Home / Software / Computer viruses and spyware / some1 says i am infected
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: 1 [2]  All - (Bottom) Print
Author Topic: some1 says i am infected  (Read 1985 times)
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #15 on: January 20, 2009, 04:27:23 AM »
yes im on firefox now thx. ok now i just got a bubble that said taking out memory and i tried to download ad-ware ae and said i dont have enough memory. i used defragmenter and said i have 63% storage not used my firewall has been deleted im messed right up.
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #16 on: January 20, 2009, 06:20:12 PM »
my log files for antivir personal.
Avira AntiVir Personal
Report file date: Monday, January 19, 2009  03:46

Scanning for 1038808 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    SERVER

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  11/18/2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  11/18/2008 17:21:26
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 16:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 21:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 16:58:52
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  10/27/2008 20:30:36
ANTIVIR1.VDF  : 7.1.0.56      411136 Bytes   11/9/2008 01:57:13
ANTIVIR2.VDF  : 7.1.0.89      221184 Bytes  11/16/2008 01:16:47
ANTIVIR3.VDF  : 7.1.0.97       45056 Bytes  11/17/2008 01:38:59
Engineversion : 8.2.0.31 
AEVDF.DLL     : 8.1.0.6       102772 Bytes  10/14/2008 19:05:56
AESCRIPT.DLL  : 8.1.1.15      332156 Bytes  11/11/2008 23:00:07
AESCN.DLL     : 8.1.1.5       123251 Bytes   11/8/2008 00:06:41
AERDL.DLL     : 8.1.1.3       438645 Bytes   11/4/2008 22:58:38
AEPACK.DLL    : 8.1.3.4       393591 Bytes  11/11/2008 18:41:39
AEOFFICE.DLL  : 8.1.0.30      196986 Bytes   11/8/2008 00:06:41
AEHEUR.DLL    : 8.1.0.71     1487222 Bytes   11/8/2008 00:06:41
AEHELP.DLL    : 8.1.1.3       119157 Bytes   11/8/2008 00:06:41
AEGEN.DLL     : 8.1.1.0       319859 Bytes   11/8/2008 00:06:41
AEEMU.DLL     : 8.1.0.9       393588 Bytes  10/14/2008 19:05:56
AECORE.DLL    : 8.1.4.1       172405 Bytes   11/8/2008 00:06:41
AEBB.DLL      : 8.1.0.3        53618 Bytes  10/14/2008 19:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 17:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 18:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes   7/31/2008 21:02:15
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 20:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 17:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 21:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/23/2008 02:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 21:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 21:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 22:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, January 19, 2009  03:46

The scan of running processes will be started
Scan process 'PokerStarsUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmsdmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'lxdncoms.exe' - '1' Module(s) have been scanned
Scan process 'lxdnserv.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'avgupsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgamsvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #17 on: January 20, 2009, 06:21:08 PM »
cont...
Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\$VAULT$.AVG\00000001.FIL
   
  • Archive type: HIDDEN

    --> FIL\\\?\C:\$VAULT$.AVG\00000001.FIL
      [DETECTION] Contains recognition pattern of the WORM/Lovsan.F.1 worm
    [NOTE]      The file was moved to '49a46878.qua'!
C:\Documents and Settings\server\Local Settings\Temp\62888679.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49ac6a72.qua'!
C:\Documents and Settings\server\Local Settings\Temp\63252812.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a66a7b.qua'!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\browser.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
    [WARNING]   The file could not be opened!
C:\WINDOWS\Downloaded Program Files\start.INF
    [DETECTION] Is the TR/Dagonit.INF Trojan
    [NOTE]      The file was moved to '49d57627.qua'!
C:\WINDOWS\system32\components\flx1.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b4a.qua'!
C:\WINDOWS\system32\components\flx10.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b51.qua'!
C:\WINDOWS\system32\components\flx11.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b55.qua'!
C:\WINDOWS\system32\components\flx12.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b58.qua'!
C:\WINDOWS\system32\components\flx13.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b5b.qua'!
C:\WINDOWS\system32\components\flx14.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b5e.qua'!
C:\WINDOWS\system32\components\flx15.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b61.qua'!
C:\WINDOWS\system32\components\flx16.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b63.qua'!
C:\WINDOWS\system32\components\flx17.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b65.qua'!
C:\WINDOWS\system32\components\flx18.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b67.qua'!
C:\WINDOWS\system32\components\flx19.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b69.qua'!
C:\WINDOWS\system32\components\flx2.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b6b.qua'!
C:\WINDOWS\system32\components\flx20.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b6e.qua'!
C:\WINDOWS\system32\components\flx21.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b6f.qua'!
C:\WINDOWS\system32\components\flx22.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b72.qua'!
C:\WINDOWS\system32\components\flx23.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b74.qua'!
C:\WINDOWS\system32\components\flx24.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b76.qua'!
C:\WINDOWS\system32\components\flx25.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b78.qua'!
C:\WINDOWS\system32\components\flx26.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b7a.qua'!
C:\WINDOWS\system32\components\flx27.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b7c.qua'!
C:\WINDOWS\system32\components\flx28.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b7e.qua'!
C:\WINDOWS\system32\components\flx29.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b80.qua'!
C:\WINDOWS\system32\components\flx3.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b83.qua'!
C:\WINDOWS\system32\components\flx30.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b85.qua'!
C:\WINDOWS\system32\components\flx32.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b8b.qua'!
C:\WINDOWS\system32\components\flx33.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b8c.qua'!
C:\WINDOWS\system32\components\flx34.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48864ecd.qua'!
C:\WINDOWS\system32\components\flx35.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b8d.qua'!
C:\WINDOWS\system32\components\flx36.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b8e.qua'!
C:\WINDOWS\system32\components\flx37.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b8f.qua'!
C:\WINDOWS\system32\components\flx38.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b90.qua'!
C:\WINDOWS\system32\components\flx39.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48864ed1.qua'!
C:\WINDOWS\system32\components\flx4.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b92.qua'!
C:\WINDOWS\system32\components\flx40.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48864ed3.qua'!
C:\WINDOWS\system32\components\flx41.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b93.qua'!
C:\WINDOWS\system32\components\flx42.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b94.qua'!
C:\WINDOWS\system32\components\flx43.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b95.qua'!
C:\WINDOWS\system32\components\flx44.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b96.qua'!
C:\WINDOWS\system32\components\flx45.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48864ed7.qua'!
C:\WINDOWS\system32\components\flx46.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b97.qua'!
C:\WINDOWS\system32\components\flx47.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b98.qua'!
C:\WINDOWS\system32\components\flx48.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b99.qua'!
C:\WINDOWS\system32\components\flx49.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9a.qua'!
C:\WINDOWS\system32\components\flx5.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9b.qua'!
C:\WINDOWS\system32\components\flx57.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9c.qua'!
C:\WINDOWS\system32\components\flx59.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9d.qua'!
C:\WINDOWS\system32\components\flx61.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9e.qua'!
C:\WINDOWS\system32\components\flx63.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7b9f.qua'!
C:\WINDOWS\system32\components\flx65.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba0.qua'!
C:\WINDOWS\system32\components\flx67.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba1.qua'!
C:\WINDOWS\system32\components\flx69.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba2.qua'!
C:\WINDOWS\system32\components\flx7.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba3.qua'!
C:\WINDOWS\system32\components\flx70.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48864ee4.qua'!
C:\WINDOWS\system32\components\flx72.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba4.qua'!
C:\WINDOWS\system32\components\flx73.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba5.qua'!
C:\WINDOWS\system32\components\flx74.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba6.qua'!
C:\WINDOWS\system32\components\flx8.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba8.qua'!
C:\WINDOWS\system32\components\flx9.dll
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49ec7ba9.qua'!


End of the scan: Monday, January 19, 2009  05:14
Used time:  1:27:53 Hour(s)

The scan has been done completely.

   4121 Scanning directories
 199174 Files were scanned
     62 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     62 files were moved to quarantine
      0 files were renamed
     39 Files cannot be scanned
 199073 Files not concerned
   2170 Archives were scanned
     39 Warnings
     62 Notes
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #18 on: January 20, 2009, 06:25:03 PM »
my log for super anti spy...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2009 at 04:08 PM

Application Version : 4.25.1012

Core Rules Database Version : 3718
Trace Rules Database Version: 1692

Scan type       : Quick Scan
Total Scan Time : 00:22:31

Memory items scanned      : 603
Memory threats detected   : 0
Registry items scanned    : 400
Registry threats detected : 16
File items scanned        : 4509
File threats detected     : 39

Browser Hijacker.BestSafetyGuide
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\IXT0.DLL

Unclassified.Unknown Origin
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InProcServer32
   C:\WINDOWS\SYSTEM32\VBSYS2.DLL

Trojan.Homepage
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32#ThreadingModel

Unclassified.PC MightyMax
   HKU\S-1-5-21-1060284298-1078145449-854245398-1003\Software\PC MightyMax
   C:\Program Files\PC MightyMax\lic.conf
   C:\Program Files\PC MightyMax\lic.dat
   C:\Program Files\PC MightyMax\pcdocrx.conf
   C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
   C:\Program Files\PC MightyMax\undo
   C:\Program Files\PC MightyMax

Adware.Tracking Cookie
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@www.burstnet[1].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@ads.hi5[2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@cs.sexcounter[2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@burstnet[2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@ad.yieldmanager[2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@adserving.cpxinteractive[2].txt

Malware.SpywareQuake
   C:\WINDOWS\TEMP\SABD.EXE
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #19 on: January 20, 2009, 06:26:37 PM »
my log for malwarebytes...
Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600

1/20/2009 5:09:22 PM
mbam-log-2009-01-20 (17-09-22).txt

Scan type: Quick Scan
Objects scanned: 53871
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1131-1111-1111-611111193428} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64311111-1111-1121-1111-111191113457} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\server\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\server\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_21_42 PM_733.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_58_08 PM_436.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #20 on: January 20, 2009, 06:32:10 PM »
i am now stuck on the hijack this wont let me copy past
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #21 on: January 21, 2009, 06:29:58 PM »
hi
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #22 on: January 24, 2009, 10:17:07 AM »
any1 can look at files
IP logged
bluestoneman
Topic Starter
Rookie



Posts: 29
« Reply #23 on: February 02, 2009, 03:47:46 AM »
any1 help me
IP logged
Carbon Dudeoxide
Global Moderator
Mastermind


Thanked: 146
Posts: 16,087

Certifications: List
Computer: Specs
Experience: Expert
OS: Mac OS


Carbon - The building block of life on Earth.

My Youtube Profile 1 1
« Reply #24 on: February 02, 2009, 04:12:14 AM »
Apologies for this long wait.

We are currently a bit short on Malware Specialists.
Because of this, they are mainly only looking at topics in the Computer Virus and Spyware Section with 0 replied.
I suggest re-posting your problem, along with the logs. (attach them as text files).
IP logged
Pages: 1 [2]  All - (Top) Print 
Home / Software / Computer viruses and spyware / some1 says i am infected « previous next »
 


Login with username, password and session length

Old Forum Search | Forum Rules
Copyright © 2010 Computer Hope ® All rights reserved.
Powered by SMF 2.0 RC3 | SMF © 2006–2010, Simple Machines LLC
Page created in 0.181 seconds with 19 queries.