So many viruses, please help
Started by
jkt2009
, Jan 15 2007 05:45 PM
#31
Posted 16 January 2007 - 03:49 PM
#32
Posted 16 January 2007 - 03:53 PM
Please post a new HiJack This log and a new Panda scan.
-Ryan
-Ryan
#33
Posted 16 January 2007 - 04:24 PM
New Panda Scan Log
Detected Disinfected
Virus 0 0
Spyware 10 0
Hacking tools and rootkits 6 0
Dialers 1 0
Security Risks 0 0
Suspicious files 0 0
Adware:adware/sidesearch Not disinfected f:\program files\Lycos
Potentially unwanted tool:application/myway Not disinfected f:\program files\MySearch
Adware:adware/searchforit Not disinfected f:\program files\sf
Spyware:spyware/clearsearch Not disinfected Windows Registry
Dialer:dialer.b Not disinfected hkey_classes_root\clsid\{0E4796D6-A990-4372-9069-72FBDB4AE868}
Adware:adware/instdollars Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:Adware/Gator Not disinfected F:\Documents and Settings\Administrator\My Documents\DivXPro511Adware.exe[Gain_Trickler.exe]
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Kelley\Cookies\kelley@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\My Documents\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor
New Hikack Log
Logfile of HijackThis v1.99.1
Scan saved at 3:23:31 PM, on 1/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\System32\RioMSC.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\sistray.EXE
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0\bin\jusched.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Nikon\NkView4\NkVwMon.exe
F:\WINDOWS\System32\dlcccoms.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Kelley\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Tray] F:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] F:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Scheduler.lnk = F:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = F:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168967023500
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: dlcc_device - Unknown owner - F:\WINDOWS\System32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\System32\RioMSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
Thanks
Detected Disinfected
Virus 0 0
Spyware 10 0
Hacking tools and rootkits 6 0
Dialers 1 0
Security Risks 0 0
Suspicious files 0 0
Adware:adware/sidesearch Not disinfected f:\program files\Lycos
Potentially unwanted tool:application/myway Not disinfected f:\program files\MySearch
Adware:adware/searchforit Not disinfected f:\program files\sf
Spyware:spyware/clearsearch Not disinfected Windows Registry
Dialer:dialer.b Not disinfected hkey_classes_root\clsid\{0E4796D6-A990-4372-9069-72FBDB4AE868}
Adware:adware/instdollars Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/fastfind Not disinfected Windows Registry
Adware:Adware/Gator Not disinfected F:\Documents and Settings\Administrator\My Documents\DivXPro511Adware.exe[Gain_Trickler.exe]
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Kelley\Cookies\kelley@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Kelley\My Documents\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor
New Hikack Log
Logfile of HijackThis v1.99.1
Scan saved at 3:23:31 PM, on 1/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\System32\RioMSC.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\sistray.EXE
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.6.0\bin\jusched.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Nikon\NkView4\NkVwMon.exe
F:\WINDOWS\System32\dlcccoms.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Kelley\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Tray] F:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] F:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Scheduler.lnk = F:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = F:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168967023500
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: dlcc_device - Unknown owner - F:\WINDOWS\System32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\System32\RioMSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
Thanks
#34
Posted 16 January 2007 - 04:38 PM
Delete the following folders:f:\program files\Lycos
f:\program files\MySearch
f:\program files\sf
After that,it looks like you are all clean.
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.
We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx
To learn more about how to protect yourself while on the internet read this article by Tony Klein: [b]So how did I get infected in the first place?
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
f:\program files\MySearch
f:\program files\sf
After that,it looks like you are all clean.
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.
We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx
To learn more about how to protect yourself while on the internet read this article by Tony Klein: [b]So how did I get infected in the first place?
Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.
-Ryan
#35
Posted 16 January 2007 - 04:45 PM
Deleted folders. Should I unistall the spyware programs AVG and SuperSpyware(they load at startup) and reinstall my norton antivirus disk. Also should my SIS Utility tray be visible in the lower right hand corner?
Thanks for all the help
Thanks for all the help
#36
Posted 16 January 2007 - 04:49 PM
You can keep both programs. If you wish, you can install either AVG Anti-Virus or Avast!. Both are free. It is normal for the SIS Utility tray to be visible.
-Ryan
-Ryan
#37
Posted 16 January 2007 - 04:50 PM
Tried to run my ad-aware and received a red and white x - There is no disk in the drive. Please insert a disk into drive \Device\harddisk1\Dr2
#38
Posted 17 January 2007 - 11:30 AM
You should be able to fix the problem by clicking cancel, and then redefining what to scan.
If you kept AVG Anti-Spyware or SUPER AntiSpyware, and they don't give you this error), I would just uninstall Ad-aware, as both of those programs are superior to Ad-aware.
-Ryan
If you kept AVG Anti-Spyware or SUPER AntiSpyware, and they don't give you this error), I would just uninstall Ad-aware, as both of those programs are superior to Ad-aware.
-Ryan
#39
Posted 21 January 2007 - 11:26 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users