Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

So many viruses, please help


  • This topic is locked This topic is locked

#31
jkt2009

jkt2009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Killbox did finally open and I follwed instructions, what's next?
  • 0

Advertisements


#32
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please post a new HiJack This log and a new Panda scan.

-Ryan
  • 0

#33
jkt2009

jkt2009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
New Panda Scan Log

Detected Disinfected
Virus 0 0
Spyware 10 0
Hacking tools and rootkits 6 0
Dialers 1 0
Security Risks 0 0
Suspicious files 0 0


Adware:adware/sidesearch Not disinfected f:\program files\Lycos
Potentially unwanted tool:application/myway Not disinfected f:\program files\MySearch
Adware:adware/searchforit Not disinfected f:\program files\sf
Spyware:spyware/clearsearch Not disinfected Windows Registry
Dialer:dialer.b Not disinfected hkey_classes_root\clsid\{0E4796D6-A990-4372-9069-72FBDB4AE868}
Adware:adware/instdollars Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:Adware/Gator Not disinfected F:\Documents and Settings\Administrator\My Documents\DivXPro511Adware.exe[Gain_Trickler.exe]
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Kelley\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\My Documents\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor


New Hikack Log

Logfile of HijackThis v1.99.1
Scan saved at 3:23:31 PM, on 1/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\System32\RioMSC.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\sistray.EXE
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0\bin\jusched.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Nikon\NkView4\NkVwMon.exe
F:\WINDOWS\System32\dlcccoms.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Kelley\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Tray] F:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] F:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [dlccmon.exe] "F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Scheduler.lnk = F:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = F:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168967023500
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: dlcc_device - Unknown owner - F:\WINDOWS\System32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\System32\RioMSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

Thanks
  • 0

#34
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Delete the following folders:f:\program files\Lycos
f:\program files\MySearch
f:\program files\sf
After that,it looks like you are all clean.


We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx


To learn more about how to protect yourself while on the internet read this article by Tony Klein: [b]So how did I get infected in the first place?


Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan
  • 0

#35
jkt2009

jkt2009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Deleted folders. Should I unistall the spyware programs AVG and SuperSpyware(they load at startup) and reinstall my norton antivirus disk. Also should my SIS Utility tray be visible in the lower right hand corner?

Thanks for all the help
  • 0

#36
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
You can keep both programs. If you wish, you can install either AVG Anti-Virus or Avast!. Both are free. It is normal for the SIS Utility tray to be visible.

-Ryan
  • 0

#37
jkt2009

jkt2009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Tried to run my ad-aware and received a red and white x - There is no disk in the drive. Please insert a disk into drive \Device\harddisk1\Dr2
  • 0

#38
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
You should be able to fix the problem by clicking cancel, and then redefining what to scan.

If you kept AVG Anti-Spyware or SUPER AntiSpyware, and they don't give you this error), I would just uninstall Ad-aware, as both of those programs are superior to Ad-aware.

-Ryan
  • 0

#39
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP