Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware/virus preventing connection to internet


  • This topic is locked This topic is locked

#16
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
The infection is not listed in the last portion you posted. Please find the lines where at the end of the line instead of "Object is locked skipped" it say "Infected" and post those lines.

As for Izx.sys please post these two logs and let's see if it's morphed.

1) a new combofix log

2)Scan for Hidden Data Streams
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy.."
  • In ADS Spy, uncheck the following options:
    Quick Scan
    Ignore safe system info streams
  • Click on "Scan"
  • Click on "Save Log..."
  • Copy and paste the List from the notepad into your next post

  • 0

Advertisements


#17
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Armodelux

The infection didn't show up in any part of the Kaspersky log. I re-ran the the Kaspersky scan today and these are the offending lines that came up.

C:\System Volume Information\_restore{AFBAC266-5C74-4066-BBD0-C90EC01B0B54}\RP6\A0002831.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{AFBAC266-5C74-4066-BBD0-C90EC01B0B54}\RP8\A0003249.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped


This is the new combo fix log:

Me and thee - 06-11-26 12:46:19.07 Service Pack 2
ComboFix 06.11.19W - Running from: "C:\Documents and Settings\Me and thee\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))


2006-11-25 08:50 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Help
2006-11-23 10:28 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-23 06:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-11-21 15:35 <DIR> d-------- C:\Program Files\Aaa Matt's documents
2006-11-21 15:35 <DIR> d-------- C:\Program Files\Aaa Cam's documents
2006-11-21 12:12 <DIR> d-------- C:\Program Files\Java
2006-11-21 09:14 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-20 12:17 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-20 12:17 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-20 12:15 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-20 12:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-20 08:05 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2006-11-19 19:44 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-19 19:44 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-19 19:44 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-19 19:44 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-19 19:44 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-19 19:44 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\AVG7
2006-11-19 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-19 19:21 202,240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-11-19 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-19 13:55 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Macromedia
2006-11-19 12:46 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Lavasoft
2006-11-19 12:24 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Google
2006-11-19 12:00 <DIR> d-------- C:\Program Files\Grisoft
2006-11-19 10:04 <DIR> d-------- C:\Program Files\Documents
2006-11-19 10:01 <DIR> d-------- C:\Program Files\Documents from matt and cam folder in docs and settings
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\SendTo
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Recent
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data\.
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Start Menu
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\My Documents
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Favorites
2006-11-19 08:27 <DIR> d--hs---- C:\Documents and Settings\Me and thee\UserData
2006-11-19 08:27 <DIR> d--hs---- C:\Documents and Settings\Me and thee\Cookies
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Templates
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\PrintHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\NetHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Local Settings
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\Application Data\Microsoft
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Desktop
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Symantec
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Sun
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Identities
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\.
2006-11-18 16:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-18 14:18 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-11-18 14:18 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-11-16 11:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 14:47 <DIR> d-------- C:\Downloaded Program Files
2006-11-14 19:29 <DIR> d-------- C:\Program Files\WAR2
2006-11-14 11:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-13 18:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-13 16:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-13 16:49 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 16:49 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-13 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-13 10:28 <DIR> d-------- C:\WINDOWS\ZoneLabs
2006-11-13 10:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 09:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-13 08:25 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-12 22:48 <DIR> d-------- C:\Program Files\SpywareGuard
2006-11-12 21:23 <DIR> d-------- C:\WINDOWS\pss
2006-11-12 19:26 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-11-12 17:15 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-12 14:32 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-12 14:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-12 14:28 <DIR> d-------- C:\Program Files\Anti virus programs
2006-11-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-11 14:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-08 17:28 <DIR> d-------- C:\Program Files\Starcraft
2006-11-05 18:02 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-26 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-20 12:24 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 11:54 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 11:49 -------- d-------- C:\Program Files\Nodtronics Pty Ltd
2006-11-19 11:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-19 08:27 -------- d-------- C:\Program Files\Windows Media Player
2006-11-15 16:29 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-11-15 11:45 -------- d-------- C:\Program Files\Messenger
2006-11-14 20:11 -------- d-------- C:\Program Files\Google
2006-11-13 19:02 -------- d-------- C:\Program Files\Railroad Tycoon II - Gold Edition
2006-11-13 18:58 -------- d-------- C:\Program Files\Beachhead 2000
2006-11-13 16:44 -------- d-------- C:\Program Files\Common Files\Companion Wizard
2006-11-13 09:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-12 12:11 -------- d-------- C:\Program Files\MSN Messenger
2006-11-12 12:10 -------- d-------- C:\Program Files\MSN
2006-11-11 15:17 -------- d-------- C:\Program Files\Quick Time
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 01:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 18:36 -------- d-------- C:\Program Files\EA GAMES
2006-10-08 08:58 -------- d-------- C:\Program Files\UnrealTournament
2006-10-01 18:34 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-01 18:29 -------- d-------- C:\Program Files\Serious Sam 2
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-09 19:29 1108550 --a------ C:\Program Files\crocodile clips.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LTMSG"="LTMSG.exe 7"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RegistryMechanic"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally\StuntRally.exe]
@="C:\\Program Files\\LEGO Media\\LEGO Stunt Rally\\StuntRally.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-26 12:52:13.82
C:\ComboFix.txt ... 06-11-26 12:52

Here is the new hyjack this log:

C:\Documents and Settings\All Users\Documents\Downloaded Program Files\mtinst.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\All Users\Documents\Downloaded Program Files\rminstall.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\All Users\Documents\EA Games\The Sims 2\Movies\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\EA Games\The Sims 2\Projects\Alien1\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\EA Games\The Sims 2\Projects\Alien2\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\EA Games\The Sims 2\Storytelling\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\sys\cuhk\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\sys\hkc\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\sys\lf\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\sys\sp\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\sys\thv\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\template\1\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\template\2\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\bg\template\3\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\sprite\sys\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\lf2_v1652\sprite\template1\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\Pivot\setup.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\Desktop\combofix.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\Favorites\Google.url : favicon (1406 bytes)
C:\Documents and Settings\Me and thee\Favorites\Pip's Stuff\Free Online Virus Scanner and File Scanner - Kaspersky Lab Antivirus Software.url : favicon (7078 bytes)
C:\Documents and Settings\Me and thee\Favorites\Pip's Stuff\Geeks to Go! - Malware Removal - HiJackThis Logs Go Here.url : favicon (1406 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Crazy Frog\Axel F\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Crazy Frog\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Eminem\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Fort Minor\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Green Day\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Hoobastank\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Linkin Park\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Nickelback\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Original Soundtrack\Men in Black II [Original Soundtrack]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Original Soundtrack\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Simple Plan\Still Not Getting Any... Disc 1\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Simple Plan\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\The All-American Rejects\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Unknown Artist\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Music\Unknown Artist\Unknown Album (26-01-2005 6-41-35 p.m.)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\american choppeer\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\animals\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\bebe.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\coastal engineer\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\family guy\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\matts smileys\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\moive maker\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\msn alphabet\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Msn emoticons\FreemoticonsDPMSNEmotions(www.mess.be).zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Msn emoticons\simpsons status pix\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Msn emoticons\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\msn guy\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\newspaper pics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\bespelled-setup.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\blahhh.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\bob_esponja.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\bob_léponge.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\cow.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Cute_Cow!.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\eyes : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\get_cool.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\heart.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg2.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg3.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg4.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg5.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg6.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg7.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\meg8.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Miam!!!!.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\ouch.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Schnappi\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\signs\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\tire_langue.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Tough_Guy.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Tough_Guy_#2.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Tough_guy_#3.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\triste.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\two eyes download.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\waa.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\weeper.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\Weird.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Picture\x_X.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\powerpoint guy\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\sprites\Mr. Kong\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Me and thee\My Documents\My Pictures\wwe pics\Thumbs.db : encryptable (0 bytes)
C:\Downloaded Program Files\jdk-1_5_0_09-windows-i586-p-iftw.exe : Zone.Identifier (26 bytes)
C:\Program Files\Anti virus programs\mtinst.exe : Zone.Identifier (26 bytes)
C:\Program Files\Anti virus programs\rminstall.exe : Zone.Identifier (26 bytes)
C:\Program Files\crocodile clips.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents\000979604_33846-523.PDF : Zone.Identifier (26 bytes)
C:\Program Files\Documents\EA Games\The Sims 2\Movies\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\gmaker.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents\JournalViewer1.5_KB886179_ENU.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\10_1_20[1].gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\18.wma : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\36_19_7[1].gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\4_1_205[1].gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\4_1_72[1].gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\funny.wmv : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\green day 1.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\green day 2.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\green day 3.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\hl2 concept.jpg : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\isa luigis apizza.bmp : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\lol pic.gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\mendboaz.rtf : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\middy.doc : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\ss-dragonslayer1.gif : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Stir Fried Cabbage.doc : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\My Received Files\Track01.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Track02.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Track03.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Track04.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Track05.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\Track06.cda : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\want_your_pity.wav : Zone.Identifier (26 bytes)
C:\Program Files\Documents\My Received Files\weird convo...rtf : Zone.Identifier (26 bytes)
C:\Program Files\Documents\ouch.jpg : Zone.Identifier (26 bytes)
C:\Program Files\Documents\rs screenshots by cam\rs tour\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\rs screenshots by cam\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\Screensavers\Screensaver\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\Screensavers\Screensaver2\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents\setup.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents\wwe pics\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\EA Games\The Sims 2\Projects\Alien1\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\EA Games\The Sims 2\Projects\Alien2\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\EA Games\The Sims 2\Storytelling\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\gmaker.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\JournalViewer1.5_KB886179_ENU.exe : Zone.Identifier (26 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\ouch.jpg : Zone.Identifier (26 bytes)
C:\Program Files\Documents from matt and cam folder in docs and settings\setup.exe : Zone.Identifier (26 bytes)
C:\Program Files\Google\GoogleToolbarInstaller.exe : Zone.Identifier (26 bytes)
C:\Program Files\Messenger\Thumbs.db : encryptable (0 bytes)

Thanks again

Pip
  • 0

#18
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Everything looks clean. The Kaspersky detection is infected system restore points which we will purge.

If you don't have any problems left, you should be good to go. Let me know either way and if no problems let's purge system restore and I will give you tips on keeping clean.
  • 0

#19
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you so much Armodelux, you have been absolutely fantastic helping me with this. I'm sure my Brothers will be very grateful too as they have been bugging me to get them the computer back. I told them they should be glad they still have a computer left.

Many many many thanks again.

Pip
  • 0

#20
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Please take the following into consideration to maintain a clean computer.

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.
Here's a site you can submit suspicious files to:
http://virusscan.jotti.org/

For everyday usage, create a limited account and use that one instead of the account with admin priviledges. The account with admin priviledges should be used for computer management only. Using a limited account would keep the damage done by malware to a minimum.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#21
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks so much Armodelux

I have reset the restore points and done the final cleanup. Zonealarm AVG are installed on the computer and windows automatic update is turned on.

Many many thanks again for your great help.

Pip
  • 0

#22
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP