Properties.
Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Next go back and Re-enable System Restore
by unchecking Disable System Restore
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
mhow2006
2006-09-03, 18:20
Way ahead of ya! :D: I've been at it all night. I downloaded the host file above and all the other stuff from the other link, and am pretty satisfied now that my computer is protected. Fingers crossed it will stay that way!!
Thanks a million!!!
Mary
As the problem appears to be resolved this topic has been archived. :bigthumb:
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Glad we could help.