Author Topic: some1 says i am infected (Read 8559 times)

bluestoneman · « **Reply #15 on:** January 20, 2009, 04:27:23 AM »

yes im on firefox now thx. ok now i just got a bubble that said taking out memory and i tried to download ad-ware ae and said i dont have enough memory. i used defragmenter and said i have 63% storage not used my firewall has been deleted im messed right up.

bluestoneman · « **Reply #16 on:** January 20, 2009, 06:20:12 PM »

my log files for antivir personal.
Avira AntiVir Personal
Report file date: Monday, January 19, 2009 03:46

Scanning for 1038808 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: SERVER

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 01:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 01:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 11/17/2008 01:38:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 19:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 23:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 11/8/2008 00:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 18:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/8/2008 00:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/8/2008 00:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/8/2008 00:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/8/2008 00:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/8/2008 00:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, January 19, 2009 03:46

The scan of running processes will be started
Scan process 'PokerStarsUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmsdmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'lxdnmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'lxdncoms.exe' - '1' Module(s) have been scanned
Scan process 'lxdnserv.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'avgupsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgamsvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

bluestoneman · « **Reply #17 on:** January 20, 2009, 06:21:08 PM »

cont...
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\$VAULT$.AVG\00000001.FIL

Archive type: HIDDEN

--> FIL\\\?\C:\$VAULT$.AVG\00000001.FIL
[DETECTION] Contains recognition pattern of the WORM/Lovsan.F.1 worm
[NOTE] The file was moved to '49a46878.qua'!
C:\Documents and Settings\server\Local Settings\Temp\62888679.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49ac6a72.qua'!
C:\Documents and Settings\server\Local Settings\Temp\63252812.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a66a7b.qua'!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\browser.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Downloaded Program Files\start.INF
[DETECTION] Is the TR/Dagonit.INF Trojan
[NOTE] The file was moved to '49d57627.qua'!
C:\WINDOWS\system32\components\flx1.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b4a.qua'!
C:\WINDOWS\system32\components\flx10.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b51.qua'!
C:\WINDOWS\system32\components\flx11.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b55.qua'!
C:\WINDOWS\system32\components\flx12.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b58.qua'!
C:\WINDOWS\system32\components\flx13.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b5b.qua'!
C:\WINDOWS\system32\components\flx14.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b5e.qua'!
C:\WINDOWS\system32\components\flx15.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b61.qua'!
C:\WINDOWS\system32\components\flx16.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b63.qua'!
C:\WINDOWS\system32\components\flx17.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b65.qua'!
C:\WINDOWS\system32\components\flx18.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b67.qua'!
C:\WINDOWS\system32\components\flx19.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b69.qua'!
C:\WINDOWS\system32\components\flx2.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b6b.qua'!
C:\WINDOWS\system32\components\flx20.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b6e.qua'!
C:\WINDOWS\system32\components\flx21.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b6f.qua'!
C:\WINDOWS\system32\components\flx22.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b72.qua'!
C:\WINDOWS\system32\components\flx23.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b74.qua'!
C:\WINDOWS\system32\components\flx24.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b76.qua'!
C:\WINDOWS\system32\components\flx25.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b78.qua'!
C:\WINDOWS\system32\components\flx26.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b7a.qua'!
C:\WINDOWS\system32\components\flx27.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b7c.qua'!
C:\WINDOWS\system32\components\flx28.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b7e.qua'!
C:\WINDOWS\system32\components\flx29.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b80.qua'!
C:\WINDOWS\system32\components\flx3.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b83.qua'!
C:\WINDOWS\system32\components\flx30.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b85.qua'!
C:\WINDOWS\system32\components\flx32.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b8b.qua'!
C:\WINDOWS\system32\components\flx33.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b8c.qua'!
C:\WINDOWS\system32\components\flx34.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48864ecd.qua'!
C:\WINDOWS\system32\components\flx35.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b8d.qua'!
C:\WINDOWS\system32\components\flx36.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b8e.qua'!
C:\WINDOWS\system32\components\flx37.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b8f.qua'!
C:\WINDOWS\system32\components\flx38.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b90.qua'!
C:\WINDOWS\system32\components\flx39.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48864ed1.qua'!
C:\WINDOWS\system32\components\flx4.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b92.qua'!
C:\WINDOWS\system32\components\flx40.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48864ed3.qua'!
C:\WINDOWS\system32\components\flx41.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b93.qua'!
C:\WINDOWS\system32\components\flx42.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b94.qua'!
C:\WINDOWS\system32\components\flx43.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b95.qua'!
C:\WINDOWS\system32\components\flx44.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b96.qua'!
C:\WINDOWS\system32\components\flx45.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48864ed7.qua'!
C:\WINDOWS\system32\components\flx46.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b97.qua'!
C:\WINDOWS\system32\components\flx47.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b98.qua'!
C:\WINDOWS\system32\components\flx48.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b99.qua'!
C:\WINDOWS\system32\components\flx49.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9a.qua'!
C:\WINDOWS\system32\components\flx5.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9b.qua'!
C:\WINDOWS\system32\components\flx57.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9c.qua'!
C:\WINDOWS\system32\components\flx59.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9d.qua'!
C:\WINDOWS\system32\components\flx61.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9e.qua'!
C:\WINDOWS\system32\components\flx63.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7b9f.qua'!
C:\WINDOWS\system32\components\flx65.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba0.qua'!
C:\WINDOWS\system32\components\flx67.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba1.qua'!
C:\WINDOWS\system32\components\flx69.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba2.qua'!
C:\WINDOWS\system32\components\flx7.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba3.qua'!
C:\WINDOWS\system32\components\flx70.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48864ee4.qua'!
C:\WINDOWS\system32\components\flx72.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba4.qua'!
C:\WINDOWS\system32\components\flx73.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba5.qua'!
C:\WINDOWS\system32\components\flx74.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba6.qua'!
C:\WINDOWS\system32\components\flx8.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba8.qua'!
C:\WINDOWS\system32\components\flx9.dll
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ec7ba9.qua'!

End of the scan: Monday, January 19, 2009 05:14
Used time: 1:27:53 Hour(s)

The scan has been done completely.

4121 Scanning directories
199174 Files were scanned
62 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
62 files were moved to quarantine
0 files were renamed
39 Files cannot be scanned
199073 Files not concerned
2170 Archives were scanned
39 Warnings
62 Notes

bluestoneman · « **Reply #18 on:** January 20, 2009, 06:25:03 PM »

my log for super anti spy...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2009 at 04:08 PM

Application Version : 4.25.1012

Core Rules Database Version : 3718
Trace Rules Database Version: 1692

Scan type : Quick Scan
Total Scan Time : 00:22:31

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 400
Registry threats detected : 16
File items scanned : 4509
File threats detected : 39

Browser Hijacker.BestSafetyGuide
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32
   HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32#ThreadingModel
   C:\WINDOWS\SYSTEM32\IXT0.DLL

Unclassified.Unknown Origin
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
   HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InProcServer32
   C:\WINDOWS\SYSTEM32\VBSYS2.DLL

Trojan.Homepage
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32
   HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32
   HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32#ThreadingModel

Unclassified.PC MightyMax
   HKU\S-1-5-21-1060284298-1078145449-854245398-1003\Software\PC MightyMax
   C:\Program Files\PC MightyMax\lic.conf
   C:\Program Files\PC MightyMax\lic.dat
   C:\Program Files\PC MightyMax\pcdocrx.conf
   C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
   C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
   C:\Program Files\PC MightyMax\undo
   C:\Program Files\PC MightyMax

Adware.Tracking Cookie
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\server@burstnet[2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\server\Local Settings\Temp\Cookies\[email protected][2].txt

Malware.SpywareQuake
   C:\WINDOWS\TEMP\SABD.EXE

bluestoneman · « **Reply #19 on:** January 20, 2009, 06:26:37 PM »

my log for malwarebytes...
Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600

1/20/2009 5:09:22 PM
mbam-log-2009-01-20 (17-09-22).txt

Scan type: Quick Scan
Objects scanned: 53871
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1131-1111-1111-611111193428} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64311111-1111-1121-1111-111191113457} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\server\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\server\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_21_42 PM_733.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_58_08 PM_436.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\server\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.

bluestoneman · « **Reply #20 on:** January 20, 2009, 06:32:10 PM »

i am now stuck on the hijack this wont let me copy past

bluestoneman · « **Reply #21 on:** January 21, 2009, 06:29:58 PM »

bluestoneman · « **Reply #22 on:** January 24, 2009, 10:17:07 AM »

any1 can look at files

bluestoneman · « **Reply #23 on:** February 02, 2009, 03:47:46 AM »

any1 help me

Carbon Dudeoxide · « **Reply #24 on:** February 02, 2009, 04:12:14 AM »

Apologies for this long wait.

We are currently a bit short on Malware Specialists.
Because of this, they are mainly only looking at topics in the Computer Virus and Spyware Section with 0 replied.
I suggest re-posting your problem, along with the logs. (attach them as text files).

Computer Hope Forum

News:

Author Topic: some1 says i am infected (Read 8559 times)

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

bluestoneman

Re: some1 says i am infected

Carbon Dudeoxide

Re: some1 says i am infected