Results 1 to 8 of 8
  1. 01-21-2006 06:57 PM #1
    Lyeturia
    Lyeturia is offline
    Member
    Join Date
    Jan 2006
    Posts
    17
    Points
    0

    Default Unable to resolve virus/hijacker

    Okay, I'm back again and this time with a legitimate problem for spyware. I have followed all instructions on this page: http://www.help2go.com/Tutorials/Pro...Hijackers.html

    In addition, I revisited my original thread and followed Steamwiz's instructions he passed. I've also used the Blacklight rootkit tool, and the Rootkit Revealer. I was able to track down a couple of issues, and I was able to move into SafeMode and remove them, but as it is now there is something on my system that none of these steps has been able to resolve or remove. My AVG will pop up with a virus detected in my Temp Internet folders/content.ie5 and even though I remove it, heal it, quarantine it, a few minutes later it will reappear.

    Not only that, but my IE has been hijacked since I use Firefox and set my homepage on IE to blank. it sends me to: http://www.yoursecuritysystem.com/

    I have fixed the BHO setting as per the additional spyware instructions for Ads234, Midaddle, or Netspry spyware pieces and still nothing.

    Here is my Hijackthis log, and I will be re-running both Blacklight and Rootkit and posting those logs in a moment.

    *Edit* I've been doing some work to try and get rid of this problem. I'm going to update my logs:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:16:14 AM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\AVGFRE~1\avgcc.exe
    C:\Program Files\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PurgeIE\PurgPro_Service.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\HijackThis.exe

    O1 - Hosts: 70.178.15.58 l2authd.lineage2.com
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1137884119640
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137884102625
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. 01-21-2006 07:38 PM #2
    Lyeturia
    Lyeturia is offline
    Member
    Join Date
    Jan 2006
    Posts
    17
    Points
    0

    Default Rootkit Log

    *Edit* New Rootkit Revealer log:

    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 12/18/2005 9:14 AM 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 12/18/2005 9:14 AM 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 12/18/2005 9:14 AM 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 12/18/2005 9:14 AM 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 12/18/2005 9:14 AM 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 12/22/2005 3:30 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\#SharedObjects 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\#SharedObjects\AW8N9RR8 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\macromedia.com 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\macromedia.com\support 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 1/22/2006 3:31 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 1/22/2006 3:31 AM 348 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Microsoft\MSN Messenger\1969937433\MapFile\TFR1B9.dat 12/10/2005 12:13 AM 9.70 KB Visible in Windows API, but not in MFT or directory index.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Microsoft\MSN Messenger\1969937433\MapFile\TFR7.dat 1/22/2006 3:34 AM 10.18 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Microsoft\MSN Messenger\1969937433\UserTile\TFR6.dat 1/22/2006 3:34 AM 20.83 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\0039C971d01 1/22/2006 3:45 AM 248 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\00A03AE2d01 1/22/2006 3:42 AM 49.30 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\038C266Dd01 1/22/2006 3:45 AM 8.03 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\05222A81d01 1/22/2006 3:45 AM 6.65 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\05232A81d01 1/22/2006 3:45 AM 9.53 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\05242A81d01 1/22/2006 3:45 AM 8.25 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\05252A81d01 1/22/2006 3:49 AM 8.11 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\0D6E67C7d01 1/22/2006 3:31 AM 33.40 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\128EAF41d01 1/22/2006 3:43 AM 71.53 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\15FA5885d01 1/22/2006 3:31 AM 40.05 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\175D2038d01 1/22/2006 3:41 AM 32.05 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\1EF111ABd01 1/22/2006 3:31 AM 57.41 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\280083A6d01 1/22/2006 3:31 AM 47.96 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\2840402Ad01 1/22/2006 3:31 AM 53.09 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\28C679A0d01 1/22/2006 3:31 AM 37.49 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\2A0901BCd01 1/22/2006 3:49 AM 45.50 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\2B4DB991d01 1/22/2006 3:45 AM 109.11 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\2BC4878Fd01 1/22/2006 3:31 AM 41.28 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\3163C129d01 1/22/2006 3:31 AM 36.28 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\396FE9E1d01 1/22/2006 3:51 AM 40.97 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\3B19977Fd01 1/22/2006 3:31 AM 42.68 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\411B82C4d01 1/22/2006 3:52 AM 10.74 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\411B85C5d01 1/22/2006 3:49 AM 10.74 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\41AF8EA6d01 1/22/2006 3:31 AM 93.65 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\4356F911d01 1/22/2006 3:45 AM 72.48 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\44A9779Bd01 1/22/2006 3:46 AM 21.57 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\45F94B96d01 1/22/2006 3:52 AM 101.13 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\4F0F882Ad01 1/22/2006 3:31 AM 53.68 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\4FF54F9Bd01 1/22/2006 3:41 AM 19.53 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\545D65A5d01 1/22/2006 3:31 AM 7.12 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\545E65A5d01 1/22/2006 3:31 AM 4.36 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\54E8E939d01 1/22/2006 3:52 AM 6.23 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\59F7643Cd01 1/22/2006 3:31 AM 38.33 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\5C610BDFd01 1/22/2006 3:31 AM 35.46 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\5CF65DCCd01 1/22/2006 3:31 AM 33.07 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\5D020423d01 1/22/2006 3:31 AM 64.51 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\5DA47DCDd01 1/22/2006 3:31 AM 30.32 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\63150996d01 1/22/2006 3:51 AM 85.09 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\644B2730d01 1/22/2006 3:45 AM 1.11 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\645D8B3Ad01 1/22/2006 3:41 AM 92.87 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\6B013529d01 1/22/2006 3:31 AM 38.46 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\6C251CEBd01 1/22/2006 3:48 AM 45.79 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\6D38E36Dd01 1/22/2006 3:45 AM 1.38 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\77610869d01 1/22/2006 3:46 AM 44.14 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\77AB3538d01 1/22/2006 3:31 AM 37.97 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\7E0857B5d01 1/22/2006 3:31 AM 46.52 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\8A016EC9d01 1/22/2006 3:31 AM 63.78 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\8D353529d01 1/22/2006 3:31 AM 40.66 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\9709357Ed01 1/22/2006 3:31 AM 52.01 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\98CC9788d01 1/22/2006 3:31 AM 71.23 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\9A3808EEd01 1/22/2006 3:31 AM 34.55 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\9FE3A4F1d01 1/22/2006 3:50 AM 43.61 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\A4F164EDd01 1/22/2006 3:45 AM 5.67 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\A5F931E5d01 1/22/2006 3:51 AM 9.46 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\A5F937E4d01 1/22/2006 3:52 AM 9.46 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\A70B8EBFd01 1/22/2006 3:45 AM 11.19 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\AC14A396d01 1/22/2006 3:31 AM 50.95 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\BBE0C2B3d01 1/22/2006 3:42 AM 37.29 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\BD97C810d01 1/22/2006 3:31 AM 32.96 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\BEBDCE08d01 1/22/2006 3:43 AM 23.72 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\C12C39B9d01 1/22/2006 3:52 AM 104.77 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\C152627Dd01 1/22/2006 3:31 AM 70.16 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\C9AB1FBAd01 1/22/2006 3:43 AM 84.62 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\CCA59722d01 1/22/2006 3:45 AM 106.05 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\DA04AF02d01 1/22/2006 3:41 AM 53.24 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\DC9648F9d01 1/22/2006 3:31 AM 70.90 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\DEFD1B10d01 1/22/2006 3:42 AM 41.41 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E00D3E25d01 1/22/2006 3:31 AM 36.85 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E371E727d01 1/22/2006 3:52 AM 4.45 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E378E727d01 1/22/2006 3:50 AM 4.85 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E37AE727d01 1/22/2006 3:49 AM 4.51 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E37BE727d01 1/22/2006 3:49 AM 4.79 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E37CE727d01 1/22/2006 3:45 AM 4.46 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E37DE727d01 1/22/2006 3:45 AM 4.45 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\E37FE727d01 1/22/2006 3:45 AM 4.45 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\EA10B6F1d01 1/22/2006 3:45 AM 4.98 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\EAD83615d01 1/22/2006 3:49 AM 102.90 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\EC9FEFA8d01 1/22/2006 3:31 AM 31.92 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\F47851F8d01 1/22/2006 3:31 AM 52.66 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\F54D627Fd01 1/22/2006 3:45 AM 26.03 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\F6059BFAd01 1/22/2006 3:42 AM 90.97 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\F8C83CF5d01 1/22/2006 3:41 AM 59.31 KB Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\FA34B368d01 1/22/2006 3:43 AM 33.18 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\FAA7BD19d01 1/22/2006 3:48 AM 43.86 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Application Data\Mozilla\Firefox\Profiles\s7sq7jj3.Default User\Cache\FFCF6206d01 1/22/2006 3:43 AM 21.79 KB Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Local Settings\Temp\plugtmp 1/22/2006 3:48 AM 0 bytes Visible in directory index, but not Windows API or MFT.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Recent\MSN Messenger.lnk 1/22/2006 3:34 AM 540 bytes Hidden from Windows API.
    C:\Documents and Settings\Layna.RU2K5-Y6BK8X80Q\Recent\tachikoma.lnk 1/22/2006 3:34 AM 722 bytes Hidden from Windows API.
    C:\Program Files\MSN Messenger\tachikoma.jpg 1/22/2006 3:32 AM 47.96 KB Hidden from Windows API.
    C:\WINDOWS\Prefetch\LD7F9E.TMP-13EAB219.pf 1/22/2006 3:39 AM 18.00 KB Hidden from Windows API.
    C:\WINDOWS\system32\1024\ld7F9E.tmp 1/22/2006 3:38 AM 5.68 KB Visible in Windows API, but not in MFT or directory index.
  3. 01-21-2006 07:40 PM #3
    Lyeturia
    Lyeturia is offline
    Member
    Join Date
    Jan 2006
    Posts
    17
    Points
    0

    Default Blacklight Log - No Hidden entries

    *edit* New Blacklight log:

    01/22/06 03:19:50 [Info]: BlackLight Engine 1.0.30 initialized
    01/22/06 03:19:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    01/22/06 03:19:50 [Note]: 7019 4
    01/22/06 03:19:50 [Note]: 7005 0
    01/22/06 03:19:52 [Note]: 7006 0
    01/22/06 03:19:52 [Note]: 7011 1780
    01/22/06 03:19:53 [Note]: FSRAW library version 1.7.1014
    01/22/06 03:20:05 [Note]: 7007 0
  4. 01-21-2006 08:15 PM #4
    Basementgeek
    Basementgeek is offline
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1189

    Default

    Reboot the PC in the Safe Mode

    SAFE MODE:

    safe mode<<< Click Here for instructions

    Check the following files to have HJT fix

    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9C20.tmp

    Press the fixed check button and close HJT program

    Still in the safe mode find and delete the following,if found:

    C:\WINDOWS\system32\hp9C20.tmp...file

    C:\WINDOWS\system32\nvctrl.exe ...file

    Re boot the PC. Let us know if the PC still has a problem.

    Steamwiz will have to adress your other logs.

    BG
  5. 01-21-2006 08:46 PM #5
    Basementgeek
    Basementgeek is offline
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1189

    Default

    It also appears that you are running both Norton and AVG anti virus. Can't do this. Need to select one and delete the other

    BG
  6. 01-21-2006 11:54 PM #6
    Lyeturia
    Lyeturia is offline
    Member
    Join Date
    Jan 2006
    Posts
    17
    Points
    0

    Default

    #1 BMG - I am not running both sets of AVs. The Norton AV stuff listed is for System Works.

    #2 I already did exactly what you suggested 5 times now. The temp file name changes in my sys32 folder, nvctrl returns, mssearchnet.exe won't stay deleted, and folder 1024 keeps returning too. This last time the annoying windows update/stop sign icon appeared in my system tray, even in SafeMode.

    http://www.help2go.com/Tutorials/Pro...Hijackers.html I have installed everything suggested here, and chosen the Zone Alarm firewall.

    I've already installed and run Ewido, and I'm looking over the forums for the latest information. I've even looked through my registry while in SafeMode.

    Thank you for the assistance. Any other suggestions?

    *Edit* I've already tried the removal of the trojan.zlob and have turned off System Restore until this is removed.
  7. 01-22-2006 11:58 AM #7
    Lyeturia
    Lyeturia is offline
    Member
    Join Date
    Jan 2006
    Posts
    17
    Points
    0

    Default

    Okay. I've spent some time and had to manually edit my registry and delete files. There was much google searching involved, and hopefully with the new Zonealarm firewall and other systray things it will help to avoid many problems in the future.

    Ewigo, Hijackthis, AVG were all extremely valuable tools in assisting to relieve me of my problem.

    Hard to believe a girl can edit her own registry huh? =)

    This thread can be closed now. Thank you.
  8. 01-22-2006 01:31 PM #8
    Basementgeek
    Basementgeek is offline
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1189

    Default

    Don't want to close this thread just yet. I will leave it open a few days incase the problem comes back.

    On my comment about Norton/Symantec services: They have so many versions really hard to tell exactly what you have. If you look at your log, you can see how many entries that are Norton/Symantec.

    If you are going to stay with AVG and Zone alarm, I would get rid of every relating to Norton/Symantec. My personal opinion, shared by many here, "Norton" is nothing more than a resources hog. However there are people that like it. I used it for 2 years, then dumped it.

    Every thing you need is available for free, which is all I use, here:

    http://www.help2go.com/article152.html.

    BG
« Previous Thread | Next Thread »