You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
wat did i need to deleted?
- Thread starter ubeyou
- Start date
- Status
- Not open for further replies.
sry, because my AVG found this, and then i open a topic say can i delete, all of them say can^^thx
this is my result
Logfile of HijackThis v1.99.1
Scan saved at 6:26:26 AM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 17, 2005 07:31:28
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/12/2005
Kaspersky Anti-Virus database records: 155589
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 102179
Number of viruses found: 6
Number of infected objects: 65
Number of suspicious objects: 1
Duration of the scan process: 3840 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP1\A0000065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004083.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004143.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004174.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004195.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004239.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP14\A0005240.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005322.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005352.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007483.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007529.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007558.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008559.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0009746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0010746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0011746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0012746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0013746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0014746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0015747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0015776.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016777.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017824.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017880.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017881.exe Infected: Trojan-Downloader.Win32.Agent.xg
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017913.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017924.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0018006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP21\A0019006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP22\A0019025.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019206.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019280.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020327.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0021347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022366.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024418.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024432.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024624.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024645.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP27\A0024899.dll Infected: SpamTool.Win32.Mailbot.e
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0000386.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002798.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002809.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002831.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0003040.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0004007.sys Infected: SpamTool.Win32.Mailbot.b
C:\WINDOWS\system32\drivers\i386p.sys Infected: SpamTool.Win32.Mailbot.b
C:\WINDOWS\system32\msctl32.dll Infected: SpamTool.Win32.Mailbot.l
D:\RO hack\wpeproalpha0_9a.zip/WPE PRO.exe Infected: Sniffer.Win32.WpePro.a
D:\RO hack\wpeproalpha0_9a.zip/WpeSpy.dll Infected: Sniffer.Win32.WpePro.a
D:\RO hack\wpeproalpha0_9a.zip Infected: Sniffer.Win32.WpePro.a
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP2\A0000181.exe Suspicious: Type_Win32
Scan process completed.
this is my result
Logfile of HijackThis v1.99.1
Scan saved at 6:26:26 AM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 17, 2005 07:31:28
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/12/2005
Kaspersky Anti-Virus database records: 155589
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 102179
Number of viruses found: 6
Number of infected objects: 65
Number of suspicious objects: 1
Duration of the scan process: 3840 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP1\A0000065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004083.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004143.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004174.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004195.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004239.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP14\A0005240.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005322.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005352.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007483.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007529.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007558.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008559.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0009746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0010746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0011746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0012746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0013746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0014746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0015747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0015776.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016777.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017824.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017880.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017881.exe Infected: Trojan-Downloader.Win32.Agent.xg
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017913.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017924.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0018006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP21\A0019006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP22\A0019025.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019206.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019280.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020327.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0021347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022366.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024418.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024432.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024624.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024645.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP27\A0024899.dll Infected: SpamTool.Win32.Mailbot.e
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0000386.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002798.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002809.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002831.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0003040.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0004007.sys Infected: SpamTool.Win32.Mailbot.b
C:\WINDOWS\system32\drivers\i386p.sys Infected: SpamTool.Win32.Mailbot.b
C:\WINDOWS\system32\msctl32.dll Infected: SpamTool.Win32.Mailbot.l
D:\RO hack\wpeproalpha0_9a.zip/WPE PRO.exe Infected: Sniffer.Win32.WpePro.a
D:\RO hack\wpeproalpha0_9a.zip/WpeSpy.dll Infected: Sniffer.Win32.WpePro.a
D:\RO hack\wpeproalpha0_9a.zip Infected: Sniffer.Win32.WpePro.a
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP2\A0000181.exe Suspicious: Type_Win32
Scan process completed.
Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run hijackthis and fix the following entrys...
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
Run Ewido and let it clean the PC.
Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.
C:\WINDOWS\system32\drivers\i386p.sys
C:\WINDOWS\system32\msctl32.dll
D:\RO hack\wpeproalpha0_9a.zip
Once you reboot...post anothe hijackthis and Kaspersky log.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option) - Cleanup! All Users
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run hijackthis and fix the following entrys...
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
Run Ewido and let it clean the PC.
Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.
C:\WINDOWS\system32\drivers\i386p.sys
C:\WINDOWS\system32\msctl32.dll
D:\RO hack\wpeproalpha0_9a.zip
Once you reboot...post anothe hijackthis and Kaspersky log.
MicroBell, i can't delete
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
once i delete it, then it came out again....
Logfile of HijackThis v1.99.1
Scan saved at 1:54:11 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\DesktopX.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HJT\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [IDManLoader] "D:\sss\idm v4.xx & v5.xx universal loader.exe" Auto
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 18, 2005 15:03:33
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/12/2005
Kaspersky Anti-Virus database records: 155743
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 108876
Number of viruses found: 6
Number of infected objects: 66
Number of suspicious objects: 1
Duration of the scan process: 2846 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP1\A0000065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004083.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004143.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004174.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004195.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004239.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP14\A0005240.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005322.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005352.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007483.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007529.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007558.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008559.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0009746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0010746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0011746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0012746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0013746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0014746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0015747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0015776.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016777.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017824.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017880.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017881.exe Infected: Trojan-Downloader.Win32.Agent.xg
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017913.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017924.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0018006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP21\A0019006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP22\A0019025.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019206.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019280.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020327.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0021347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022366.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024418.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024432.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024624.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024645.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP27\A0024899.dll Infected: SpamTool.Win32.Mailbot.e
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025836.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025837.dll Infected: SpamTool.Win32.Mailbot.l
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025842.dll Infected: SpamTool.Win32.Mailbot.l
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025843.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0000386.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002798.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002809.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002831.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0003040.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0004007.sys Infected: SpamTool.Win32.Mailbot.b
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP2\A0000181.exe Suspicious: Type_Win32
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025770.exe/run.exe Infected: Trojan-Downloader.Win32.Adload.j
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025770.exe Infected: Trojan-Downloader.Win32.Adload.j
Scan process completed.
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
once i delete it, then it came out again....
Logfile of HijackThis v1.99.1
Scan saved at 1:54:11 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\DesktopX.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HJT\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [IDManLoader] "D:\sss\idm v4.xx & v5.xx universal loader.exe" Auto
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [LimeWire Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QQFace (Universal Disk Manager) - Unknown owner - C:\Program Files\Common Files\SAND\qqfacerclient.exe (file missing)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 18, 2005 15:03:33
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/12/2005
Kaspersky Anti-Virus database records: 155743
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 108876
Number of viruses found: 6
Number of infected objects: 66
Number of suspicious objects: 1
Duration of the scan process: 2846 sec
Infected Object Name - Virus Name
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP1\A0000065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004065.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004083.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004143.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004174.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004195.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP11\A0004239.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP14\A0005240.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005322.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005352.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0005393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006393.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0006412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007412.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007483.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007529.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0007558.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008559.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0008747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0009746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0010746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0011746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0012746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0013746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0014746.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP16\A0015747.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0015776.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016777.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0016813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017813.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP17\A0017824.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017880.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017881.exe Infected: Trojan-Downloader.Win32.Agent.xg
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017913.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0017924.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP20\A0018006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP21\A0019006.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP22\A0019025.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019206.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019280.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0019306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020306.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020327.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0020347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0021347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022347.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022366.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP23\A0022389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024389.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024418.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP24\A0024432.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024624.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP25\A0024645.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP27\A0024899.dll Infected: SpamTool.Win32.Mailbot.e
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025836.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025837.dll Infected: SpamTool.Win32.Mailbot.l
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025842.dll Infected: SpamTool.Win32.Mailbot.l
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025843.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0000386.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002798.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002809.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP6\A0002831.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0003040.sys Infected: SpamTool.Win32.Mailbot.b
C:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP7\A0004007.sys Infected: SpamTool.Win32.Mailbot.b
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP2\A0000181.exe Suspicious: Type_Win32
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025770.exe/run.exe Infected: Trojan-Downloader.Win32.Adload.j
D:\System Volume Information\_restore{3A6F9E15-699B-40D0-9CC3-9ECBBD4476DA}\RP36\A0025770.exe Infected: Trojan-Downloader.Win32.Adload.j
Scan process completed.
- Status
- Not open for further replies.
Similar threads
- Replies
- 0
- Views
- 2K
- Replies
- 1
- Views
- 3K
