Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31
  1. #1
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default Is my computer infected?

    Hi

    I keep getting the following messages - DEBNTEXT.exe and ATKFMAPI.exe - appilcation failed to initialize properly (0xc0000142) - also I have the hour-glass continually flashing next to my cursor arrow.

    Both the above programs keep asking for permission via Zone Alarm - I keep denying both as I do not know what they are - I have searched on the net and found nothing. I also have a lot of 'unknown programs' showing in Zone Alarm - I have 'killed' all of them. However, a search on any of these programs on my computer finds nothing.

    I am running Win XP Pro SP2 with all updates. I have Zone Alarm Internet Security - I also use Spybot - Adaware and Microsoft Antispyware. I use Norton AV and AVG. All of these are up to date.

    I have just run a housecall scan which found 3 files infected with JAVA. BYTEVER.B (none of my installed programs found this!) and I have removed it - however I still have the same problems.

    Below is what Hijackthis has found - would be grateful for any advice before I go down the reformat route.

    Thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 00:52:00, on 28/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    E:\Program Files\MATCO\BuzzsawService\BuzzSawService.exe
    E:\Program Files\MATCO\DirmsService\DirmsService.exe
    E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    E:\Program Files\AVerTV\QuickTV.exe
    C:\Documents and Settings\Mark\Start Menu\Programs\Startup\BuzzsawGUI.exe
    E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    E:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
    E:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    E:\Documents and Settings\Mark\My Documents\My Received Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: BuzzsawGUI.exe
    O4 - Global Startup: QuickTV.lnk = E:\Program Files\AVerTV\QuickTV.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?300487c110d44c408596875ebe15a82
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?300487c110d44c408596875ebe15a82
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128664673990
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128719275281
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49405A6B-DE07-4B90-877E-ED7ACC4E5D0D}: NameServer = 194.204.152.34 217.98.63.164
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA4EB75-C08D-4FCF-A2C0-4F19B8C565EF}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD4EA10E-9106-4D76-BEF8-10B552B9221C}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Buzzsaw_Defragmentation - MATCO - E:\Program Files\MATCO\BuzzsawService\BuzzSawService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: DirMS_Defragmentation - Unknown owner - E:\Program Files\MATCO\DirmsService\DirmsService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1190

    Default

    Are you in Poland ?

    Also, don't try to run two Anti Virus programs. They will conflict with each other.

    BG

  3. #3
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default

    Yes I am in Poland.

    2 AV Programs is not the problem - I only installed AVG this weekend when my problems started and Norton found nothing - and AVG is configured not to run at start up.

    I keep getting a lot of new (with weird symbols) programs appearing in my firewall, but again when I try to search for them I find nothing.

  4. #4
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default

    situation is getting worse - All scans show nothing, although the detective says there may be malware or spyware.

    I have followed all the instructions on the Help2go detective page and I am now posting my hijack this log as they suggest

    so here is the latest log

    Logfile of HijackThis v1.99.1
    Scan saved at 22:06:49, on 28/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    E:\Program Files\MATCO\BuzzsawService\BuzzSawService.exe
    E:\Program Files\MATCO\DirmsService\DirmsService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe
    E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    E:\Program Files\AVerTV\QuickTV.exe
    E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Documents and Settings\Mark\Start Menu\Programs\Startup\BuzzsawGUI.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    E:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
    E:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    E:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
    E:\Program Files\AVerTV\AVerTV.exe
    E:\Documents and Settings\Mark\My Documents\My Received Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\UTILIT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Utilities\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: BuzzsawGUI.exe
    O4 - Global Startup: QuickTV.lnk = E:\Program Files\AVerTV\QuickTV.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?300487c110d44c408596875ebe15a82
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?300487c110d44c408596875ebe15a82
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128664673990
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128719275281
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37440.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49405A6B-DE07-4B90-877E-ED7ACC4E5D0D}: NameServer = 194.204.152.34 217.98.63.164
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA4EB75-C08D-4FCF-A2C0-4F19B8C565EF}: NameServer = 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD4EA10E-9106-4D76-BEF8-10B552B9221C}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{15454E82-BF78-48B5-B544-5F4B6F071AF6}: NameServer = 127.0.0.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Buzzsaw_Defragmentation - MATCO - E:\Program Files\MATCO\BuzzsawService\BuzzSawService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: DirMS_Defragmentation - Unknown owner - E:\Program Files\MATCO\DirmsService\DirmsService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

  5. #5
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1190

    Default

    I assume you are on some kind of network.

    -Download ewido security suite install, update and run it.
    Please set up as :-

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on update in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful")

    5. You may need to manually update the definitions which you can get HERE

    6. Exit Ewido. DO NOT scan yet.
    boot into safemode...and scan with Ewido

    7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

    8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.
    Important - You need to click "Save report" and Save it to your desktop, or you wont have a log
    reboot

    post a new hijackthis log + the ewido log

    BG

  6. #6
    vidall
    Guest

    Default

    Hello,Also, try running KillSpy (download from my signature), it may be that you just have some fragments left of the infection and it is really good at detecting them.
    _______________

  7. #7
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1190

    Default

    vidall:

    I removed your link as Killspy is considered a "Rogue" program.

    KillSpy killspy.net uses flawed, inadequate detections scheme

    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    BG

  8. #8
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default

    Hi - I am not on any network, I have a home PC - the only connection is to the internet - I do have something called loopback which I had to enable in order to get DIRMs and Buzzsaw services to work.

    I have followed your instructions and here are the reports.

    I have a tremendous amount of programs now showing in my Firewall, and the number seems to be growing - yesterday I was at about 300, today I am up to 580. They all have very very strange titles - mostly some extreme symbols. I am still getting the Appilcation Error messages in relation to ATKFMAPI.exe and DEBNTEXT.exe

    Now up to 583 programs secured for Internet Access according to my Firewall!

    Having checked the Firewall Log I see a program called es with some kind of symbol has repeatedly been blocked along with a host of others.

    Please continue to help if possible - Many thanks

  9. #9
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default

    Have noticed that the number of porgrams secured for Internet Access - now at 611, according to my Firewall only seems to increase when I am connected to the internet. Don't know if this info helps ....

  10. #10
    mef
    mef is offline
    Member mef's Avatar
    Join Date
    Nov 2005
    Posts
    16
    Points
    0

    Default

    Don't know if this info helps - but I have found the following 2 files in the C:\WINDOWS\Prefetch folder

    ATKFMAPI.EXE-0A8BBD7A.pf 15KB

    DEBNTEXT.EXE-15592546.pf 10KB

    These are all that a search turns up, but I am syill getting Application Error messages regarding the 2 .exe mentioned above- making use of the computer difficult and very frustrating due to the frequency of the error messages (estimate 30-40 warnings per minute!)

Page 1 of 4 123 ... LastLast